Update: works around 95% of the time, but isn’t perfect.
After recently upgrading from IPCop to Endian for a clients router, we discovered an issue that wasn’t there with IPCop.
All the users connecting in via the Hamachi gateway also had there traffic passed through the squid proxy server at the office.
While most organaizations would encorrage this, it was an uninttended side effect, and brought the small slow ADSL connection to its knees.
After trying to fiddle with proxy.pac files, IP Tables rules, etc it seems the easiest option is to simply ban the IP address in proxy.
-
Create a static DHCP address for the client
-
Go to Proxy -> HTTP -> Access Policy. Add a new access policy
-
Select the following values:
Source Type: Network/IP
Destination Type:
Insert Source Network/IPs: Add the IP addresses from Step 1.
Access policy: Deny access
Position: First position
Create Policy
-
Test on a remote client using Speedtest.net or IPChicken
Early testing has shown that there aren’t any issues with this, the client still downloads the proxy.pac file, then finds out it can’t use the Proxy (Chrome seems to add it to a Ban list), and carries on connecting as usual.
Extended testing shows that every now & then Endian still gets asked to handle the request & gets a ‘denied’ response. So not a perfect solution, it still half works.