twd wrote:
> The HQ office network is behind a Linux appliance running Squid in
> transparent mode. All filtering / usage policies are enforced via
> Dansguardian & Squid.
>
> When users go on the road with laptops, all usage should still go through
> the Squid proxy back at the HQ. So I put the proxy settings in the browsers,
> lock the the settings so employees can't change them, and all works well,
> UNTIL the laptop is outside the LAN.
>
> Then I get a Squid proxy error unless I add an ACL of the public IP of the
> laptop.
>
> acl twdlaptop src ##.##.##
> http_access allow twdlaptop
>
> Then everything works just peachy, except that the IP address of the laptop
> on the road necessarily changes. Is there a more flexible way to allow road
> warriors to use the HQ proxy? I thought of using OpenVPN, but I'd like a
> solution for laptops & Windows Mobile Phones as well, although laptops are
> the more current issue.
Authentication was created for exactly this purpose.
With explicitly set proxy settings in the browsers, there is no reason
why you can't allow them to login to the proxy when they are on the
road. Or even at HQ.
Note that by entering the proxy settings in the browsers you are no
longer using "transparent mode".
Assuming by "transparent" you actually mean "NAT intercepting" you
should of course have Squid listening on one port for the intercepted
requests (authentication not possible) and another for the configured
browsers (authentication possible).
Amos
-- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18 Current Beta Squid 3.1.0.13Received on Wed Aug 19 2009 - 01:35:58 MDT
This archive was generated by hypermail 2.2.0 : Wed Aug 19 2009 - 12:00:04 MDT