• Unable to redirect from https to https or http on squidguard

    1
    0 Votes
    1 Posts
    175 Views
    No one has replied
  • Signatures from Malwarepatrol

    1
    0 Votes
    1 Posts
    417 Views
    No one has replied
  • 0 Votes
    35 Posts
    7k Views
    viktor_gV

    Squid version in pfSense 2.5/21.02 is 4.13:

    [2.5.0-RELEASE][root@xxx]/root: pkg info squid squid-4.13 Name : squid Version : 4.13

    please test and leave your comment on https://redmine.pfsense.org/issues/10608

  • maximum upload size

    1
    0 Votes
    1 Posts
    259 Views
    No one has replied
  • Squid does not log the full HTTPS URLs.

    1
    0 Votes
    1 Posts
    282 Views
    No one has replied
  • 0 Votes
    3 Posts
    692 Views
    C

    Anyone have any ideas?

  • squid breaks website ui

    1
    0 Votes
    1 Posts
    300 Views
    No one has replied
  • problem in the proxy squid

    1
    0 Votes
    1 Posts
    238 Views
    No one has replied
  • 0 Votes
    2 Posts
    927 Views
    P

    @sraman
    This config does not look like it would be generated by the pfSense haproxy package like this.. are you sure it is the one used? the config seems okay by itself...

  • subdomain to multiple ssh servers

    1
    0 Votes
    1 Posts
    249 Views
    No one has replied
  • pfSense 2.4.5.p1 + SquidGuard + GroupACL + ldapsearch problem

    6
    0 Votes
    6 Posts
    818 Views
    M

    I was not able to update squidGuard package, process stucked on Initialization. So I disabled squidGuard and Squid, remove SquidGuard package, but unfortunately was not able to install the new version cause of stuck on initialization, so I just backup all and did an upgrade to 2.5.0 and it finished successfull.

    For now, my problem is solved, thanks a lot.

  • pfSense 2.4.5.p1 + SquidGuard + GroupACL + ldapsearch problem

    1
    0 Votes
    1 Posts
    127 Views
    No one has replied
  • 2.5 upgrade, HAproxy no longer working

    Moved
    1
    0 Votes
    1 Posts
    308 Views
    No one has replied
  • 0 Votes
    1 Posts
    563 Views
    No one has replied
  • HAPROXY Reverse Proxy

    1
    0 Votes
    1 Posts
    256 Views
    No one has replied
  • IGMP Proxy Stopping under 2.5.0-RELEASE

    2
    0 Votes
    2 Posts
    921 Views
    S

    Further info:

    I dug through the package repo and found that IGMP proxy has indeed updated with 2.5.0. But when I tried reverting back to the 2.4.5 version, it didn't fix my issue, so I guess the problem is not IGMP proxy itself but the fact that pfSense fails to restart it.

    I checked the system log events when the interface goes down and found that the script /etc/rc.newwanip runs automatically when it comes back up. Looking in this script, there's a function near the end to restart the IGMP proxy: services_igmpproxy_configure()

    Trouble is, that function only executes when a change in IP address is found, which is never going to happen because the interfaces on both sides of the proxy have static IPs.

    I've edited my script and added a couple of lines at the end to make it go ahead and do the restart whenever the interface coming up is one that's used by IPTV (opt1 is my LAN side and opt3 is the WAN side):

    /* reload igmpproxy for IPTV interface */
    if ($interface == "opt1" || $interface == "opt3") {
    services_igmpproxy_configure();
    }

    This seems to be doing the job for me, but I guess it will get wiped out by a future update, and I still don't know what changed to make this workaround necessary.

  • HAProxy ECDSA Certificates

    2
    0 Votes
    2 Posts
    633 Views
    P

    @michaelschefczyk
    Hi Michael,
    I think you should look a little at that cipher list, or perhaps not configure it and go for the SSL/TLS Compatibility Mode: 'intermediate' ?
    That should help to get TLS1.2 back available. (at least in my ssllabs-server-test)

    And yes having a ECDSA cert should help to lower the overhead a bit from what ive read, having rather low traffic numbers myself ive never bothered to investigate the exact details there..
    Regards PiBa-NL

  • 2.5.0 is deleting certs needed for SSL LDAP Squid auth

    4
    0 Votes
    4 Posts
    503 Views
    viktor_gV

    @czvacko said in 2.5.0 is deleting certs needed for SSL LDAP Squid auth:

    How about squidGuard ? Were there any changes in the source code ?

    Please create a new topic/bugreport with this issue

    Could be related to https://redmine.pfsense.org/issues/11434

  • 0 Votes
    9 Posts
    2k Views
    ?

    @stephenw10 thank you :-)

  • Haproxy enable TLS1.3 and keep 1.2

    6
    0 Votes
    6 Posts
    3k Views
    VioletDragonV

    Hi,

    Updating to pfSense 2.5.0 and adding the following has enabled TLS1.3 and 1.2,

    OpenSSL Version 1.1.1 installed.

    ssl-default-bind-ciphers TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:TLS13-CHACHA20-POLY1305-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets ssl-default-server-ciphers TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:TLS13-CHACHA20-POLY1305-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets

    Screenshot from 2021-02-18 00-37-39.png

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.