I have strongswan running fine, I need to block some bad websites by it's domains from being visiting by VPN users, I tried many methods but no luck as redirect traffic from vpn to proxy server like squid but I discovered that forwarded traffic to squid it done by it's website IP not domain name so this technique not succeeded.
maybe this is not strongswan business but any idea will be welcomed.
thanks in advance
Best Answer
the way I would solve such a problem is to adjust the strongswan VPN exit node with transparent proxy:
https://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html
You will however either need to allow https to bypass the proxy or setup SSL intercept (which is quite difficult and needs access to your clients PCs) ..
Another way to solve the problem is to introduce your own DNS that will point your users to your own IP address for domain names that are black listed... this of course means that you are running dhcp and nobody's smart enough to use custom DNS.. or DNS over HTTPS