Já encontrei o problema.

Como eu estava com certificado instalado vi que a opção correta é Splice Whitelist, Bump Otherwise.

Estava setado com Splice ALL.

Thanks
–----------------------------------

I already found the problem.

As I was with certificate installed so a correct option is a white list of splice, otherwise bump.

It was set with Splice ALL.

thank you

Same issue, the squidguard service just won't start.

Interested in what you were trying here, as I'm looking into something similar. What was your embedded hardware? I'm assuming without large amounts of ramdisk this was a non starter? Or were you using some other disk for the cache?

I found that adding

apple.com
icloud.com
mzstatic.com

to the whitelist at Services>Squid Proxy Server>ACLs seems to work for me (in addition to the FAQ from diladele from sichent above, if you are using the Diladele Web Safety.)

Hello,

we have the same probleme –>

If squid is not transparent it works fine, as soon as i try to use squid in transparent mode, it strips out http.

…after i´m upgrade the pfSense to 2.3.3 and update the package Squid package to 0.4.36_2.

Same system and pkg versions like olivierofava.

@doktornotor
Sorry, but behind the link there is nothing.

Do NOT multipost. https://forum.pfsense.org/index.php?topic=127998.0

I remember that we have the problem in the past.

I think it was this problem: https://redmine.pfsense.org/issues/5869
Feels like the same…

Best Regards
Jesse

chidgear Thanks

Your Logic worked for me using SSL with transparent mode and skype working Fine.
including group conversation + File send / receive

All what we need to do, as Microsoft added some IP's in its AS Number Network IP series.
use this to find it.
whois -h whois.radb.net '!gAS198015'

Link is here , you get the Info.
http://bgp.he.net/AS198015#_asinfo

Cheers !!!!
;) :) :) :) :) 8)

@chidgear:

Okay, I respond partially to myself (this isn't over yet), but if someone gets it useful, here are some progress I did.

Looking on other forums and internet articles, I found a buddy having a similar trouble, caused by his skype version. Once discarded that their windows and IE version where the problem, one user said:

What do you see now when you open this link in your Internet Explorer?

https://apps.skypeassets.com/static/skype.client.l​​​​​​​​​ogin/3.0/3.30/release/login.html

This gave me an idea… I tried it on a restricted machine and Voila! it showed the IP's I needed in the squid error screen saying that there was a handshake error. I putted the IP's on the bypass and skype worked again. I can log in and out anytime, and send messages without the message saying that cannot be delivered.
(It could change on time, but until today, these where the IP addresses:

23.73.247.53 23.2.99.20 23.11.250.157

all of them provided (in some or another way) from apps.skypeassets.com

I added these ips, and the FQDN apps.skypeassets.com to the bypass and the login issue was over. Now, there is another issue.
The files cannot be sent, and I cant see all my contacts in realtime. I guess this is a matter of the skype cloud, so I'll keep digging. If someone wants to help, or has some information about the skype cloud IPs, I'll be gratefull.

0_0)b Good luck!

references: Sorry, we couldn't connect to skype. please check …

I dont know that how I attach squid log

Check with firebug or embeded site debug available on current browsers. Check network status to see it the authentication are poping up for each image. Or if show site erros on JavaScript

Does it look like what you need?

[Internet] [real IP address] [Proxy 1] – 192.168.4.70  [192.168.4.0/24]  192.168.4.80  –--- [Proxy 2] –--- 10.30.30.1    -----  LAN users
                                                  --  192.168.5.70  [192.168.5.0/24]  192.168.5.80  –--                ----- 10.30.30.2    ---------

When you give IP to users, will it be proxy IP or gateway IP?
Or it does not matter?
Why do you need to mask proxy, exactly? Could you explain in detail, preferably live example?
Are you good at networking or newbie ?

if it helps for web filtering

https://forum.pfsense.org/index.php?topic=112335.0

You'd have to set that in your squid settings somehow. All the firewall sees is the client talking to the proxy on the proxy port. Beyond that it's the proxy handling whatever the client wants.

Its a project for work so I do need the https filtering but as its BYOD I can't push certs. Splice all works, its just that there is no url database that comes close to what Fortigate offers. I didn't expect it would work as well, the databases being provided for free after all.

So I do want https filtering I just don't want to push certs but all sichent posts assume I'm ok with certs ;)

In short: Splicing blocks https but the lack of a solid (paid) database means pfsense won't be an alternative to our Fortigates.

https://forum.pfsense.org/index.php?topic=124402.msg688335#msg688335

Hi

a big thanks
The problem was i don't define a name for the acl action  :-[ :-[ :-[

thank you for your help.

Lolo

Sorry, I was absent and haven't access to forum

I find source of problem. It's appear when in field "Remote syslog host" I fill "/var/run/log", recommended for local logging. And after I clear this field - no problem with log files. But I not see any messages from Haproxy in local log.//

i have apply the modification,

i will see today  if there are any changes (i have meet the problem not with the portail 365 but the outlook 201x)

an other question when we use splice whitelist bump otherwise, (squidguard will not work ??), so we should enter the domains that we will allow in acls whitelist ?? just that ?? the target categories of squidguard also no ??

Thanks

Create Aliases Called add WindowsUpdate and the following list for the networking group
157.54.0.0/15
157.56.0.0/14
157.60.0.0/16
65.52.0.0/14
70.37.0.0/17
70.37.128.0/18
207.46.0.0/16
131.107.0.0/16
66.119.144.0/20
23.96.0.0/13
204.79.195.0/24
204.79.196.0/23
208.76.44.0/22
208.68.136.0/21
216.220.208.0/20
209.240.192.0/19
204.14.180.0/22
206.191.224.0/19
192.92.90.0/24
208.84.0.0/21
104.40.0.0/13
192.197.157.0/24
204.231.192.0/24
104.208.0.0/13
129.75.0.0/16
204.79.179.0/24
64.4.0.0/18
167.220.0.0/17
167.220.128.0/18
167.220.192.0/19
192.92.214.0/24
207.68.128.0/18
13.64.0.0/11
13.96.0.0/13
13.104.0.0/14
146.147.0.0/16
52.145.0.0/16
52.146.0.0/15
52.148.0.0/14
52.152.0.0/13
52.160.0.0/11
52.224.0.0/11
52.96.0.0/12
52.112.0.0/14
52.120.0.0/14
52.125.0.0/16
52.126.0.0/15
52.130.0.0/15
52.132.0.0/14
52.136.0.0/13
138.196.0.0/16
150.171.0.0/16
40.74.0.0/15
40.76.0.0/14
40.80.0.0/12
40.96.0.0/12
40.112.0.0/13
40.120.0.0/14
40.124.0.0/16
40.125.0.0/17
40.64.0.0/13
40.126.128.0/17
40.127.0.0/16
40.126.0.0/18
204.13.120.0/21
204.152.18.0/23
Then you go to Services –-> Squid Proxy Server ----> Bypass Proxy for These Destination IPs
Enter the created aliase called WindowsUpdate
And this way it fixes all the updates for Windows with Transparent Proxy