Community Forum

Resolved
0 votes
I'm not sure if this is supposed to go here but....


I have a fully operational ClearOS box with dansguardian authentication using AD through LDAP for collection of the user name for reporting and squid serving a custom "Page Blocked" message. This is in stand alone mode with no firewall.

With all that being said I am getting a issue where once the user is not connected internally through LAN and connected through the internet using our Cisco VPN set up the sites get blocked and states that access has been denied.

Any help on this would be greatly appreciated.

Nigel
In VPN
Thursday, February 23 2012, 09:53 AM
Share this post:
Responses (1)
  • Accepted Answer

    Wednesday, June 13 2012, 01:02 PM - #Permalink
    Resolved
    0 votes
    Hi Nigel,

    Just a quick note, I too had this issue, you need to edit your squid.conf file. This may not be the 'best' way to do it, but you need to add your VPN to the allowed proxy sites:

     # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

    # Example rule allowing access from your local networks. Adapt
    # to list your (internal) IP networks from where browsing should
    # be allowed
    #acl our_networks src 192.168.1.0/24 192.168.2.0/24
    #http_access allow our_networks
    # dcc mod 4th december 2009

    acl a1 src 10.1.2.0/16
    acl mm src 10.12.0.0/16
    acl hh src 10.15.0.0/16
    acl cc src 10.16.0.0/16
    acl ee src 10.17.0.0/16
    acl ww src 10.18.0.0/16
    acl ee src 10.17.0.0/16
    acl ww src 10.18.0.0/16
    acl hg src 10.19.0.0/16
    acl gh src 10.20.0.0/16
    acl kk src 10.23.0.0/16
    acl ss src 10.24.0.0/16
    acl bv src 10.25.0.0/16
    acl cb src 10.40.0.0/16

    http_access allow a1
    http_access allow mm
    http_access allow hh
    http_access allow cc
    http_access allow ee
    http_access allow ww
    http_access allow hg
    http_access allow gh
    http_access allow bv
    http_access allow kk
    http_access allow ss
    http_access allow bv
    http_access allow cb

    # And finally deny all other access to this proxy
    http_access allow localhost
    http_access allow pcngroup-RB pcntime-RB
    http_access allow webconfig_to_lan
    http_access allow webconfig_lan
    http_access deny all


    Hope that helps
    David
    The reply is currently minimized Show
Your Reply