Re: [squid-users] How to set Squid for tunneling and authentication with out cache.

From: Chris Robertson <crobertson_at_gci.net>
Date: Fri, 12 Jun 2009 16:04:53 -0800

csampath wrote:
> Hi
>
> This is my first post.
> I am trying to configure the squid smiler to ssl VPN. Struggling for the
> configuration from 2 days.
>
> My requirement is client web requests (HTTP or HTTPS ) should come to squid.
> Squid authenticate the user for the first time (of-course based of the
> client ip) and just redirect the traffic between the client and the server.
> I don't want cache
>
> client)<--------> SQUID<----->Intranet/Internet
> |
> |
> RADIUS SERVER
>
> MY SQUID configuration is as follows (it doesn't serve the purpose) : -
> https_port 10.10.10.11:1443 accel vport vhost protocol=http
> cert=/mi/portalCA/server-cert.pem key=/mi/portalCA/server-key.pem
> acl CONNECT method CONNECT
> acl SSL method CONNECT
> #http_port 10.10.10.11:80 accel vport vhost
>

Set...

http_port 3128

...instead of the above https_port and http_port directives.

> auth_param basic program /usr/local/squid/libexec/squid_radius_auth -f
> /usr/local/squid/etc/squid_radius_conf
> auth_param basic children 5
> auth_param basic realm Web-Proxy
> auth_param basic credentialsttl 120 minute
> auth_param basic casesensitive off
> acl radius-auth proxy_auth REQUIRED
> no_cache deny all
> http_access deny !radius-auth
> http_access allow all
> always_direct allow all
> http_reply_access allow all
> #miss_access allow all
>

Then have your client(s) use 10.10.10.11 port 3128 as a proxy for HTTP
and HTTPS.

>
> When Accessing the SSL request I am getting the following error
> clientNegotiateSSL: Error negotiating SSL connection on FD 17:
> error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request
> (1/-1)
>
> When it authenticates, it is looping . For every request it is asking the
> credentials
> Please advise me with the correct configuration.
> appreciate your support.
>
> Thanks
> -Sampath
>

Chris
Received on Sat Jun 13 2009 - 00:05:07 MDT

This archive was generated by hypermail 2.2.0 : Sat Jun 13 2009 - 12:00:02 MDT