Configuring proxy Squid under Strongswan private network

Question

I cannot connect to Proxy Server (Squid) from my computer (Windows 10) via VPN (StrongSwan, IKev2) on my VPS (CentOS 8)

I have no idea what I'm doing, so please bare with me!

Port in firewall-cmd is opened, firewall restarted
My computer is connected to VPN and has 10.20.30.1 Virtual IP: strongswan statusall
I have this route created: ip route 220

If I try to connect like this it fails: curl

If I try to connect with public IP it works (It won't let me because of squid rules ofc)

Please, give me ideas on how it can be done with private IP? What am I missing? (apart from clear understanding of how it all works)

/etc/squid/squid.conf:

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

Recommended minimum Access Permission configuration:

Deny requests to certain unsafe ports
http_access deny !Safe_ports
Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager
We strongly recommend the following be uncommented to protect innocent
web applications running on the proxy server who think the only
one who can access services on "localhost" is a local user
#http_access deny to_localhost

INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

acl mynet src 10.20.30.0/32
acl mynet src 192.168.0.0/16
Example rule allowing access from your local networks.
Adapt localnet in the ACL section to list your (internal) IP networks
from where browsing should be allowed
http_access allow mynet
And finally deny all other access to this proxy
http_access deny all
Squid normally listens to port 3128
http_port 13333
Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256
Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

Add any of your own refresh_pattern entries above these.

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|?) 0     0%      0
refresh_pattern .               0       20%     4320

If you're interested of what I'm trying to do: Tunneling Internet traffic from my browser through VPN, while keeping rest of it in the clear. I will have to figure out routing of DNS calls later.

Configuring proxy Squid under Strongswan private network

Recommended minimum Access Permission configuration:

Deny requests to certain unsafe ports

Deny CONNECT to other than secure SSL ports

Only allow cachemgr access from localhost

We strongly recommend the following be uncommented to protect innocent

web applications running on the proxy server who think the only

one who can access services on "localhost" is a local user

INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

Example rule allowing access from your local networks.

Adapt localnet in the ACL section to list your (internal) IP networks

from where browsing should be allowed

And finally deny all other access to this proxy

Squid normally listens to port 3128

Uncomment and adjust the following to add a disk cache directory.

Leave coredumps in the first cache dir

Add any of your own refresh_pattern entries above these.

0 Answers0