Authenticating Squid Package Users with FreeRADIUS

Using the Squid Proxy package with the FreeRADIUS 2.x package.

SQUID Proxy

Squid provides the possibility to ask for a username and password for users who want to connect the internt through squid proxy. This works only if squid is running in non-transparent mode.

  • SQUID configuration:

    • Disable transparent mode in Proxy Server > General

    • Enable RADIUS as authentication method in Proxy Server > Auth Settings

  • FreeRADIUS configuration:

    • Configure an interface in FreeRADIUS > Interfaces

    • Configure a user in FreeRADIUS > Users

    • Configure a NAS/Client in FreeRADIUS > NAS/Clients. In this case pfSense itself is the NAS/Client. So enter the pfSense IP-Address.

For squid in non-transparent mode the IP address and the squid port must be entered on the host’s browser. When a user connects to the Internet through the proxy then the browser will present a login window where the user has to enter username and password.