@Schischi exist a third party called PF2AD, I create a video tutorial but is Spanish: Pf2AD But u need 2 Pfsense boxes, https://www.pf2ad.com/ Greetings.

Please help?

Looks like the change is coming... https://obsigna.com/articles/1563917142.html ssl_crtd was rename to security_file_certgen now squid.inc need fix :-o

@pintu1228 no special. Use corect ACL, action and create backend. What you mean special? This even not websocket. Acme will newer overwrite another cert with same Common Name. You need remove previous incorrect certificate from certificate manager and after it run get cert again.

@mcury you are right its happening due to transparent proxy. Yes I m using transparent proxy and when I disable the transparent proxy my country blocking works but at the same time domain blocking dont work for me. Now what next please tell me where and what rule should i put to make it work. and I thnk so that client using DNS resolver as DNS server coz I configured the google/youtube/bing safe search which are configured with the help of DNS resolver and on my client browser the google safesearch is working that's means client is using DNS resolver.

@remzej said in Intermittent ERR_SSL_PROTOCOL_ERROR: I've been having the same problem ever since but I managed to make it work perfectly. Just be sure to set 127.0.0.1 as the first DNS server by unchecking the Disable DNS Forwarder in General Setup. That was the way I solved the same issue

Hi @PiBa you are maintaining HAproxy package? Can I ask you please? Why "stable" release still 1.7? The point many new people see develop and afraid of it. 1.8 is depracating... 1.7 is dinosaurs. Could you please update haproxy to 1.8.23. current 1.8.21 one has fresh CVE in http2 realization https://www.reddit.com/r/PFSENSE/comments/e5j6dc/haproxy_upgrade_needed_http2_cve201919330/?utm_medium=android_app&utm_source=share Could HAproxy begin support pfBlockerNG IP aliases? There is future are must have! https://www.reddit.com/r/PFSENSE/comments/d8zndd/haproxypfblockerng_future_request/?utm_medium=android_app&utm_source=share https://redmine.pfsense.org/issues/9793 Thanks

Not really I'm afraid. I'm not that familiar with those URLs. The form you are referencing there seems to maybe have different name structure to regular docs I have used. If any part of that string is fixed though you should be able to match on it. Steve

Have u check squid logs , there u can find your answer

Thanks for the clarification. But squid v3.5 has the same problem and at this moment doesn't has a fix. The last version of 3.5 branch it's 3.5.28 ant it's affected too.

@Napsterbater yes indeed, I'm using Chrome! Thank you for the reply, I was beginning to doubt that Chrome is probably using some other protocol to establish connections.

Yup, because it's not setup correctly. You are probably trying to bump all without loading the CA onto all your clients so you just see a cert error. See the complete walkthrough here: https://youtu.be/xm_wEezrWf4?t=636 Steve

Scan for viruses on the endpoints. They have access to the data after it is decrypted. Nothing between the server and client does.

@Gertjan Ahh, I see what you're saying. Thanks!

https://redmine.pfsense.org/issues/9652 It's a known issue