Right, so had a weird scenario where I had a laptop that could not get on the Internet using the VPN connection and a proxy, but other non-laptop devices were fine, which was intriguing so I thought I would take a look, the service was a squid proxy server but any website you visited told you this:
The proxy was set as you can see here, so that was not the issue:
So, the go to tool is a IMCP Ping, which was a good call, if it was for the fact this server does not allow the ICMP protocol so that failed to prove anything:
PS > tnc GreatBear.local -Port 8080
ComputerName : GreatBear.local
RemoteAddress : 10.295.161.517
RemotePort : 8080
InterfaceAlias : Grrrr is Live
SourceAddress : 10.295.161.636
TcpTestSucceeded : True
Right, so that test was more positive, so lets try a little wget magic to the google.co.uk with this command:
wget -uri www.google.co.uk
That should return a HTTP 200 and the contents from Google, but instead I got this from wget......
Access Denied : Access Control configuration is preventing your request from being allowed at this time.
However as Squid does not natively do https inspection so it cannot show you the actual error in the browser as it cannot incept the traffic at this stage, so you should have got this:
Right, next question how do I fix that, as the ACL on Squid is not allowing the access to the IP for the laptop, or more specifically the IP of the VPN that the laptop is using.
First login to the SSH console and then use this command:
systemctl status squid
This will give the status of the Squid proxy and other information we require, here you can see its running and the path to the configuration file, but I have also noticed an issue here as well:
While it is running this section of the status is not good squid.service; disabled this means its not going to restart on a system reboot, so lets fix that now, with the enable command:
systemctl enable squid
That will then ask you for the root password as you can see here:
Then when you run this again:
systemctl status squid
You will notice it now look like this and its not enabled:
Excellent, however that was not the original issue, so back to that, to check this we need to open the configuration file for Squid, that can been seen in the command from earlier, so we need a elevated nano text editor to check that out:
sudo nano /etc/squid/squid.conf
This will show us this, which means that only the network 10.0.0.0/8 can access the squid server:
However our laptop gets the VPN address of 174.0.0.0/16 hence if cannot access the squid server as the ACL is wrong, so lets update that in the configuration file:
systemctl stop squid