> yes. yes. wrong. no it does not. > > You seem very confused about Squid capabilities... > > - *add* a second http_port with "intercept" flag (or "transparent" if > its an old Squid). > - configure iptables to pass the VPN port 80 traffic *to* that new > Squid port. > - configure iptables to prevent direct client connections to that new > port. > - configure squid to not ask for auth from VPN clients. > > OR > - configure the VPN clients to use Squid the same way you configure > the non-VPN ones. > - what you do with auth is now optional. So, I can do this all with one squid service listening on different ports? Out of interest, I had a post the other day: "proxy external ip address acl" You mentioned that adding an extra authentication would mess with the existing ncsa auth. Can I therefore add a 2nd authentication method on a different port and have 2 authentication methods running at the same time?
