Search squid archive

Re: Laptops/Mobile Phones using Squid on the road

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



twd wrote:
The HQ office network is behind a Linux appliance running Squid in
transparent mode. All filtering / usage policies are enforced via
Dansguardian & Squid.

When users go on the road with laptops, all usage should still go through
the Squid proxy back at the HQ. So I put the proxy settings in the browsers,
lock the the settings so employees can't change them, and all works well,
UNTIL the laptop is outside the LAN.

Then I get a Squid proxy error unless I add an ACL of the public IP of the
laptop.

acl twdlaptop src ##.##.##
http_access allow twdlaptop
Then everything works just peachy, except that the IP address of the laptop
on the road necessarily changes. Is there a more flexible way to allow road
warriors to use the HQ proxy? I thought of using OpenVPN, but I'd like a
solution for laptops & Windows Mobile Phones as well, although laptops are
the more current issue.

Authentication was created for exactly this purpose.

With explicitly set proxy settings in the browsers, there is no reason why you can't allow them to login to the proxy when they are on the road. Or even at HQ.

Note that by entering the proxy settings in the browsers you are no longer using "transparent mode".

Assuming by "transparent" you actually mean "NAT intercepting" you should of course have Squid listening on one port for the intercepted requests (authentication not possible) and another for the configured browsers (authentication possible).

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
  Current Beta Squid 3.1.0.13

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux