From SixXS Wiki
Jump to: navigation, search


Squid is a well-known web caching proxy software. It had support for IPv6 since version 2.6 by adding a dedicated patch<ref>IPv6 dedicated patch</ref>. As release 2.6 is going EOL<ref>Squid major releases status</ref>, one should try v3.0 for production use.

However, IPv6 integration is complete in current 3.1 beta version.


IPv6 support should be enable by adding '--enable-ipv6' during the configure phase.


Previous squid configuration file should work seamlessly with an IPv6-enabled squid. You can add these 3 lines for basic ipv6 outgoing rules :

  • acl to_ipv6 dst ipv6
  • tcp_outgoing_address <your_proxy_ipv4_address> !to_ipv6
  • tcp_outgoing_address <your_proxy_ipv6_address> to_ipv6

The first line declare an ACL which is true for all IPv6 destinations. The second line forces the use of an IPv4 outgoing address for IPv4 traffic. The third line forces the use of an IPv6 outgoing address for IPv6 traffic.

Squid wiki<ref>Squid wiki about IPv6</ref> lists in section 1.5 "common mistakes" what you should not do in your IPv6 configuration.

Client proxy autoconfiguration

You may use proxy autoconfiguration in your corporate environment.
For clients to use the proxy when accessing IPv6 litteral URL (i.e. http://[2001:838:1:1:210:dcff:fe20:7c7c]), you should add the following lines to your PAC file :

  • if (url.indexOf("http://[") == 0) return "PROXY <your_proxy_address>";
  • if (url.indexOf("https://[") == 0) return "PROXY <your_proxy_address>";

Details on the Talk:Squid discussion page.

Good to know

IPv6-squid can listen to IPv4 clients and connect to IPv6 servers. This is useful during a transition phase where only part of your network is IPv6 enabled.