[SOLVED] Squid Parent Proxy

Started by tillsense, July 13, 2016, 08:38:07 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 13, 2016, 08:38:07 PM Last Edit: July 21, 2016, 07:52:53 PM by franco
is there a possibility a parent proxy to be deposited with options? an entry by hand in the squid.conf and the restart of the servises were certainly successful. example of this:

Code Select
cache_peer 10.10.10.10 parent 3128 0 no-query no-digest default
never_direct allow all


would be really coll... great work keep it up
till
July 19, 2016, 06:49:47 PM #1
no chance? possibly an external conf which is read by the squid.conf?

cheers till
July 19, 2016, 09:21:32 PM #2
Hi till,

You can use custom templates in the dev version, for more info see : https://github.com/opnsense/core/issues/802

Best regards,

Ad
July 19, 2016, 11:53:01 PM #3 Last Edit: July 21, 2016, 09:26:45 AM by franco
This will also be in 16.1.19 later this week. :)
July 20, 2016, 07:23:19 PM #4
hi,

i'm little confused. Franco wrote 16.1.16? AD wrote dev version... i followed the link. i use 16.7rc2 (release topic). in the announcement of Franco for this "proxy: move ACL parts to separate file and allow pre and post hooks"
i created the file (/core/issues/802) /usr/local/opnsense/service/templates/OPNsense/Proxy/squid.user.post_auth.conf and have the parameters entered, but this does not work.

cheers till
July 21, 2016, 09:26:20 AM #5
Sorry, I meant 16.1.19. I'll edit the posting.

Ad will be back on Friday.
July 21, 2016, 07:11:06 PM #6
i also need to correct. it was my typo in conf. it rocks.

cheers till
July 21, 2016, 07:52:40 PM #7
As it should, cheers! 8)
December 06, 2016, 03:27:26 PM #8 Last Edit: December 06, 2016, 06:00:06 PM by Feldunost
Quote from: tillsense on July 20, 2016, 07:23:19 PM
hi,

i'm little confused. Franco wrote 16.1.16? AD wrote dev version... i followed the link. i use 16.7rc2 (release topic). in the announcement of Franco for this "proxy: move ACL parts to separate file and allow pre and post hooks"
i created the file (/core/issues/802) /usr/local/opnsense/service/templates/OPNsense/Proxy/squid.user.post_auth.conf and have the parameters entered, but this does not work.

cheers till


Hello,

I found out about this value that i could add here :
http://www.squid-cache.org/Doc/config/cache_peer/
Specified correct parameters for this parent proxy with "login=user:password" for parent's auth.

However still having issue to browse internet page, on logs i get TCP_MISS/503 4473 GET http://www.google.com/ - HIER_DIRECT ...

This is quite strange since i followed the entire configuration in OPNsense's How-To (Caching Proxy + Transparent Proxy).

Any pointer ?


December 06, 2016, 07:00:02 PM #9
@ Feldunost

can you post your squid.user.post_auth.conf / squid.user.pre_auth.conf / squid.conf?
December 07, 2016, 09:31:23 AM #10 Last Edit: December 07, 2016, 09:47:20 AM by Feldunost
Quote# Added for Parent Proxy auth
cache_peer 192.168.*.* parent 3128 0 no-query no-digest default login=login:password
never_direct allow all
# Configure Local User Authentication helper
auth_param basic program /usr/local/etc/inc/squid.auth-user.php
{% if helpers.exists('OPNsense.proxy.forward.authentication.realm') %}
auth_param basic realm {{OPNsense.proxy.forward.authentication.realm}}
{% endif %}
{% if helpers.exists('OPNsense.proxy.forward.authentication.credentialsttl') %}
auth_param basic credentialsttl {{OPNsense.proxy.forward.authentication.credentialsttl}} hours
{% endif %}
{% if helpers.exists('OPNsense.proxy.forward.authentication.children') %}
auth_param basic children {{OPNsense.proxy.forward.authentication.children}}
{% endif %}
# ACL - Local Authorized Users - local_auth
acl local_auth proxy_auth REQUIRED


Actually it's a Double NAT configuration with double proxy, the endpoint is allowing only http connections for auth.
December 07, 2016, 06:06:14 PM #11
@ Feldunost

what file did you post here?
December 08, 2016, 03:01:22 PM #12 Last Edit: December 09, 2016, 10:19:17 AM by Feldunost
Oh my god i'm stupid ... it's not even thoses files ...
I edited the wrong file in fact ...

So actually i have default files and added theses lines, and it worked like a charm !
My bad again ;D


squid.user.post_auth.conf :
- No file in /OPNsense/Proxy/ - one include in squid.conf -

squid.user.pre_auth.conf :
- No file in /OPNsense/Proxy/ - one include in squid.conf -

squid.conf :
Quote#
# Added for Parent Proxy auth
cache_peer 192.168.*.* parent 3128 0 no-query no-digest default login=login:password
never_direct allow all



Is it normal that i can still access to parent proxy webpage or even internet directly with parent's proxy in browser parameters ?
I added a NAT port forward traffic port 80 to be redirected into 127.0.0.1:3128.
There is a No-Proxy bypass in OPNsense's firewall rules for LAN ...

And still can pass if i specify directly parent's proxy in web browser ... missed something with routing ?



Also, what about PKG trick with this Proxy Parent Auth ? Still has to be specified ?
https://forum.opnsense.org/index.php?topic=3833.0

Actually testing.
Print
Go Up Pages1
User actions