[squid-users] VPN traffic through Squid

From: Eric Geater 10/30/03 <[email protected]>
Date: Fri, 31 Oct 2003 11:45:46 -0600

I'm running Squid 2.5 and RC.Firewall on a Mandrake 9.1 box. The
firewall denies any unrequested outside traffic, but allows anything
that IS requested from the inside.

And this is the beginning of my problem. I have a division that may
begin using VPN connections to a vendor, and I set up the (sorry)
Microsoft Network and Dialup Connections on a Win2k Pro machine to
create a VPN client connection. All the choices are generic, so I'm
presuming it's making a PPTP connection.

And of course, it's not connecting. After 30 seconds, I get a "No
answer; error 678" box. I "tail -30 messages" on the firewall log, but
it shows no denials from eth1 or eth0. Going to squid.conf, I added an
acl that says "ACL Safe_Ports port 50-51", and did the same for 500.
1701 and 1723 are already open because of a ACL that deems everything
from 1024 up to be a "safe_ports".

I tried it again, but it's still not working. When I went to
squid-cache.org to look at the FAQ (I did this time!), on the 450k HTML
doc (http://squid-docs.sourceforge.net/latest/book-full.html) I did a
search for "vpn" "l2tp" and "pptp", but could find nothing. I don't
know if that means the subject hasn't been handled or not.

The last detail I can give you is that my Win box is sitting behind a
router that passes to another router through frame relay. Then out of
that router I go into the other division's network, to eth1 on the Squid
box, then on to the outside world. And I'm presuming that my VPN client
simply follow the path of my "default gateway", which then should route
any non-local-network traffic out its own gateway.

Any idears? TIA.

Eric Geater
I.T. Representative
MSCO, Inc.
731-935-8538
731-431-3742
egeater at mscoinc dot com
Received on Fri Oct 31 2003 - 10:45:56 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:20:47 MST