Re: [squid-users] How to set Squid for tunneling and authentication with out cache.

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 13 Jun 2009 12:09:42 +1200

Chris Robertson wrote:
> csampath wrote:
>> Hi
>>
>> This is my first post. I am trying to configure the squid smiler to
>> ssl VPN. Struggling for the
>> configuration from 2 days.
>> My requirement is client web requests (HTTP or HTTPS ) should come to
>> squid.
>> Squid authenticate the user for the first time (of-course based of the
>> client ip) and just redirect the traffic between the client and the
>> server.
>> I don't want cache
>>
>> client)<--------> SQUID<----->Intranet/Internet |
>> |
>> RADIUS SERVER
>>
>> MY SQUID configuration is as follows (it doesn't serve the purpose) : -
>> https_port 10.10.10.11:1443 accel vport vhost protocol=http
>> cert=/mi/portalCA/server-cert.pem key=/mi/portalCA/server-key.pem
>> acl CONNECT method CONNECT
>> acl SSL method CONNECT
>> #http_port 10.10.10.11:80 accel vport vhost
>>
>
> Set...
>
> http_port 3128
>
> ...instead of the above https_port and http_port directives.
>
>> auth_param basic program /usr/local/squid/libexec/squid_radius_auth -f
>> /usr/local/squid/etc/squid_radius_conf
>> auth_param basic children 5
>> auth_param basic realm Web-Proxy
>> auth_param basic credentialsttl 120 minute
>> auth_param basic casesensitive off
>> acl radius-auth proxy_auth REQUIRED
>> no_cache deny all

... also "no_cache" is obsolete. Write that as simply "cache deny all"
which means don't store anything. As you stated one of your requirements.

>> http_access deny !radius-auth
>> http_access allow all
>> always_direct allow all
>> http_reply_access allow all
>> #miss_access allow all
>>
>
> Then have your client(s) use 10.10.10.11 port 3128 as a proxy for HTTP
> and HTTPS.
>
>>
>> When Accessing the SSL request I am getting the following error
>> clientNegotiateSSL: Error negotiating SSL connection on FD 17:
>> error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request
>> (1/-1)
>>
>> When it authenticates, it is looping . For every request it is asking the
>> credentials
>> Please advise me with the correct configuration. appreciate your support.
>> Thanks
>> -Sampath
>>
>
> Chris

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE15
   Current Beta Squid 3.1.0.8 or 3.0.STABLE16-RC1
Received on Sat Jun 13 2009 - 00:09:47 MDT

This archive was generated by hypermail 2.2.0 : Sat Jun 13 2009 - 12:00:02 MDT