> I have a network namespace which runs a Wireguard VPN (only). > > `` > ❯ ip l > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN > mode DEFAULT group default qlen 1000 > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > 3: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state > UNKNOWN mode DEFAULT group default qlen 1000 > link/none` > ```
Wait, is the "normal" link interface also available in the namespace? If yes, can you show the configuration file used for Squid? Are you sure you're binding Squid correctly so that it is reachable over the Wireguard interface, or that it sends its responses over the Wireguard interface? > But if I do the same with the systemd unit of squid, it doesn't work. > The proxy process still runs within the standard namespace (if I curl > using the proxy, the IP is the one of the standard namespace) That doesn't necessarily mean that it runs in the wrong namespace, if the "standard" link is available in the namespace, it might "just" be binding to the wrong interface. For example `tcp_outgoing_address` are configurations regarding that behavior. _______________________________________________ squid-users mailing list [email protected] https://lists.squid-cache.org/listinfo/squid-users
