pfSense » pfSense Packages

Nev Secular wrote:

I'm running pfSense 2.2 with squid 3.4.10_2

Want to include my VPN interface in transparent proxy within squid.
squid.conf doesn't seem to treat it correctly.
ovpns1 is assigned as interface 'VPN' without any ipv4/6 configuration (In OPENVPN it's configured as 10.69.0.1)
VPN interface is included in proxy and transparent proxy interfaces within squid conf GUI. (LAN is also included and configured as 192.168.0.1)

squid.conf shows the following:

http_port 192.168.0.1:3128 <--- LAN
http_port 10.69.0.1:3128 <--- VPN

acl localnet src 192.168.0.0/24 0.0.0.0/NAN <--- first ip address is correct but not sure what second address is 0.0.0.0/NAN??

So browsing via VPN interface fails.

If I manually change the line from:
acl localnet src 192.168.0.0/24 0.0.0.0/NAN
to
acl localnet src 192.168.0.0/24 10.69.0.0/28

then transparent proxy browsing via VPN interface works

Patches welcome. When there's no IP, there's no IP. Relevant code here:

https://github.com/pfsense/pfsense-packages/blob/master/config/squid3/34/squid.inc#L1228

https://github.com/pfsense/pfsense-packages/pull/1181 - this will simply ignore invalid subnets and omit those from the ACL.

Fixed in 0.4.4 - invalid subnets are ignored and not added to the localnet ACL, error logged in System Logs - General.