Dude. in that guide he is showing you both ways transparent and non transparent, If you choose transparent in squid you do nothing at all to the client, If you want a manual proxy then you set the proxy setting on client

@ryanhunt:

@AR15USR:

No expert here but I believe you will need wpad setup for this to work..

UPDATE: OK, I feel like an idiot - it was working all along. I used to test a proxy was working by typing in gibberish in the browser and getting the squid error, however for some reason Chrome simply reports ERR_NAME_NOT_RESOLVED rather than giving me a Squid error. I was looking for the squid error - but I was actually using a transparent proxy!

Good way to test for people is to visit a site like http://www.lagado.com/proxy-test - helped me :)

Hello ryanhunt,

It's good to know that transparent mode works on 2.4.  For those of us with 32 bit machines installed however that doesn't help us to much.  In an effort to narrow this issue down can you pass a copy of the squid config file that is working for you?

It is not safe.

@look2:

I found this one, but i Don't have any "custom options"

Click on advanced button on squid general tab to see custom options fields.

I used this thread starting at reply #72:

https://forum.pfsense.org/index.php?topic=87982.60

It works now:

Went to IIS Manager -> Default web site -> Bindings -> Edit Https/443 -> Check Require Server Name Indication -> Hostname (enter the url hostname) and press OK.

Seems that this is required under special circumstances.

Thanks for the help!

Sometimes it takes a bit.

This is a clip from my realtime view on squid_monitor.php

Message
bytecode.cld is up to date (version: 301, sigs: 58, f-level: 63, builder: anvilleg)
safebrowsing.cld is up to date (version: 45957, sigs: 2889505, f-level: 63, builder: google)
daily.cld is up to date (version: 23401, sigs: 2075458, f-level: 63, builder: neo)
main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
ClamAV update process started at Sat May 20 12:18:00 2017
–------------------------------------
Clamd successfully notified about the update.
Database updated (9183811 signatures) from db.us.clamav.net (IP: 200.236.31.1)
bytecode.cld is up to date (version: 301, sigs: 58, f-level: 63, builder: anvilleg)
safebrowsing.cld updated (version: 45957, sigs: 2889505, f-level: 63, builder: google)
Downloading safebrowsing-45957.cdiff [100%]
daily.cld updated (version: 23401, sigs: 2075458, f-level: 63, builder: neo)
Downloading daily-23401.cdiff [100%]
Trying host db.us.clamav.net (200.236.31.1)…
Can't connect to port 80 of host db.us.clamav.net (IP: 64.6.100.177)
nonblock_connect: connect timing out (30 secs)
Trying host db.us.clamav.net (64.6.100.177)...
Can't connect to port 80 of host db.us.clamav.net (IP: 168.143.19.95)
nonblock_connect: connect timing out (30 secs)
Can't connect to port 80 of host db.us.clamav.net (IP: 208.72.56.53)

If you're running in transparent mode then there is no need to block anything on LAN.

I've been having issues with the certificate system as well. The process seems so simple in pfSense, but my windows systems don't seem to like the certificates (I haven't tried it on any of my other computers yet). In fact I had to download Firefox because Chrome wouldn't even allow me to add an exception to reach pfSense after changing the web GUI certificate.

As a test to see if your CA is working in windows you could create a cert for the web GUI. Then try to access the web GUI via HTTPS.

What I would really like to do is create a CA in active directory, then import that to pfSense as the CA to use, but for the life of me I can't figure it out.

Why do you need regex for this? Why not use host overrides?

Point mydomain1 to server 1
Mydomain2 to server 2

@JSONSec:

I have a similar issue. Splice All enabled, yet when I enable it all HTTPS fail. It's driving me nuts.

Same problem here.

If I Use explicit proxy in the config all is ok, but in transparent mode with Splice All enabled, HTTPS fails.

Sorry about the noob question in advance, but can someone please advise or point me in the right direction on how to update to the fix? I have tried a reinstall and it hasn't worked.