OPNsense Forum
Archive => 16.7 Legacy Series => Topic started by: tillsense on July 13, 2016, 08:38:07 pm
-
is there a possibility a parent proxy to be deposited with options? an entry by hand in the squid.conf and the restart of the servises were certainly successful. example of this:
cache_peer 10.10.10.10 parent 3128 0 no-query no-digest default
never_direct allow all
would be really coll... great work keep it up
till
-
no chance? possibly an external conf which is read by the squid.conf?
cheers till
-
Hi till,
You can use custom templates in the dev version, for more info see : https://github.com/opnsense/core/issues/802 (https://github.com/opnsense/core/issues/802)
Best regards,
Ad
-
This will also be in 16.1.19 later this week. :)
-
hi,
i'm little confused. Franco wrote 16.1.16? AD wrote dev version... i followed the link. i use 16.7rc2 (release topic). in the announcement of Franco for this "proxy: move ACL parts to separate file and allow pre and post hooks"
i created the file (/core/issues/802) /usr/local/opnsense/service/templates/OPNsense/Proxy/squid.user.post_auth.conf and have the parameters entered, but this does not work.
cheers till
-
Sorry, I meant 16.1.19. I'll edit the posting.
Ad will be back on Friday.
-
i also need to correct. it was my typo in conf. it rocks.
cheers till
-
As it should, cheers! 8)
-
hi,
i'm little confused. Franco wrote 16.1.16? AD wrote dev version... i followed the link. i use 16.7rc2 (release topic). in the announcement of Franco for this "proxy: move ACL parts to separate file and allow pre and post hooks"
i created the file (/core/issues/802) /usr/local/opnsense/service/templates/OPNsense/Proxy/squid.user.post_auth.conf and have the parameters entered, but this does not work.
cheers till
Hello,
I found out about this value that i could add here :
http://www.squid-cache.org/Doc/config/cache_peer/
Specified correct parameters for this parent proxy with "login=user:password" for parent's auth.
However still having issue to browse internet page, on logs i get TCP_MISS/503 4473 GET http://www.google.com/ - HIER_DIRECT ...
This is quite strange since i followed the entire configuration in OPNsense's How-To (Caching Proxy + Transparent Proxy).
Any pointer ?
-
@ Feldunost
can you post your squid.user.post_auth.conf / squid.user.pre_auth.conf / squid.conf?
-
# Added for Parent Proxy auth
cache_peer 192.168.*.* parent 3128 0 no-query no-digest default login=login:password
never_direct allow all
# Configure Local User Authentication helper
auth_param basic program /usr/local/etc/inc/squid.auth-user.php
{% if helpers.exists('OPNsense.proxy.forward.authentication.realm') %}
auth_param basic realm {{OPNsense.proxy.forward.authentication.realm}}
{% endif %}
{% if helpers.exists('OPNsense.proxy.forward.authentication.credentialsttl') %}
auth_param basic credentialsttl {{OPNsense.proxy.forward.authentication.credentialsttl}} hours
{% endif %}
{% if helpers.exists('OPNsense.proxy.forward.authentication.children') %}
auth_param basic children {{OPNsense.proxy.forward.authentication.children}}
{% endif %}
# ACL - Local Authorized Users - local_auth
acl local_auth proxy_auth REQUIRED
Actually it's a Double NAT configuration with double proxy, the endpoint is allowing only http connections for auth.
-
@ Feldunost
what file did you post here?
-
Oh my god i'm stupid ... it's not even thoses files ...
I edited the wrong file in fact ...
So actually i have default files and added theses lines, and it worked like a charm !
My bad again ;D
squid.user.post_auth.conf :
- No file in /OPNsense/Proxy/ - one include in squid.conf -
squid.user.pre_auth.conf :
- No file in /OPNsense/Proxy/ - one include in squid.conf -
squid.conf :
#
# Added for Parent Proxy auth
cache_peer 192.168.*.* parent 3128 0 no-query no-digest default login=login:password
never_direct allow all
Is it normal that i can still access to parent proxy webpage or even internet directly with parent's proxy in browser parameters ?
I added a NAT port forward traffic port 80 to be redirected into 127.0.0.1:3128.
There is a No-Proxy bypass in OPNsense's firewall rules for LAN ...
And still can pass if i specify directly parent's proxy in web browser ... missed something with routing ?
Also, what about PKG trick with this Proxy Parent Auth ? Still has to be specified ?
https://forum.opnsense.org/index.php?topic=3833.0
Actually testing.