@viragomann Thats correct.

@periko
Hi Periko,
the pfsense version is 2.6.0.

In addition to the internal DNS (to resolve internal sites) located in System->General Setup I also use alternative DNS for the Proxy Server in Proxy Server->General Settings

To solve the problem in Proxy Server->General Settings I use the pair of public dns 8.8.8.8;8.8.4.4 and in case of error I use 1.1.1.1;1.0.0.1

After making this change, the clients using the proxy start working smoothly and the problem is solved.

Greetings

Michele

@jonathanlee dns_v4_first the maintainer has to update the GUI and remove that option, nothing to worry.
The 2nd line is telling u that squid is already running.
If u don't handle the console, reboot pfsense, if yes, them kill all the squid process and restart the services.
Regards!!!

thanks for your infos heper,
swithcing on/off proxy to use the vpn is so easy ;) switching ip is more "hardcore" ... i don't want to end up in my limited guest vlan2 ;)

Anyways, i just give up for the moment and set the defaut routing to the vpn and exclude to it all outbound traffic of LAN, squid use the "auto" interface in this case ... i just put a failover to wan if the vpn fail ... i have spend days to try to understand what's going on !!!!

The only difference between theses 2 setup is the default gateway of the pfsense .... i just don't get it !
i have check everything ... nat outbound to vpn / routing table , switching on/off netgates auto rules etc ...

for me it's clearly a problem of routing ... but why squid start to retrieve the begining of the webpage and just hang ? it's not cache related i have disable it for testing .... if the webpage is small it success to download it ! but if it's longer it hang at the middle !!!

i want to know why ! WHY !!! WHYYYYYYYYYYY !!!!!!!!!!
it's more a problem of understanding ;)

have nice days ;)

@michmoor yeah i am just playing around with trying to cache https content and filter https site content using e2guardian. This is not a production environment and more of a learning exercise.
I am finding that MITM bump breaks a lot of things.

@slu Thank you for responding, You were right I had a capital letter that was messing me up. So I fixed it. Everything is good thank you very much for pointing it out.

@deeztek Sorry for the delay, it took a little longer to get time to sit and screen shot these. I didn't snap an image, but the SSL_Offload_FrontEnd and piWeb-80 backends have the "Use Client-IP to connect to backend servers." option selected in the advanced section. Let me know if you need any other sections or anything else. Hope this helps! I also set up the OpenVPN to port share with my SSH server, so I have my WAN router doing the SSL offloading, passing decrypted traffic to my web server, the OpenVPN sharing the same 443 port, and SSH getting passed from the router to the OpenVPN server and then off to the SSH server also on port 443. Works great and haven't had any issues serving the multiple domains from my web server.

Front Ends:
Frontends.jpg

Back Ends:
Backends.jpg

OpenVPN-TCP Back End:
Backend1.jpg

SSL_Offload_FrontEnd Back End:
Backend2.jpg

piWeb-80 Back End:
Backend3.jpg

@jonathanlee Hey Jon. Wanted to follow up here. I got WPAD working with the help of an Apache server. Took about 1hr of googling as im not a sysadmin but its working flawlessly.
During this process i discovered that SquidGuard does not work well with Transparent mode. This is the need for WPAD comes into play.
Really grateful for your help here.

@jeffrey_223 One last note,

for Wpad to work with the blocked sites like this. . .

3277a6f1-2f50-4c8b-845c-105902b74bcb-image.png
(Image: Hotjar blocked and splash screen showing)
You have to adapt the admin access certificate to be a intermediate, it must use the ca that you created with Squid, or it will give common name errors. Or use a PfSense CA and make a intermediate just for admin access
32c12094-7306-4a3e-9c7b-56f33456a6aa-image.png

@iorx Me too did you ever find a solution to this?

@impatient

https://forum.netgate.com/topic/176445/squid-cache-table-showing-year-1969-over-and-over/3?_=1670984881914

I have the same issue is there any solution to fixing this in a Netgate 2100 max? Everthing else works caching url blocking Clam AV SSL intercept and Clam AV. This log just shows 1969

After the helper starts or clear cache is ran it shows the right date and after it goes right back to 1969

@lakitu78 I have hits, and refresh unmodified showing in the logs above. But is this for registration of users?