Squid 3.3.4 package for pfsense with ssl filtering
-
Hi marcelloc, kindly see attached file, I hope this is what we are looking for
did you tried to whitelist the aborted sites( in red)?
-
Yes i've tried. Its the akamai.net. Putting it to whitelist won't work, but if I try to put that address to source ip, the page is fixed again, but doing so will also bypass the block rule for all clients
-
The links are working thanks for the help.
-
Hi,
today I installed a test machine with pfsense 2.1 and squid3-dev + squidguard-squid3.
I added the files marcelloc posted in several threads here and squid seems to start without any issues.My questions:
1.) I first installed squid3-dev and the squidguard-squid3. Will this contain the latest squid-3.3.8 version? Or does squidguard-squid3 uses older squid3 version?2.) On squid3-dev GUI I only see OPT1, OPT2, …. interfaces and not the names I assigned them in GUI. I know that squid2 shows the "correct" names. Is this a bug or a feature in squid3-dev? ;)
-
Hi marcelloc. How can i allow mobile apps to work, because most of the doctors in our organization is using facebook apps. also yahoo messenger. while our offices are not allowed to use what i mentioned. Thanks
-
Hi marcelloc. How can i allow mobile apps to work, because most of the doctors in our organization is using facebook apps. also yahoo messenger. while our offices are not allowed to use what i mentioned. Thanks
What you get on squid logs?
Did you tried to install pfsense ca certificate on your mobiles?
-
Hello
Can you help on a big issue.
I have (in a lab):
Exchange 2013
Remote Desktop GatewayThe external FQDN is: toto.com
I have multiple web servers and mapping working correctly
The exchange server is working correctly
The SSL cert is self signed:
imported in pfsense
on exchange
on TS GatewayI'm unable to connect to the gateway … sort of timedout.
If the gateway is directly redirected (80/443 nat to the correct IP) ... IT WORKS
If the gateway is accessed through reverse proxy ... DON'T WORKSAny idea ?
It's driving me madThanks
-
I found the SOLUTION
Create a web servers
IP of the TSG
https
named rdc_443mapping
group name rdc_443
group description (url of the gateway)
peers rdc_443
URIs (this is the tricky part)
^https://yoururlgateway/rpcwithcert/rpcproxy.dll.$
^https://yoururlgateway/rpc/rpcproxy.dll.$DONE
-
I think you and I discussed this Terminal Services Gateway Issue before since I wanted that to work as well.
Are you saying it works now with the Squid 3.3.8-Dev package? (Using your additional instructions)?
Can you upgrade from the Squid 3.1.20 package to the 3.3.8-dev, or do I need to recreate all the settings from square one again?
-Keyser
-
Can you upgrade from the Squid 3.1.20 package to the 3.3.8-dev, or do I need to recreate all the settings from square one again?
Do not forget to check -dev dependences before upgrading.
Most options are the same but I suggest you to check all tabs after upgrading it.
-
Marcelloc
How do i do the upgrade? i can't seem to find a way to click upgrade in the package manager, and the new one only offers to install (will that automatically upgrade the old one?)
-
uninstall squid3 and then install squid3-dev
-
Nice work, it's a great addition to pfsense and works very well. Is this going to be implemented on the squid3 "normal" package too?
-
squid3-dev will be squid3 when finished.
-
Hi everyone. I am using Squid3-dev (3.3.8 ) and squidGuard-squid3. Everything is ok in transparent mode on http and https (Thanks to Marcelloc ;) ).
But you said it was possible to use both transparent and authentication with squid3-dev:Is it possible to run squid as explicit on one interface (like loopback or LAN) and also run it as transparent on a different interface like a guest net at the same time?
On squid3-dev yes ;D
Remember to do not use loopback on any configuration while using transparent mode.
I have tried and it does not work for me: I use 2 interfaces on the same LAN with a different IP address for each one (192.168.1.254 and 192.168.1.253). I have selected the both for "Proxy interface(s)" in "Squid General Settings".
In 'Transparent Proxy Settings" and "SSL man in the middle Filtering", just the 192.168.1.254 is selected. When I use this interface for the web navigation, it is ok, the transparent mode is working.
But if I explicitly use the 192.168.1.253 (not selected in transparent mode), the proxy doesn't ask me for authentication.These are the squid.conf first lines:
http_port 192.168.1.254:3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/pbi/squid-i386/etc/squid/serverkey.pem capath=/usr/pbi/squid-i386/share/certs/
http_port 192.168.1.253:3128
http_port 127.0.0.1:3128 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/pbi/squid-i386/etc/squid/serverkey.pem capath=/usr/pbi/squid-i386/share/certs/https_port 127.0.0.1:3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/pbi/squid-i386/etc/squid/serverkey.pem capath=/usr/pbi/squid-i386/share/certs/
I don't know why the IP is 127.0.0.1 for the "intercept" and not juste the 192.168.1.254, even if I suppose it is normal. Have I to edit manually the squid.conf? Is there someone using both transparent and anthentication on 2 different interfaces? Could someone help me please?
-
Hope it will be soon release. But last time I roll back from -dev version of Squid. To much problem for the first time using of pfSense.
-
There is another issue, I am not able to auth through captive portal and provide different acl to various groups. May be I doing something wrong, please post the right procedure to do it.
Thanks in advance
-
There is another issue, I am not able to auth through captive portal
Did you applied captive portal patch on squid config?
and provide different acl to various groups.
Are you doing it with custom options?
-
I feel it is sorted now, yes captive portal is set as auth medium in squid, I have now added groups and username in the squidguard group acl, seems to be working.
Another issue is i am not able to configure antivirus with squid3-dev and neither with havp package.
-
How to check pf operational after squid-dev removal? I also had patches for it and HAVP. I don't see any garbage in webgui, but I see some trash from old package in configs. Now I have one headache - ipcad doesn't report to access.log. If client goes on proxy-port 3128 it's traced in logs. Direct connections - not.
