<div dir="ltr">Hi,<div>I'm trying to use <span style="color:rgb(30,30,30);font-family:courier;font-size:12px">tcp_outgoing_address </span>to forward traffic from specific users to a specific interface.</div><div><br></div><div>running squid 5.7 (on openwrt).</div><div>have a few interfaces on my machine, two of which are VPN interfaces with IPs (internal) <span style="font-variant-ligatures:no-common-ligatures;color:rgb(0,0,0);font-family:Menlo;font-size:14px">10.200.0.70 </span> and<span style="font-variant-ligatures:no-common-ligatures;color:rgb(0,0,0);font-family:Menlo;font-size:14px"> </span><span style="font-variant-ligatures:no-common-ligatures;color:rgb(0,0,0);font-family:Menlo;font-size:14px">10.102.237.50</span>.</div><div>trying to forward user "uk" to the interface with IP 10.200.0.70 is "ignored" - I can see that the default WAN interface is used. I see it by using a simple "what is my ip" test when using the proxy, and checking the traffic of the interfaces when sending requests.</div><div><br></div><div>the relevant excerpt from the squid conf:</div><div><font face="monospace">acl auth_users proxy_auth REQUIRED<br>acl wg_uk proxy_auth uk<br>tcp_outgoing_address 10.200.0.70 wg_uk</font><br></div><div><br></div><div>I can see that the IP and config are not wrong because the requests don't get <span style="background-color:transparent;font-style:inherit;font-variant-ligatures:inherit;font-variant-caps:inherit;font-weight:inherit;white-space:inherit">503 errors (if I change the IP to a non existing one, e.g. 10.200.0.71 I do get 503 errors).</span></div><div><span style="background-color:transparent;font-style:inherit;font-variant-ligatures:inherit;font-variant-caps:inherit;font-weight:inherit;white-space:inherit"><br></span></div><div><span style="background-color:transparent;font-style:inherit;font-variant-ligatures:inherit;font-variant-caps:inherit;font-weight:inherit;white-space:inherit">small excerpt from the squid_cache.log (proxy server is </span>192.168.1.1, proxy client is 192.168.1.149)</div><div><font face="monospace">2022/11/26 11:28:48.286| 17,3| FwdState.cc(394) Start: '<a href="http://detectportal.firefox.com/canonical.html">http://detectportal.firefox.com/canonical.html</a>'<br>2022/11/26 11:28:48.286| 17,2| FwdState.cc(157) FwdState: Forwarding client request conn157 local=<a href="http://192.168.1.1:3128">192.168.1.1:3128</a> remote=<a href="http://192.168.1.149:64723">192.168.1.149:64723</a> FD 13 flags=1, url=<a href="http://detectportal.firefox.com/canonical.html">http://detectportal.firefox.com/canonical.html</a><span style="background-color:transparent;font-style:inherit;font-variant-ligatures:inherit;font-variant-caps:inherit;font-weight:inherit;white-space:inherit"><br></span></font></div><div><font face="monospace">2022/11/26 11:28:48.287| 44,2| peer_select.cc(460) resolveSelected: Find IP destination for: <a href="http://detectportal.firefox.com/canonical.html">http://detectportal.firefox.com/canonical.html</a>' via <a href="http://detectportal.firefox.com">detectportal.firefox.com</a><br>2022/11/26 11:28:48.287| 14,4| ipcache.cc(607) nbgethostbyname: <a href="http://detectportal.firefox.com">detectportal.firefox.com</a><br>2022/11/26 11:28:48.287| 14,3| Address.cc(389) lookupHostIP: Given Non-IP '<a href="http://detectportal.firefox.com">detectportal.firefox.com</a>': Name does not resolve<br>2022/11/26 11:28:48.287| 14,4| ipcache.cc(647) ipcache_nbgethostbyname_: ipcache_nbgethostbyname: HIT for '<a href="http://detectportal.firefox.com">detectportal.firefox.com</a>'<br>2022/11/26 11:28:48.287| 14,7| ipcache.cc(250) forwardIp: 34.107.221.82<br></font></div><div><font face="monospace">2022/11/26 11:28:48.287| 28,3| Checklist.cc(70) preCheck: 0x7ffd71e3d440 checking fast ACLs<br>2022/11/26 11:28:48.287| 28,5| Acl.cc(124) matches: checking tcp_outgoing_address 10.200.0.70<br>2022/11/26 11:28:48.287| 28,5| Acl.cc(124) matches: checking (tcp_outgoing_address 10.200.0.70 line)<br>2022/11/26 11:28:48.287| 28,5| Acl.cc(124) matches: checking wg_uk<br>2022/11/26 11:28:48.287| 29,5| UserRequest.cc(75) valid: Validated. Auth::UserRequest '0x1bad2e0'.<br>2022/11/26 11:28:48.287| 28,4| Acl.cc(346) cacheMatchAcl: ACL::cacheMatchAcl: cache hit on acl 'wg_uk' (0x1551ca0)<br>2022/11/26 11:28:48.287| 28,3| Acl.cc(151) matches: checked: wg_uk = 1<br>2022/11/26 11:28:48.287| 28,3| Acl.cc(151) matches: checked: (tcp_outgoing_address 10.200.0.70 line) = 1<br>2022/11/26 11:28:48.287| 28,3| Acl.cc(151) matches: checked: tcp_outgoing_address 10.200.0.70 = 1<br>2022/11/26 11:28:48.287| 28,3| Checklist.cc(63) markFinished: 0x7ffd71e3d440 answer ALLOWED for match<br>2022/11/26 11:28:48.287| 28,4| FilledChecklist.cc(67) ~ACLFilledChecklist: ACLFilledChecklist destroyed 0x7ffd71e3d440<br>2022/11/26 11:28:48.287| 28,4| Checklist.cc(197) ~ACLChecklist: ACLChecklist::~ACLChecklist: destroyed 0x7ffd71e3d440<br>2022/11/26 11:28:48.287| 24,7| SBuf.cc(209) append: from c-string to id SBuf10501<br>2022/11/26 11:28:48.287| 24,7| SBuf.cc(160) rawSpace: reserving 46 for SBuf10501<br>2022/11/26 11:28:48.287| 24,7| SBuf.cc(866) reAlloc: SBuf10501 new store capacity: 128<br>2022/11/26 11:28:48.287| 44,2| peer_select.cc(1171) handlePath: PeerSelector27 found conn167 local=10.200.0.70 remote=<a href="http://34.107.221.82:80">34.107.221.82:80</a> HIER_DIRECT flags=1, destination #1 for <a href="http://detectportal.firefox.com/canonical.html">http://detectportal.firefox.com/canonical.html</a><br>2022/11/26 11:28:48.288| 44,2| peer_select.cc(1177) handlePath:   always_direct = DENIED<br>2022/11/26 11:28:48.288| 44,2| peer_select.cc(1178) handlePath:    never_direct = DENIED<br>2022/11/26 11:28:48.288| 44,2| peer_select.cc(1179) handlePath:        timedout = 0<br>2022/11/26 11:28:48.288| 44,7| peer_select.cc(1149) interestedInitiator: PeerSelector27<br>2022/11/26 11:28:48.288| 17,3| FwdState.cc(631) noteDestination: conn167 local=10.200.0.70 remote=<a href="http://34.107.221.82:80">34.107.221.82:80</a> HIER_DIRECT flags=1<br>2022/11/26 11:28:48.288| 17,3| FwdState.cc(1135) connectStart: 1+ paths to <a href="http://detectportal.firefox.com/canonical.html">http://detectportal.firefox.com/canonical.html</a><br>2022/11/26 11:28:48.288| 11,7| HttpRequest.cc(468) clearError: old: ERR_NONE<br>2022/11/26 11:28:48.288| 17,5| AsyncCall.cc(30) AsyncCall: The AsyncCall FwdState::noteConnection constructed, this=0x1b97100 [call1887]<br>2022/11/26 11:28:48.288| 93,5| AsyncJob.cc(34) AsyncJob: AsyncJob constructed, this=0x1b86e18 type=HappyConnOpener [job99]<br>2022/11/26 11:28:48.288| 93,5| AsyncCall.cc(30) AsyncCall: The AsyncCall AsyncJob::start constructed, this=0x1b09300 [call1888]<br>2022/11/26 11:28:48.288| 93,5| AsyncCall.cc(97) ScheduleCall: AsyncJob.cc(26) will call AsyncJob::start() [call1888]<br>2022/11/26 11:28:48.288| 14,7| ipcache.cc(250) forwardIp: [2600:1901:0:38d7::]<br>2022/11/26 11:28:48.288| 44,7| peer_select.cc(1149) interestedInitiator: PeerSelector27<br>2022/11/26 11:28:48.288| 24,6| SBuf.cc(99) assign: SBuf10502 from c-string, n=4294967295)<br>2022/11/26 11:28:48.288| 28,4| FilledChecklist.cc(67) ~ACLFilledChecklist: ACLFilledChecklist destroyed 0x7ffd71e3d440<br>2022/11/26 11:28:48.288| 28,4| Checklist.cc(197) ~ACLChecklist: ACLChecklist::~ACLChecklist: destroyed 0x7ffd71e3d440<br>2022/11/26 11:28:48.288| 24,7| SBuf.cc(209) append: from c-string to id SBuf10503<br>2022/11/26 11:28:48.288| 24,7| SBuf.cc(160) rawSpace: reserving 46 for SBuf10503<br>2022/11/26 11:28:48.288| 24,7| SBuf.cc(866) reAlloc: SBuf10503 new store capacity: 128<br>2022/11/26 11:28:48.288| 44,2| peer_select.cc(1171) handlePath: PeerSelector27 found conn168 local=[::] remote=[2600:1901:0:38d7::]:80 HIER_DIRECT flags=1, destination #2 for <a href="http://detectportal.firefox.com/canonical.html">http://detectportal.firefox.com/canonical.html</a><br>2022/11/26 11:28:48.288| 44,2| peer_select.cc(1177) handlePath:   always_direct = DENIED<br>2022/11/26 11:28:48.288| 44,2| peer_select.cc(1178) handlePath:    never_direct = DENIED<br>2022/11/26 11:28:48.288| 44,2| peer_select.cc(1179) handlePath:        timedout = 0<br>2022/11/26 11:28:48.288| 44,7| peer_select.cc(1149) interestedInitiator: PeerSelector27<br>2022/11/26 11:28:48.288| 17,3| FwdState.cc(631) noteDestination: conn168 local=[::] remote=[2600:1901:0:38d7::]:80 HIER_DIRECT flags=1<br>2022/11/26 11:28:48.288| 17,7| FwdState.cc(690) notifyConnOpener: reusing pending notification about 2+ paths<br>2022/11/26 11:28:48.288| 14,7| ipcache.cc(231) finalCallback: 0x1af12b8 <br>2022/11/26 11:28:48.288| 44,7| peer_select.cc(1149) interestedInitiator: PeerSelector27<br>2022/11/26 11:28:48.288| 44,7| peer_select.cc(1149) interestedInitiator: PeerSelector27<br>2022/11/26 11:28:48.288| 24,7| SBuf.cc(209) append: from c-string to id SBuf10504<br>2022/11/26 11:28:48.288| 24,7| SBuf.cc(160) rawSpace: reserving 46 for SBuf10504<br>2022/11/26 11:28:48.288| 24,7| SBuf.cc(866) reAlloc: SBuf10504 new store capacity: 128<br>2022/11/26 11:28:48.288| 44,2| peer_select.cc(479) resolveSelected: PeerSelector27 found all 2 destinations for <a href="http://detectportal.firefox.com/canonical.html">http://detectportal.firefox.com/canonical.html</a><br>2022/11/26 11:28:48.288| 44,2| peer_select.cc(480) resolveSelected:   always_direct = DENIED<br>2022/11/26 11:28:48.288| 44,2| peer_select.cc(481) resolveSelected:    never_direct = DENIED<br>2022/11/26 11:28:48.288| 44,2| peer_select.cc(482) resolveSelected:        timedout = 0</font><br></div><div><font face="monospace"><br></font></div><div><font face="arial, sans-serif">can anyone help me understand what I'm missing?</font></div><div><font face="arial, sans-serif">thanks!</font></div>











</div>