On 26/07/2012 8:43 p.m., Graeme Dargie wrote:
Hi all I have squid setup on a pfsense box that is running openvpn, the VPN is configured to send specific traffic via the VPN but not web traffic, when I enable squid web traffic is being routed via the VPN despite there being a firewall rule to force it via the normal wan interface. I do not see anything in the squid config pages that let me force squid to use the wan interface, is there some sort of optional config command to allow this?
Squid does not have direct access to any part of the kernel routing system which allows it to determin things as low-level as which interface is used.
The normal way to do it is to configure the OS routing rules to make their decision based on what PID/process-name is sending the packets. They are teh place where outgoing IP and interfaces are set.
All we have to play with at the Squid level are: tcp_outgoing_address - to determine what IP Squid sends from tcp_outgoing_tos - to determine what TOS flags are set Amos
