Chris Robertson wrote:
csampath wrote:
Hi
This is my first post. I am trying to configure the squid smiler to
ssl VPN. Struggling for the
configuration from 2 days.
My requirement is client web requests (HTTP or HTTPS ) should come to
squid.
Squid authenticate the user for the first time (of-course based of the
client ip) and just redirect the traffic between the client and the
server.
I don't want cache
client)<--------> SQUID<----->Intranet/Internet |
|
RADIUS SERVER
MY SQUID configuration is as follows (it doesn't serve the purpose) : -
https_port 10.10.10.11:1443 accel vport vhost protocol=http
cert=/mi/portalCA/server-cert.pem key=/mi/portalCA/server-key.pem
acl CONNECT method CONNECT
acl SSL method CONNECT
#http_port 10.10.10.11:80 accel vport vhost
Set...
http_port 3128
...instead of the above https_port and http_port directives.
auth_param basic program /usr/local/squid/libexec/squid_radius_auth -f
/usr/local/squid/etc/squid_radius_conf
auth_param basic children 5
auth_param basic realm Web-Proxy
auth_param basic credentialsttl 120 minute
auth_param basic casesensitive off
acl radius-auth proxy_auth REQUIRED
no_cache deny all
... also "no_cache" is obsolete. Write that as simply "cache deny all"
which means don't store anything. As you stated one of your requirements.
http_access deny !radius-auth
http_access allow all
always_direct allow all
http_reply_access allow all
#miss_access allow all
Then have your client(s) use 10.10.10.11 port 3128 as a proxy for HTTP
and HTTPS.
When Accessing the SSL request I am getting the following error
clientNegotiateSSL: Error negotiating SSL connection on FD 17:
error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request
(1/-1)
When it authenticates, it is looping . For every request it is asking the
credentials
Please advise me with the correct configuration. appreciate your support.
Thanks
-Sampath
Chris
Amos
--
Please be using
Current Stable Squid 2.7.STABLE6 or 3.0.STABLE15
Current Beta Squid 3.1.0.8 or 3.0.STABLE16-RC1
