OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 16.7 Legacy Series »
  • [SOLVED] Squid Parent Proxy
« previous next »
  • Print
Pages: [1]

Author Topic: [SOLVED] Squid Parent Proxy  (Read 10948 times)

tillsense

  • Sr. Member
  • ****
  • Posts: 308
  • Karma: 48
    • View Profile
[SOLVED] Squid Parent Proxy
« on: July 13, 2016, 08:38:07 pm »
is there a possibility a parent proxy to be deposited with options? an entry by hand in the squid.conf and the restart of the servises were certainly successful. example of this:

Code: [Select]
cache_peer 10.10.10.10 parent 3128 0 no-query no-digest default
never_direct allow all

would be really coll... great work keep it up
till
« Last Edit: July 21, 2016, 07:52:53 pm by franco »
Logged

tillsense

  • Sr. Member
  • ****
  • Posts: 308
  • Karma: 48
    • View Profile
Re: Squid Parent Proxy
« Reply #1 on: July 19, 2016, 06:49:47 pm »
no chance? possibly an external conf which is read by the squid.conf?

cheers till
Logged

AdSchellevis

  • Administrator
  • Hero Member
  • *****
  • Posts: 849
  • Karma: 163
    • View Profile
Re: Squid Parent Proxy
« Reply #2 on: July 19, 2016, 09:21:32 pm »
Hi till,

You can use custom templates in the dev version, for more info see : https://github.com/opnsense/core/issues/802

Best regards,

Ad
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13633
  • Karma: 1174
    • View Profile
Re: Squid Parent Proxy
« Reply #3 on: July 19, 2016, 11:53:01 pm »
This will also be in 16.1.19 later this week. :)
« Last Edit: July 21, 2016, 09:26:45 am by franco »
Logged

tillsense

  • Sr. Member
  • ****
  • Posts: 308
  • Karma: 48
    • View Profile
Re: Squid Parent Proxy
« Reply #4 on: July 20, 2016, 07:23:19 pm »
hi,

i'm little confused. Franco wrote 16.1.16? AD wrote dev version... i followed the link. i use 16.7rc2 (release topic). in the announcement of Franco for this "proxy: move ACL parts to separate file and allow pre and post hooks"
i created the file (/core/issues/802) /usr/local/opnsense/service/templates/OPNsense/Proxy/squid.user.post_auth.conf and have the parameters entered, but this does not work.

cheers till
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13633
  • Karma: 1174
    • View Profile
Re: Squid Parent Proxy
« Reply #5 on: July 21, 2016, 09:26:20 am »
Sorry, I meant 16.1.19. I'll edit the posting.

Ad will be back on Friday.
Logged

tillsense

  • Sr. Member
  • ****
  • Posts: 308
  • Karma: 48
    • View Profile
Re: Squid Parent Proxy
« Reply #6 on: July 21, 2016, 07:11:06 pm »
i also need to correct. it was my typo in conf. it rocks.

cheers till
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13633
  • Karma: 1174
    • View Profile
Re: Squid Parent Proxy
« Reply #7 on: July 21, 2016, 07:52:40 pm »
As it should, cheers! 8)
Logged

Feldunost

  • Newbie
  • *
  • Posts: 11
  • Karma: 1
    • View Profile
Re: Squid Parent Proxy
« Reply #8 on: December 06, 2016, 03:27:26 pm »
Quote from: tillsense on July 20, 2016, 07:23:19 pm
hi,

i'm little confused. Franco wrote 16.1.16? AD wrote dev version... i followed the link. i use 16.7rc2 (release topic). in the announcement of Franco for this "proxy: move ACL parts to separate file and allow pre and post hooks"
i created the file (/core/issues/802) /usr/local/opnsense/service/templates/OPNsense/Proxy/squid.user.post_auth.conf and have the parameters entered, but this does not work.

cheers till


Hello,

I found out about this value that i could add here :
http://www.squid-cache.org/Doc/config/cache_peer/
Specified correct parameters for this parent proxy with "login=user:password" for parent's auth.

However still having issue to browse internet page, on logs i get TCP_MISS/503 4473 GET http://www.google.com/ - HIER_DIRECT ...

This is quite strange since i followed the entire configuration in OPNsense's How-To (Caching Proxy + Transparent Proxy).

Any pointer ?


« Last Edit: December 06, 2016, 06:00:06 pm by Feldunost »
Logged

tillsense

  • Sr. Member
  • ****
  • Posts: 308
  • Karma: 48
    • View Profile
Re: [SOLVED] Squid Parent Proxy
« Reply #9 on: December 06, 2016, 07:00:02 pm »
@ Feldunost

can you post your squid.user.post_auth.conf / squid.user.pre_auth.conf / squid.conf?
Logged

Feldunost

  • Newbie
  • *
  • Posts: 11
  • Karma: 1
    • View Profile
Re: [SOLVED] Squid Parent Proxy
« Reply #10 on: December 07, 2016, 09:31:23 am »
Quote
# Added for Parent Proxy auth
cache_peer 192.168.*.* parent 3128 0 no-query no-digest default login=login:password
never_direct allow all
# Configure Local User Authentication helper
auth_param basic program /usr/local/etc/inc/squid.auth-user.php
{% if helpers.exists('OPNsense.proxy.forward.authentication.realm') %}
auth_param basic realm {{OPNsense.proxy.forward.authentication.realm}}
{% endif %}
{% if helpers.exists('OPNsense.proxy.forward.authentication.credentialsttl') %}
auth_param basic credentialsttl {{OPNsense.proxy.forward.authentication.credentialsttl}} hours
{% endif %}
{% if helpers.exists('OPNsense.proxy.forward.authentication.children') %}
auth_param basic children {{OPNsense.proxy.forward.authentication.children}}
{% endif %}
# ACL - Local Authorized Users - local_auth
acl local_auth proxy_auth REQUIRED


Actually it's a Double NAT configuration with double proxy, the endpoint is allowing only http connections for auth.
« Last Edit: December 07, 2016, 09:47:20 am by Feldunost »
Logged

tillsense

  • Sr. Member
  • ****
  • Posts: 308
  • Karma: 48
    • View Profile
Re: [SOLVED] Squid Parent Proxy
« Reply #11 on: December 07, 2016, 06:06:14 pm »
@ Feldunost

what file did you post here?
Logged

Feldunost

  • Newbie
  • *
  • Posts: 11
  • Karma: 1
    • View Profile
Re: [SOLVED] Squid Parent Proxy
« Reply #12 on: December 08, 2016, 03:01:22 pm »
Oh my god i'm stupid ... it's not even thoses files ...
I edited the wrong file in fact ...

So actually i have default files and added theses lines, and it worked like a charm !
My bad again ;D


squid.user.post_auth.conf :
- No file in /OPNsense/Proxy/ - one include in squid.conf -

squid.user.pre_auth.conf :
- No file in /OPNsense/Proxy/ - one include in squid.conf -

squid.conf :
Quote
#
# Added for Parent Proxy auth
cache_peer 192.168.*.* parent 3128 0 no-query no-digest default login=login:password
never_direct allow all



Is it normal that i can still access to parent proxy webpage or even internet directly with parent's proxy in browser parameters ?
I added a NAT port forward traffic port 80 to be redirected into 127.0.0.1:3128.
There is a No-Proxy bypass in OPNsense's firewall rules for LAN ...

And still can pass if i specify directly parent's proxy in web browser ... missed something with routing ?



Also, what about PKG trick with this Proxy Parent Auth ? Still has to be specified ?
https://forum.opnsense.org/index.php?topic=3833.0

Actually testing.
« Last Edit: December 09, 2016, 10:19:17 am by Feldunost »
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 16.7 Legacy Series »
  • [SOLVED] Squid Parent Proxy
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2