Squid revealing real public IP in OpenVPN - Solved



  • I recently setup a pfSense 2.3 box to play with.  I've got it setup with two VLANs: VLAN40 for "normal" traffic and VLAN20 with VPN traffic (AirVPN in this case).  All client traffic on VLAN40 (non-VPN) goes straight out the WAN interface.  All client traffic on VLAN20 (VPN) goes out the VPN gateway.  Everything is working great and as expected.  Checking various sites to test which IP is being revealed shows my real IP coming from VLAN40 (non-VPN) and my VPN IP when coming from VLAN20 (VPN).

    I then added Squid to do some web filter and ad blocking.  Everything is working and it is filtering traffic as expected, but now I have an issue with my real IP showing up on the VLAN20 (VPN).  It is strange because some sites (ipleak.net for example) see the VPN IP while others (whatismyip.com and ipleak.com) see my real IP address while on the VPN.  If I disable Squid, all of these sites report my VPN IP.  As soon as I re-enable Squid, the real IP starts to show up again.

    I've tried clearing the Squid cache, but that had no impact.  I've verified with the VPN provider that I am actually connected to their server.  I've verified that WebRTC is disabled in my browser.

    Has anyone run into this before?  Any ideas on what would cause this behavior?



  • Select X-forwaded header mode: Delete to solve this issue.
    Also disable VIA header.

    And then you need to make sure the firewall has its default gateway set to the airVPN interface, else squid will pipe its outgoing traffic through standard WAN.



  • Perfect!  That solved the issue.  Thank you!


Log in to reply