2

So what I'm trying to do is have a Squid Proxy run on 1 machine along side a VPN connection. What I want to happen is all traffic running though the Squad Proxy would run though the VPN for its outbound. ie Desktop -> (Squid Proxy -> VPN)

The goal is to allow my desktop selective tunneling through the VPN. So that Instant Messaging and the like that do not need to run through the VPN can go through my normal traffic. Typically I would go though a SSH Proxy but currently am forced to use VPN to gain entry into the office, and a Squid proxy seemed like it might work out the easiest for what I am needing.

EDIT> Realize I forgot to actually state what problem I'm running into. I have the Squid setup and verified it works, but once I connect to the VPN. All requests to Squid get accepted but Squid is unable to make the request over the VPN. So the client ends up just sitting there.

  • If you know the local address for the tunnel you could try setting `tcp_outgoing_address` to it in squid.conf – Brian Jul 25 '15 at 00:53

4 Answers4

0

Well, some additional info required:

  1. log in to your squid/vpn box. Turn on vpn. Are you able to reach any external address? Are you able to reach vpn endpoint and vpn endpoint's network?

  2. What kind is this vpn (openvpn/pptp/etc)?

  3. What routing table looks like before and after turning on vpn? In linux, you could pring routing table using /sbin/route -n or ip route show

rvs
  • 4,125
  • 1
  • 27
  • 31
0

Looks like a routing issue. When you connect to VPN, default gateway may be not changed automatically.

Dmitriusan
  • 367
  • 3
  • 15
0

I do something similar. I do it using two pieces:

$ cat bin/openproxy
#!/bin/bash
ssh -C -o ServerAliveInterval=150 -L 3128:proxy:3128 gateway.company.com

Then in Firefox, I use FoxyProxy to use localhost:3128 as a proxy for machines in *.company.com.

This works for pretty much everything that I need.

Is this what you're trying to do?

MikeyB
  • 39,291
  • 10
  • 105
  • 189
  • Thats pretty close to what I'm trying to pull off. The only difference is I have to use VPN instead of SSH. Which sucks. And instead of just the localhost being able to connect though the VPN. I want all my desktops in the house to be able to connect to the Squid to get into the VPN. But having a bit of a problem with the Squid to run over the VPN. The idea came about that my primary desktop is a Ubuntu Machine, and the VPN requires CheckPoint VPN-1 Client. As some will notice CheckPoint is not very Linux friendly and doesn't put out a Ubuntu client. So I have a Mac Mini running the VPN/Squid –  Dec 08 '09 at 14:53
  • 1
    Ah - it sounds as though you want to route all traffic leaving your dedicated machine through your VPN connection? In that case, just have your VPN client set the default gateway to be the VPN connection. – MikeyB Dec 08 '09 at 19:12
0

This may be a bit more complex than the original question but I am trying to do the same thing with Squid where I already have a VPN tunnel set up for Transmission traffic and but admin traffic for the http UI that manages Transmission is reverse proxied by Nginx so that it is accessible by hosts on the same LAN. This is a "split tunnel" approach because I only want certain apps to use the tunnel and other not to, so I have iptables rules as well as routes to facilitate this by taking traffic from the user Transmission uses and routes that traffic to tun1, the VPN virtual NIC, but when the VPN is down, no traffic is sent as a safety precaution.

I want to apply the same principle to a Squid proxy on this same host but in this case add the user Squid runs as (proxy) to behave in the same way. I believe I can reverse proxy traffic from web browsers which will forward proxy traffic to Squid which will among other things forward traffic over the VPN tunnel. I am not exactly sure how this will work but I have some possible approaches.

For more details of what I am trying, take a look at my Reddit post. I will update this answer (since it actually leaves you with more questions than answers as it stands) so this is actually useful for someone trying to do the same thing!

Darf Nader
  • 101
  • 1