Search squid archive

Re: How to set Squid for tunneling and authentication with out cache.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Chris Robertson wrote:
csampath wrote:
Hi

This is my first post. I am trying to configure the squid smiler to ssl VPN. Struggling for the
configuration from 2 days.
My requirement is client web requests (HTTP or HTTPS ) should come to squid.
Squid authenticate the user for the first time (of-course based of the
client ip) and just redirect the traffic between the client and the server.
I don't want cache

client)<--------> SQUID<----->Intranet/Internet                       |
                      |
        RADIUS SERVER

MY SQUID configuration is as follows (it doesn't serve the purpose) : -
https_port 10.10.10.11:1443 accel vport vhost protocol=http
cert=/mi/portalCA/server-cert.pem key=/mi/portalCA/server-key.pem
acl CONNECT method CONNECT
acl SSL method CONNECT
#http_port 10.10.10.11:80 accel vport vhost

Set...

http_port 3128

...instead of the above https_port and http_port directives.

auth_param basic program /usr/local/squid/libexec/squid_radius_auth -f /usr/local/squid/etc/squid_radius_conf
auth_param basic children 5
auth_param basic realm Web-Proxy
auth_param basic credentialsttl 120  minute
auth_param basic casesensitive off
acl radius-auth proxy_auth REQUIRED
no_cache deny all

... also "no_cache" is obsolete. Write that as simply "cache deny all" which means don't store anything. As you stated one of your requirements.

http_access deny !radius-auth
http_access allow all
always_direct allow all
http_reply_access allow all
#miss_access allow all

Then have your client(s) use 10.10.10.11 port 3128 as a proxy for HTTP and HTTPS.


When Accessing the SSL request I am getting the following error
clientNegotiateSSL: Error negotiating SSL connection on FD 17:
error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request
(1/-1)

When it authenticates, it is looping . For every request it is asking the
credentials
Please advise me with the correct configuration. appreciate your support.
Thanks
-Sampath

Chris

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE6 or 3.0.STABLE15
  Current Beta Squid 3.1.0.8 or 3.0.STABLE16-RC1

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux