On 30/04/11 04:50, J. Webster wrote:
yes. yes. wrong. no it does not.
You seem very confused about Squid capabilities...
- *add* a second http_port with "intercept" flag (or "transparent" if
its an old Squid).
- configure iptables to pass the VPN port 80 traffic *to* that new
Squid port.
- configure iptables to prevent direct client connections to that new
port.
- configure squid to not ask for auth from VPN clients.
OR
- configure the VPN clients to use Squid the same way you configure
the non-VPN ones.
- what you do with auth is now optional.
So, I can do this all with one squid service listening on different ports?
Yes.
Out of interest, I had a post the other day: "proxy external ip address acl"
You mentioned that adding an extra authentication would mess with the existing ncsa auth.
Can I therefore add a 2nd authentication method on a different port and have 2 authentication methods running at the same time?
Not like that. You can add support for two authentication methods and
advertise them when challenging for the browser to choose which
credentials it sends you.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.12
Beta testers wanted for 3.2.0.7 and 3.1.12.1
