Tag Archives: squid

Endian Transparent Proxy and Hamachi Gateway Issue

Update: works around 95% of the time, but isn’t perfect.

After recently upgrading from IPCop to Endian for a clients router, we discovered an issue that wasn’t there with IPCop.
All the users connecting in via the Hamachi gateway also had there traffic passed through the squid proxy server at the office.

While most organaizations would encorrage this, it was an uninttended side effect, and brought the small slow ADSL connection to its knees.

After trying to fiddle with proxy.pac files, IP Tables rules, etc it seems the easiest option is to simply ban the IP address in proxy.

      Create a static DHCP address for the client
      Go to Proxy -> HTTP -> Access Policy. Add a new access policy
      Select the following values:
      Source Type: Network/IP
      Destination Type:
      Insert Source Network/IPs: Add the IP addresses from Step 1.
      Access policy: Deny access
      Position: First position

      Create Policy

      Test on a remote client using Speedtest.net or IPChicken

Early testing has shown that there aren’t any issues with this, the client still downloads the proxy.pac file, then finds out it can’t use the Proxy (Chrome seems to add it to a Ban list), and carries on connecting as usual.

Extended testing shows that every now & then Endian still gets asked to handle the request & gets a ‘denied’ response. So not a perfect solution, it still half works.

Endian Firewall and Office 365 Outlook not connecting

Problem: Switching from IPCop to Endian Community 3 resulted in Outlook not connecting to the Office 365 servers.

Solution: It appears the issue is with Squid (see http://www.squid-cache.org/mail-archive/squid-users/201308/0269.html). Office 365 resolves outlook.office365.com to 25 different addresses, but Squid defaults to try the first 10 then give up. To fix add the line: forward_max_tries 25
But where to do so in Endian?

Adding extra squid configuration options in Endian 3:
The Squid config is at /etc/squid/squid.conf – BUT this is rebuild every time you save the web GUI instead to add custom options, add them into /var/efw/proxy/custom.tmpl

For example:
SSH in:
cd /var/efw/proxy/
vi custom.tmpl
[add the following:] forward_max_tries 25

Then resave the settings in the Web gui to force the rebuild of the /etc/squid/squid.conf file.
Then check to see that the settings are there with the following command:
cat /etc/squid/squid.conf
And look for #begin custom.tmpl