Re: [squid-users] Squid transparent proxy + VPN problem

From: Mark Elsen <mark.elsen@dont-contact.us>
Date: Thu, 23 Feb 2006 17:44:14 +0100

>
> I can't decide if this is a squid problem or an iptables problem, so I'm
> asking here in case someone can point me in the right direction.
>
> -----------------------------
> Software/Environment details:
> -----------------------------
>
> jekyl:/home/david# uname -a
> Linux jekyl 2.4.27-2-686 #1 Wed Aug 17 10:34:09 UTC 2005 i686 GNU/Linux
>
> jekyl:/home/david# iptables --version
> iptables v1.2.11
>
> jekyl:/home/david# squid -v
> Squid Cache: Version 2.5.STABLE9
> configure options: --prefix=/usr --exec_prefix=/usr --bindir=/usr/sbin --sbindir=/usr/sbin --libexecdir=/usr/lib/squid --sysconfdir=/etc/squid --localstatedir=/var/spool/squid --datadir=/usr/share/squid --enable-async-io --with-pthreads --enable-storeio=ufs,aufs,diskd,null --enable-linux-netfilter --enable-arp-acl --enable-removal-policies=lru,heap --enable-snmp --enable-delay-pools --enable-htcp --enable-poll --enable-cache-digests --enable-underscores --enable-referer-log --enable-useragent-log --enable-auth=basic,digest,ntlm --enable-carp --with-large-files i386-debian-linux
>
> jekyl:/home/david# cat /etc/debian_version
> 3.1
>
> --------------------------
> Issue/action Description
> --------------------------
>
> I am attempting to do transparent HTTP proxying with squid. This works
> fine for traffic flowing in over individual interfaces, but not for
> traffic arriving over a VPN (the proxy server is also a VPN gateway).
>
> Tracking packets using logging rules, it seems that the packets are
> getting redirected, and even accepted, but are not arriving in userland,
> or squid is dropping the requests. I can see no indication in the squid
> logs that it is recieving the requests - no corresponding entries in
> access.log or cache.log. The proxy can be accessed directly in all
> cases, but not transparently via the VPN.
>
> In squid.conf i've got:
>...

http://squidwiki.kinkie.it/SquidFaq/InterceptionProxy?highlight=%28intercept%29#head-1cf13b27d5a6f8c523a4582d38a8cfaaacafb896

Especially the item concerning MTU will probably haunt you, in this case and
there's no woraround for that.

M.
Received on Thu Feb 23 2006 - 09:44:19 MST

This archive was generated by hypermail pre-2.1.9 : Wed Mar 01 2006 - 12:00:04 MST