Hi, I have installed strongSwan and Squid HTTP Proxy on the same Ubuntu 16.04 server and I am trying to connect both. By connect I mean, I am trying to achieve following: [VPN Client] <------> [VPN Server] <-> [Squid] <------> [Internet] My objective is to connect a VPN client to VPN server and use Squid for filtering out blocked Urls. strongSwan and Squid work fine on their own. I can access internet when connected to VPN server and also when configured HTTP Proxy without VPN. >From what I understand, to achieve what I want, I am supposed to redirect incoming HTTP traffic from port 80 to port using IPTables. I enter following IPTables rule: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 Once I do this and try to access internet from a connected VPN client, I get error. Pasting a log of /var/log/squid/access.log 1484738365.632 0 114.143.194.190 TCP_DENIED/403 4066 CONNECT api-glb-sin.smoot.apple.com:443 - HIER_NONE/- text/html 1484738365.642 0 114.143.194.190 TCP_DENIED/403 4870 GET http://www.apple.com/ac/globalfooter/2.0/en_US/styles/ac-globalfooter.built.css - HIER_NONE/- text/html 1484738365.643 0 114.143.194.190 TCP_DENIED/403 4852 GET http://www.apple.com/ac/globalnav/2.0/en_US/styles/ac-globalnav.built.css - HIER_NONE/- text/html 1484738365.731 0 114.143.194.190 TCP_DENIED/403 4753 GET http://www.apple.com/wss/fonts/? - HIER_NONE/- text/html 1484738365.760 0 114.143.194.190 TCP_DENIED/403 4817 GET http://www.apple.com/metrics/ac-analytics/1.1/scripts/ac-analytics.js - HIER_NONE/- text/html 1484738367.798 0 114.143.194.190 TCP_DENIED/403 4066 CONNECT init.itunes.apple.com:443 - HIER_NONE/- text/html 1484738367.922 0 114.143.194.190 TCP_DENIED/403 4334 GET http://www.apple.com/apple-touch-icon-76x76-precomposed.png - HIER_NONE/- text/html 1484738367.963 0 114.143.194.190 TCP_DENIED/403 4025 CONNECT gsp10-ssl.apple.com:443 - HIER_NONE/- text/html 1484738368.036 0 114.143.194.190 TCP_DENIED/403 4298 GET http://www.apple.com/apple-touch-icon-76x76.png - HIER_NONE/- text/html 1484738368.148 0 114.143.194.190 TCP_DENIED/403 4352 GET http://www.apple.com/apple-touch-icon.png - HIER_NONE/- text/html 1484738368.255 0 114.143.194.190 TCP_DENIED/403 4352 GET http://www.apple.com/apple-touch-icon.png - HIER_NONE/- text/html 1484738368.296 0 114.143.194.190 TCP_DENIED/403 4316 GET http://www.apple.com/apple-touch-icon-precomposed.png - HIER_NONE/- text/html 1484738368.348 0 114.143.194.190 TCP_DENIED/403 4253 GET http://www.apple.com/favicon.ico - HIER_NONE/- text/html 1484738376.374 0 114.143.194.190 TCP_DENIED/403 4655 GET http://www.apple.com/ - HIER_NONE/- text/html 1484738376.456 0 114.143.194.190 TCP_DENIED/403 4711 GET http://ip-172-31-9-90:3128/squid-internal-static/icons/SN.png - HIER_NONE/- text/html 1484738385.761 0 114.143.194.190 TCP_DENIED/403 4655 GET http://www.apple.com/ - HIER_NONE/- text/html 1484738385.828 0 114.143.194.190 TCP_DENIED/403 4747 GET http://ip-172-31-9-90:3128/squid-internal-static/icons/SN.png - HIER_NONE/- text/html 1484738858.272 0 10.99.1.1 TAG_NONE/400 4154 GET /assets/com_apple_MobileAsset_SafariCloudHistoryConfiguration/com_apple_MobileAsset_SafariCloudHistoryConfiguration.xml - HIER_NONE/- text/html 1484738858.990 0 10.99.1.1 TAG_NONE/400 4004 GET /us/shop/bag/status?apikey=SFX9YPYY9PPXCU9KH - HIER_NONE/- text/html 1484738860.362 0 10.99.1.1 TAG_NONE/400 5350 GET /b/ss/appleglobal,applehome,applestoreww,applestoreamr,applestoreus/1/H.27/s5505031635984?AQB=1&ndh=1&t=18%2F0%2F2017%2016%3A57%3A40%203%20-330&fid=21A4DCCB11396F92-26B205C305B2B2DF&pageName=apple%20-%20index%2Ftab%20%28us%29&g=http%3A%2F%2Fwww.apple.com%2F&cc=USD&ch=www.us.homepage&server=new%20approach%20ac-analytics&v3=aos%3A%20us&c4=D%3Dg&c5=ipad&c9=ios%209.3.5&c19=aos%3A%20us%3A%20apple%20-%20index%2Ftab%20%28us%29&c20=aos%3A%20us&c25=direct%20entry&c48=4&c49=D%3D2C39962A85032063-4000118780008FDC&v54=http%3A%2F%2Fwww.apple.com%2F&h1=www.us.homepage&s=768x1024&c=32&j=1.6&v=N&k=Y&bw=768&bh=960&AQE=1 - HIER_NONE/- text/html 1484739056.258 0 10.99.1.1 TAG_NONE/400 3918 GET / - HIER_NONE/- text/html 1484739056.480 0 10.99.1.1 TCP_DENIED/403 4290 GET http://ip-172-31-9-90:3128/squid-internal-static/icons/SN.png - HIER_NONE/- text/html 1484739057.106 0 10.99.1.1 TAG_NONE/400 3994 GET /apple-touch-icon-76x76-precomposed.png - HIER_NONE/- text/html 1484739057.166 0 10.99.1.1 TAG_NONE/400 3970 GET /apple-touch-icon-76x76.png - HIER_NONE/- text/html 1484739057.211 0 10.99.1.1 TAG_NONE/400 3958 GET /apple-touch-icon.png - HIER_NONE/- text/html 1484739057.267 0 10.99.1.1 TAG_NONE/400 3958 GET /apple-touch-icon.png - HIER_NONE/- text/html 1484739057.340 0 10.99.1.1 TAG_NONE/400 3982 GET /apple-touch-icon-precomposed.png - HIER_NONE/- text/html 1484739057.436 0 10.99.1.1 TAG_NONE/400 3940 GET /favicon.ico - HIER_NONE/- text/html 1484739060.563 0 10.99.1.1 TAG_NONE/400 3924 GET /bag - HIER_NONE/- text/html 1484739071.241 0 10.99.1.1 TAG_NONE/400 3918 GET / - HIER_NONE/- text/html 1484739071.439 0 10.99.1.1 TCP_DENIED/403 4290 GET http://ip-172-31-9-90:3128/squid-internal-static/icons/SN.png - HIER_NONE/- text/html 1484739092.972 0 10.99.1.1 TAG_NONE/400 3918 GET / - HIER_NONE/- text/html 1484739093.151 0 10.99.1.1 TCP_DENIED/403 4621 GET http://ip-172-31-9-90:3128/squid-internal-static/icons/SN.png - HIER_NONE/- text/html 1484739093.306 0 10.99.1.1 TAG_NONE/400 3994 GET /apple-touch-icon-76x76-precomposed.png - HIER_NONE/- text/html 1484739093.364 0 10.99.1.1 TAG_NONE/400 3970 GET /apple-touch-icon-76x76.png - HIER_NONE/- text/html 1484739093.427 0 10.99.1.1 TAG_NONE/400 3958 GET /apple-touch-icon.png - HIER_NONE/- text/html 1484739093.480 0 10.99.1.1 TAG_NONE/400 3958 GET /apple-touch-icon.png - HIER_NONE/- text/html 1484739093.529 0 10.99.1.1 TAG_NONE/400 3982 GET /apple-touch-icon-precomposed.png - HIER_NONE/- text/html 1484739093.578 0 10.99.1.1 TAG_NONE/400 3940 GET /favicon.ico - HIER_NONE/- text/html 1484741172.545 0 123.240.104.249 TAG_NONE/400 3924 GET / - HIER_NONE/- text/html 1484742330.250 0 10.99.1.2 TAG_NONE/400 4444 NONE error:invalid-request - HIER_NONE/- text/html 1484742335.479 0 10.99.1.2 TAG_NONE/400 4220 %E1%89%C5%01%DCd%95A-%D0%16%9B%98%7F7%D3%12%80%F3%BB%A4mm%13%60%B4%E1%B7%D9%C0j%11 - HIER_NONE/- text/html 1484742335.538 0 10.99.1.2 TAG_NONE/400 4234 %BB%E1%89%C5%01%DCd%95A-%D0%16%9B%98%7F7%D3%12%80%F3%BB%A4mm%13%60%B4%E1%B7%D9%C0j%11 - HIER_NONE/- text/html 1484742335.605 0 10.99.1.2 TAG_NONE/400 4444 NONE error:invalid-request - HIER_NONE/- text/html 1484742335.691 0 10.99.1.2 TAG_NONE/400 4444 NONE error:invalid-request - HIER_NONE/- text/html 1484742339.640 0 10.99.1.2 TAG_NONE/400 4022 %C6%CF%91Pv%85%82l%DEbD%1F%E0 - HIER_NONE/- text/html 1484742339.697 0 10.99.1.2 TAG_NONE/400 3918 GET / - HIER_NONE/- text/html 1484742339.885 0 10.99.1.2 TCP_DENIED/403 4556 GET http://ip-172-31-9-90:3128/squid-internal-static/icons/SN.png - HIER_NONE/- text/html 1484742340.105 0 10.99.1.2 TAG_NONE/400 3994 GET /apple-touch-icon-76x76-precomposed.png - HIER_NONE/- text/html 1484742340.195 0 10.99.1.2 TAG_NONE/400 3970 GET /apple-touch-icon-76x76.png - HIER_NONE/- text/html 1484742340.258 0 10.99.1.2 TAG_NONE/400 3958 GET /apple-touch-icon.png - HIER_NONE/- text/html 1484742340.309 0 10.99.1.2 TAG_NONE/400 3958 GET /apple-touch-icon.png - HIER_NONE/- text/html 1484742340.359 0 10.99.1.2 TAG_NONE/400 3982 GET /apple-touch-icon-precomposed.png - HIER_NONE/- text/html 1484742340.413 0 10.99.1.2 TAG_NONE/400 3940 GET /favicon.ico - HIER_NONE/- text/html 1484742378.858 0 10.99.1.2 TAG_NONE/400 4444 NONE error:invalid-request - HIER_NONE/- text/html 1484742510.612 0 10.99.1.2 TAG_NONE/400 4444 NONE error:invalid-request - HIER_NONE/- text/html 1484742517.730 0 10.99.1.2 TAG_NONE/400 4444 NONE error:invalid-request - HIER_NONE/- text/html 1484744550.653 0 10.99.1.2 TAG_NONE/400 4174 GET /MFYwVKADAgEAME0wSzBJMAkGBSsOAwIaBQAEFHQkFGcGn%2FXgmD9ePhproGUqVBV1BBQBWavn3ToLWaZkY9bPIAdX1ZHnagIQBHT%2BRrNCtgO6lb6fVDjflA%3D%3D - HIER_NONE/- text/html 1484744597.163 0 10.99.1.1 TAG_NONE/400 4022 GET /ac/globalnav/2.0/en_US/styles/ac-globalnav.built.css - HIER_NONE/- text/html 1484744597.361 0 10.99.1.1 TAG_NONE/400 4034 GET /ac/globalfooter/2.0/en_US/scripts/ac-globalfooter.built.js - HIER_NONE/- text/html 1484744599.970 0 10.99.1.1 TAG_NONE/400 5352 GET /b/ss/appleglobal,applehome,applestoreww,applestoreamr,applestoreus/1/H.27/s62860188740305?AQB=1&ndh=1&t=18%2F0%2F2017%2018%3A33%3A19%203%20-330&fid=21A4DCCB11396F92-26B205C305B2B2DF&pageName=apple%20-%20index%2Ftab%20%28us%29&g=http%3A%2F%2Fwww.apple.com%2F&cc=USD&ch=www.us.homepage&server=new%20approach%20ac-analytics&v3=aos%3A%20us&c4=D%3Dg&c5=ipad&c9=ios%209.3.5&c19=aos%3A%20us%3A%20apple%20-%20index%2Ftab%20%28us%29&c20=aos%3A%20us&c25=direct%20entry&c48=2&c49=D%3D2C39962A85032063-4000118780008FDC&v54=http%3A%2F%2Fwww.apple.com%2F&h1=www.us.homepage&s=768x1024&c=32&j=1.6&v=N&k=Y&bw=768&bh=960&AQE=1 - HIER_NONE/- text/html 1484744606.878 0 10.99.1.1 TAG_NONE/400 4022 GET /ac/globalnav/2.0/en_US/styles/ac-globalnav.built.css - HIER_NONE/- text/html 1484744606.879 0 10.99.1.1 TAG_NONE/400 4034 GET /ac/globalfooter/2.0/en_US/scripts/ac-globalfooter.built.js - HIER_NONE/- text/html 1484744608.852 0 10.99.1.1 TAG_NONE/400 5352 GET /b/ss/appleglobal,applehome,applestoreww,applestoreamr,applestoreus/1/H.27/s68294376337435?AQB=1&ndh=1&t=18%2F0%2F2017%2018%3A33%3A28%203%20-330&fid=21A4DCCB11396F92-26B205C305B2B2DF&pageName=apple%20-%20index%2Ftab%20%28us%29&g=http%3A%2F%2Fwww.apple.com%2F&cc=USD&ch=www.us.homepage&server=new%20approach%20ac-analytics&v3=aos%3A%20us&c4=D%3Dg&c5=ipad&c9=ios%209.3.5&c19=aos%3A%20us%3A%20apple%20-%20index%2Ftab%20%28us%29&c20=aos%3A%20us&c25=direct%20entry&c48=3&c49=D%3D2C39962A85032063-4000118780008FDC&v54=http%3A%2F%2Fwww.apple.com%2F&h1=www.us.homepage&s=768x1024&c=32&j=1.6&v=N&k=Y&bw=768&bh=960&AQE=1 - HIER_NONE/- text/html 1484744615.457 0 10.99.1.1 TAG_NONE/400 4022 GET /ac/globalnav/2.0/en_US/styles/ac-globalnav.built.css - HIER_NONE/- text/html 1484744615.526 0 10.99.1.1 TAG_NONE/400 4008 GET /metrics/ac-analytics/1.1/scripts/auto-init.js - HIER_NONE/- text/html 1484744615.587 0 10.99.1.1 TAG_NONE/400 4034 GET /ac/globalfooter/2.0/en_US/scripts/ac-globalfooter.built.js - HIER_NONE/- text/html 1484744625.891 0 10.99.1.1 TAG_NONE/400 3952 GET /retail/geniusbar/ - HIER_NONE/- text/html 1484744626.062 0 10.99.1.1 TCP_MEM_HIT/200 11731 GET http://ip-172-31-9-90:3128/squid-internal-static/icons/SN.png - HIER_NONE/- image/png 1484744643.114 0 10.99.1.1 TAG_NONE/400 3918 GET / - HIER_NONE/- text/html 1484744643.268 0 10.99.1.1 TCP_MEM_HIT/200 11731 GET http://ip-172-31-9-90:3128/squid-internal-static/icons/SN.png - HIER_NONE/- image/png 1484746410.764 0 108.189.96.202 TAG_NONE/400 3923 GET / - HIER_NONE/- text/html 1484751091.543 0 153.142.43.105 TAG_NONE/400 3923 GET / - HIER_NONE/- text/html My /etc/squid/squid.conf file has only one change and that is: http_access allow all Following is my /etc/ipsec.conf file: config setup strictcrlpolicy=no uniqueids = no conn %default mobike=yes dpdaction=clear dpddelay=35s dpdtimeout=200s fragmentation=yes conn iOS-IKEV2 auto=add keyexchange=ike eap_identity=%any left=%any leftsubnet=0.0.0.0/0 rightsubnet=10.99.1.0/24 leftauth=psk leftid=%any right=%any rightsourceip=10.99.1.0/24 rightauth=eap-mschapv2 rightid=%any Following is NAT IPTables entries. I get this by entering sudo iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination REDIRECT tcp -- anywhere anywhere tcp dpt:http redir ports 3128 Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- 10.99.1.0/24 anywhere If any of you have faced this problem before and was able to resolve it, can you please help me? Thanks. -- Regards, Varun _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
