I don't do VLANS either, but Squid will only add your first local network to the list of allowed subnets.  All others must be added manually.  Check Services - Proxy Server - ACLs - Squid Access Control Lists.  Are both your VLAN subnets in Allowed subnets?

Regarding Windows Update , please read Thread https://forum.pfsense.org/index.php?topic=77394.0

Could you post which informations containing the certificate that is generate from your internal ca ?

Maybe your pfsense / squid generated a certificate not the for cn "us.linkedin.com", instead it created on for the ip from us.linkedin.com.

Thanks KOM,

I did it that way, and create to Group ACL, one Restrictive for everyone and the other is Permisive for some users and it works.

@PiBa:

Hi IB,

Yes that should work to, it does make the connection go through haproxy kinda like it is with my #2 workaround. Only that dns can still point to the correct destination server ip, so in that regard it the workaround of Rubic works even better.

Thanks for reporting it back :D.

Regards,
PiBa-NL

I have two DNS - internal with dmz-address for lan-users and external with external address for internet-users.

@KOM:

The solution is to stop using transparent mode.  Worst thing in the world.  It won't handle any HTTPS sites without MitM warnings, and you really don't want to screw around with having to install certificates on every client that will use the proxy.  Put squid in explicit mode (uncheck Transparent mode) and then implement WPAD to enable auto-detection of the proxy.

But in non transparent proxy mode, the Lightsquid doesn't work :(

ok, only fqdn function with:

1. create my redirect.acl file in "/usr/pbi/squid-i386/local/etc/squid/redirect.acl" an write lines/domains in the file:
.webradio.com
radio.domain.net

2. Services, proxy server, general, custom settings, Integrations:
acl MyRedirects dstdomain "/usr/pbi/squid-i386/local/etc/squid/redirect.acl";
deny_info http://mywebdomain.net all;
http_reply_access deny MyRedirects all;

i looking for a simple regex-url variant

This has been confirmed on 2.2.2 embedded and as a virtual machine.

Reverse proxy enabled listening on 127.0.0.1:8443
NAT rule 443->127.0.0.1:443

can log in and session is fully active for as long as the "monitor" on the RDS Gateway has not received more than 165-193KB of information. Screen information is sent  (aka you can still see task manager running in the background) but the RDP session will crash on the remote computer within 30s of hitting the limit.

There are some locked topics about this case. They said that is not necessary to have squid listening on VIP because is not possible to sync master/slave to have full stateful proxy service.

Consideration:

Consideration:

I was looking for the solution for this case, because I have two boxes in HA with CARP. Although for proxy service HA is not completely stateful, as posted in some topics, I've thinking that in some cases is necessary that squid listen on VIP. For example, my two boxes are firewall for more than 24 networks. These networks has as gateway other equipments, not the PFSense firewall. So traffic goes through the firewall when has to go to Internet. The proxy server runs on PFSense (that has a VIP to receive the traffic that goes to Internet). And, finally, I have a CNAME proxy.mydomain on internal DNS that points to one IP (configured on all browsers)! This IP should be the CARP VIP.

If the master stop, even if some sessions are lost (because on this moment squid on slave becomes the operational proxy), the slave becomes the firewall and network continues to work. Losing a few sessions is better than losing navigation.

One way to get this is configuring "custom options" on proxy service. I put on "Custom ACLs (before auth)" section something like:

http_port <carp vip="">:3128

Seems to work.</carp>

+1 does not work on fresh install

No, sorry i haven't been able to find any solution as of yet.

Tnx for answer, but the same problems on squid3 …

try redownloading the block list, also try deleting the squid cache.

try redownloading the block list

I got my copy fixed of these issues and a friends now..

https://forum.pfsense.org/index.php?topic=85965.msg544817#msg544817

What I just went through for a friends pfsense firewall was a learning experience.  I install fresh copy of 2.2.2 I think then he did all the updates but squid3 would not work in transparent mode.

I checked the permissions and the owners to my own copy that works for cache folder and PID file. Since he had errors for bad cache folders and couldn't fix with squid -z.  after deleting all the squid cache folders and recreating and all that still not run..

Last thing I did is delete EVERY instance of SQUID on the system after fixing permissions and then installed squid3 again and it all works for him now.

My system is working squid3 and Antivirus and so is a brand new friends firewall .. squid can't beat me!

Don't give up and I will never fail I tell myself!

I am also having the same issue, fast disks, 2GB RAM. Squid3 data transfer is less than 1Mbit on a 50 Mbit connection using the reverse proxy feature.
Did you resolve this?

No solutions found to getting squid3 to work.

I installed Cron package and created a cron job with /usr/local/bin/freshclam –quiet  and that did it for me. not sure if I just did patch or work around or what.