When using CNTLM, Squid and VPN you are in to a lot of fun. It might work without some user interference, but when you are about to change networks, e.g. starting up laptop at home, connecting to the wireless and connecting to VPN, it was impossible for me to get a working setup without manual intervention. Because manual work always means error (and that I experienced a log on my own ;-) ), I created a solution that solves the mentiond problems without manual rework.
CNTLM ist the endpoint for all local applications. It is running on port 3128 locally. It has two proxys under the hood - first one is the NTLM Proxy, second one is a local squid. The local squid listens on port 3129 and its only job is to connect to the internet in a non NTLM setup. When configured correctly the proxy work flawlessly together, but network changes do not change anything on the proxies. This solution here listens for network change events and restarts the cntlm proxy.
There are only two interesting settings in cntlm.ini. See Proxy entries, change Username/Domain and generate correct PassNTLMv2 hash.
Only one interesting setting in squid.conf. See http_port, that is set to 3129 instead of 3128. If you like, change nameservers.
See Windows instructions.
See Mac instructions.
See Linux instructions (TODO).
Inspiration
Sources
- Windows: Exchange CNTLM with PX Proxy. The PX Proxy uses the logged in windows user, so no credentials that have to be taken care of..
Creative Commons Attribution 4.0, see License.