Had a problem again with SquidGuard again today trying to hit amazon web services. aws.amazon.com. SSL error. Disabled Squid and was able to hit the site. Did a little research online and changed the following: Services-->Squid Proxy Server: General changed SSL Certificate Deamon Children to 100. Keep in mind, the research online I have done on this about Squid says it's highest value can be no more than 32. However, when I change it to 100 pfsense (Squid) never tells me that value is not valid. My guess is it could still be 32 even though it says 100. Not sure though. Also changed the following in Services-->Squid Proxy Server: General-->Show Advanced Options In Integrations I replaced: url_rewrite_children 16 startup=8 idle=4 concurrency=0 with url_rewrite_children 100 startup=10 idle=10 concurrency=0 Guess it's just a wait and see game now. I will say this. I have my home home network VLANed for Guest Wireless and I implemented Squid a while back and had to turn it off cause the ole Fortnite wouldn't work for the kid's laptop. I turned Squid and Squidguard back on this morning before leaving with all the changes in this post, and whattda ya know, Fortnite worked when I tested it. So we're definitely on to something here.

Try this tutorial: https://www.linuxincluded.com/block-ads-malvertising-on-pfsense-using-pfblockerng-dnsbl/

My setup, like @alavend is a new SG-3100, running the current pfSense release. Squid is installed and running in transparent mode. Lightsquid is also installed and configured. The problem is that when I try to look at the Reports, Lightsquid prompts for username/password but doesn't like any / every combination I've tried (there have been many: default creds, not default creds, different ports, SSL, not SSL, etc. Windows, Mac, several browsers, etc.). Can someone please point me to the path/filename.xxx where the Lightsquid authentication creds are stored? I'd like to SSH in and check to make sure the creds I'm putting into the pfSense GUI are being correctly saved (although I guess they might be encrypted). Or the logs that would show the specific error as to why the authentication is failing? This has got to be something simple. Thanks,

@j-sejo1 The problem was? IE and Chrome when use Proxy for DNS. the way auth is kerberos. When use Proxy for IP the way auth is Ntlm. Firefox by default use NTLM. Solved: In Propierties, option avanced, IE Disable: Integrations Autentication WIndows. The best practices: is: on Squid enable auth: Kerberos NTLM Basic

@jimp said in Lightsquid SSL Web Access Problem: the cursor ends on a new lin Thank you! I reimported certificate with new line after -----END CERTIFICATE----- and it works.

Hi All, I realize this topic is quite old, but I thought I'd post this here just in case someone needed it. I use squid in transparent proxy mode, and also Arlo cameras. I have found a way (though it may be temporary, we have yet to see) to get streaming from inside the firewall to work. Steps: Log-in to your Arlo account (arlo.netgear.com) Open developer options (F12) Click on a stream as-if you were going to watch it a. At this time, you'll see an error which states that you cannot load the stream due to an SSL protocol error. Write down or copy that host name. [image: 1536212770189-a1915064-f496-44b9-9b40-1e5252a0a753-image.png] Open your squid general settings, and scroll down to Transparent Proxy -> Bypass Proxy for these IPs and paste the host name from above. Save your settings and test. This is what I did to allow streaming of video clips, and I hope it helps someone else!

@alexx1923 go to General settings > Advanced Features > Integrations Add below line (use ; to separate new lines) ;http_port YOURCARPIP:SQUIDPORT you can sync squid settings with your backup server. when primary fails carp IP will shift to secondary server and squid will start working with CARPIP in secondary as well. so in general squid will be working with 3 Ips ... LAN IP of primary server, LAN IP of secondary server and CARP VIP . you can give configure CARP VIP in clients or serve in wpad.

@anttechs I am using squidguard, After configuration of blacklist option in General settings i.e http://www.shallalist.de/Downloads/shallalist.tar.gz in Package > SquidGuard > Blacklists you need to hit download button 4-5 times continuously , to get it download blacklist database, make sure it reaches 100%

@ravegen Hello my friend My goal : set proxy (SquidGuard-Cach server-Control Bandwidth with squid ) on VPN conection with LoadBalancing And I have One wan conection and 5 VPN conection on WAN This very simle ... I want pass traffic from VPN (LoadBalancing gateway (5vpn conection)) . also I want to have Squid proxy and SquidGuard ... But squid not compatible with loadbalancing very simple..I want tcp_outgoing_address to another interface and create rule for my traffic Did you realize what I mean?

Great! So looks like it was just a regex issue. Thanks for the follow up. Steve

@denisk I've been waiting for the updates version on pfSense too. Squid 3.5 in my usage slowed down the Internet rather than helping it speed up through caching.

Will what be in 2.4.4? Squid 4.x? Unlikely. 3.5.28 will probably make it in eventually, but it's not in FreeBSD ports yet.

Try setting the redirect mode in Squidguard to ext url move. You will have to redirect to something, you might create a page for that. I hit that same error recently and that worked around it. Steve