Author Topic: [SOLVED] Squid Parent Proxy (Read 8632 times)

tillsense · « **on:** July 13, 2016, 08:38:07 pm »

is there a possibility a parent proxy to be deposited with options? an entry by hand in the squid.conf and the restart of the servises were certainly successful. example of this:

Code: [Select]

cache_peer 10.10.10.10 parent 3128 0 no-query no-digest default
never_direct allow all

would be really coll... great work keep it up
till

tillsense · « **Reply #1 on:** July 19, 2016, 06:49:47 pm »

no chance? possibly an external conf which is read by the squid.conf?

cheers till

AdSchellevis · « **Reply #2 on:** July 19, 2016, 09:21:32 pm »

Hi till,

You can use custom templates in the dev version, for more info see : https://github.com/opnsense/core/issues/802

Best regards,

Ad

franco · « **Reply #3 on:** July 19, 2016, 11:53:01 pm »

This will also be in 16.1.19 later this week.

tillsense · « **Reply #4 on:** July 20, 2016, 07:23:19 pm »

hi,

i'm little confused. Franco wrote 16.1.16? AD wrote dev version... i followed the link. i use 16.7rc2 (release topic). in the announcement of Franco for this "proxy: move ACL parts to separate file and allow pre and post hooks"
i created the file (/core/issues/802) /usr/local/opnsense/service/templates/OPNsense/Proxy/squid.user.post_auth.conf and have the parameters entered, but this does not work.

cheers till

franco · « **Reply #5 on:** July 21, 2016, 09:26:20 am »

Sorry, I meant 16.1.19. I'll edit the posting.

Ad will be back on Friday.

tillsense · « **Reply #6 on:** July 21, 2016, 07:11:06 pm »

i also need to correct. it was my typo in conf. it rocks.

cheers till

franco · « **Reply #7 on:** July 21, 2016, 07:52:40 pm »

As it should, cheers!

Feldunost · « **Reply #8 on:** December 06, 2016, 03:27:26 pm »

Quote from: tillsense on July 20, 2016, 07:23:19 pm

hi,

i'm little confused. Franco wrote 16.1.16? AD wrote dev version... i followed the link. i use 16.7rc2 (release topic). in the announcement of Franco for this "proxy: move ACL parts to separate file and allow pre and post hooks"
i created the file (/core/issues/802) /usr/local/opnsense/service/templates/OPNsense/Proxy/squid.user.post_auth.conf and have the parameters entered, but this does not work.

cheers till

Hello,

I found out about this value that i could add here :
http://www.squid-cache.org/Doc/config/cache_peer/
Specified correct parameters for this parent proxy with "login=user:password" for parent's auth.

However still having issue to browse internet page, on logs i get TCP_MISS/503 4473 GET http://www.google.com/ - HIER_DIRECT ...

This is quite strange since i followed the entire configuration in OPNsense's How-To (Caching Proxy + Transparent Proxy).

Any pointer ?

tillsense · « **Reply #9 on:** December 06, 2016, 07:00:02 pm »

@ Feldunost

can you post your squid.user.post_auth.conf / squid.user.pre_auth.conf / squid.conf?

Feldunost · « **Reply #10 on:** December 07, 2016, 09:31:23 am »

Quote

# Added for Parent Proxy auth
cache_peer 192.168.*.* parent 3128 0 no-query no-digest default login=login:password
never_direct allow all
# Configure Local User Authentication helper
auth_param basic program /usr/local/etc/inc/squid.auth-user.php
{% if helpers.exists('OPNsense.proxy.forward.authentication.realm') %}
auth_param basic realm {{OPNsense.proxy.forward.authentication.realm}}
{% endif %}
{% if helpers.exists('OPNsense.proxy.forward.authentication.credentialsttl') %}
auth_param basic credentialsttl {{OPNsense.proxy.forward.authentication.credentialsttl}} hours
{% endif %}
{% if helpers.exists('OPNsense.proxy.forward.authentication.children') %}
auth_param basic children {{OPNsense.proxy.forward.authentication.children}}
{% endif %}
# ACL - Local Authorized Users - local_auth
acl local_auth proxy_auth REQUIRED

Actually it's a Double NAT configuration with double proxy, the endpoint is allowing only http connections for auth.

tillsense · « **Reply #11 on:** December 07, 2016, 06:06:14 pm »

@ Feldunost

what file did you post here?

Feldunost · « **Reply #12 on:** December 08, 2016, 03:01:22 pm »

Oh my god i'm stupid ... it's not even thoses files ...
I edited the wrong file in fact ...

So actually i have default files and added theses lines, and it worked like a charm !
My bad again

squid.user.post_auth.conf :
- No file in /OPNsense/Proxy/ - one include in squid.conf -

squid.user.pre_auth.conf :
- No file in /OPNsense/Proxy/ - one include in squid.conf -

squid.conf :

Quote

#
# Added for Parent Proxy auth
cache_peer 192.168.*.* parent 3128 0 no-query no-digest default login=login:password
never_direct allow all

Is it normal that i can still access to parent proxy webpage or even internet directly with parent's proxy in browser parameters ?
I added a NAT port forward traffic port 80 to be redirected into 127.0.0.1:3128.
There is a No-Proxy bypass in OPNsense's firewall rules for LAN ...

And still can pass if i specify directly parent's proxy in web browser ... missed something with routing ?

Also, what about PKG trick with this Proxy Parent Auth ? Still has to be specified ?
https://forum.opnsense.org/index.php?topic=3833.0

Actually testing.

Author Topic: [SOLVED] Squid Parent Proxy (Read 8632 times)

tillsense

[SOLVED] Squid Parent Proxy

tillsense

Re: Squid Parent Proxy

AdSchellevis

Re: Squid Parent Proxy

franco

Re: Squid Parent Proxy

tillsense

Re: Squid Parent Proxy

franco

Re: Squid Parent Proxy

tillsense

Re: Squid Parent Proxy

franco

Re: Squid Parent Proxy

Feldunost

Re: Squid Parent Proxy

tillsense

Re: [SOLVED] Squid Parent Proxy

Feldunost

Re: [SOLVED] Squid Parent Proxy

tillsense

Re: [SOLVED] Squid Parent Proxy

Feldunost

Re: [SOLVED] Squid Parent Proxy