If you still have a query related to proxies issues on guest router so in that case I'm recommending you to use VPN as With a VPN for Router, protect every device that connects to the internet. Get FastestVPN and open endless possibilities on all your devices.

Thanks @vallum i get back to with an update that it's working for us or not..Thanks again.

That is a proxy question - moved to the correct section. Are you wanting to have specific clients not use the proxy, or not use the proxy for specific dest IPs?

Validation of what version your using both for squid and pfsense would be helpful - and are you using transparent mode or explicit for your clients to use the proxy. What are you doing with https, etc.

Glad you got it sorted out.

I got the same error with /var being in RAM not on disk

@mindaugezas
Go with the option 'none'. And put a sticktable definition and matching rule in the advanced pass tru textbox. Almost any custom option that isn't in the webgui can be added in some textbox somewhere.. 😉

@guilherme_182 said in WARNING " All 5/5 check_cp processes are busy.":

WARNING: Consider increasing the number of check_cp processes in your config file.
WARNING: 5 pending requests queued
WARNING: All 5/5 check_cp processes are busy.

Not a "pfSense" process.
So probably something from

SQUID + Splice ALL + SSL + Squidguard

The captive portal doesn't have a (software) proces. At most a couple of instances of the web interface that hosts the login page - several nginx processes. These processes are called "nginx'. As you can image, they do not much work, and they don't 'block' anything.
"check_cp" is unknown to me (but I'm not using squid etc as it seems useless these days (to me)).

Make sure the clients and Squid are both using the same DNS servers that is biggest cause of issues with Squid. So usually that would be both using Unbound in pfSense.

Check the Squid logs and system logs for errors.

Also: https://www.netgate.com/docs/pfsense/cache-proxy/squid-troubleshooting.html

Steve

You could :

Ask for a wild card cert for *.example.com & example.com" and place the obtained certificate on the two servers 172.65.1.11 and 172.65.1.10.

Or you can ask for two certs : a cert for the server test.example.com, to be put on server 172.65.1.10 and a cert for test2.example.com, to be put on 172.65.1.11.

Btw : certs are totally not aware of IP's and stuff like that.

If your server test2.example.com uses IP 192.168.1.10 as of now , the cert will still works just fine.

Prioritizing traffic could help make better use of the bandwidth available. I never looked at the traffic shaper, but I imagine someone on here has.
https://www.netgate.com/docs/pfsense/book/trafficshaper/what-the-traffic-shaper-can-do-for-a-network.html

Then you must set a local domain manually as well.

The way WPAD works is that the client will do a DNS lookup for wpad.yourdomain.blah. The client then asks the server at the IP address for wpad.yourdomain.blah for its wpad.dat, wpad.da or proxy.pac file. The client then parses the requested WPAD config file to know where the proxy is and when to use it.

Same experience as you guys. Used it for caching and ClamAV. It was a false sense of security at best since it could only scan ~ 1% of traffic. So even if it was a 100% effective AV, it was still mostly useless. No point in adding complexity so I no longer use squid.

Thanks for the reply, so after many hours it was the HAproxy redirect rule i had to add 2 more rules

on the ACL added web2 and web3 host matches www.mydomain.com and www.mydomain2.com

on the bottom on actions add http-request redirect with the rule rule: prefix https://mydomain.com and the same thing for the mydomain2.com

for anyone else that has this issue do the following.

Hope this helps

Bonjour, j'ai beau navigué sur les forum en long en large et en travers, je ne trouve aucune information sur le fonctionnement de squid avec une authentification via portail captif couplé au ldap. C'est une solution proposée par pfsense mais je n'arrive pas à le faire fonctionner.
Merci.

I have no interest in MITM proxy which essentially breaks SSL, making all but pointless. (Sorry to be blunt).

I've decided to uninstall Squid. A comment hit home to me. Installing another application, putting my firewall packets through ANOTHER application, simply for a (secondary) virus scan. Not worth it. (As far as I know), (knocking on my wood shelf), I haven't had an issue with a virus since I can remember. I'm not saying it's a risk. I'm very aware of the need for a good virus scanner, but to add another layer to my firewall? Nah.

Squid is officially retired in my book.