Splice
-
Hi I have pfsense 2.3.3 and installed squid with squidguard and splice all for only filtering but it is effecting apps like facebook google store, content is slow to load and some do not even load. Any 1 has this problem ?
-
Any help on this? please
-
Found the problem. it was squidguard, with splice enabled and squidguard disabled everything works fine, question is how to filter without squidguard then?
-
I got the same problem, even without squidguard (facebook, google store etc do not work: timeout connection error)
pfsense 2.3.4 fresh install
squid package 0.4.36_3Chrismallia can you share your conf? (ssl part only)
here it's mineSSL/MITM Mode: Splice All .
SSL Intercept Interface(s): LAN
**SSL Proxy Port:**3129
SSL Proxy Compatibility Mode: Intermediate
DHParams Key Size: 2048 (default)
CA: CA_TEST
**SSL Certificate Deamon Children:**5
Remote Cert Checks: Accept remote server certificate with errors
Certificate Adapt: Sets the "Not Before" (setValidBefore) -
Problem came back squidguard is not the problem sorry for that, here is my config, same as yours
SSL/MITM Mode: Splice All .
SSL Intercept Interface(s): LAN
SSL Proxy Port:3129
SSL Proxy Compatibility Mode: Intermediate
DHParams Key Size: 2048 (default)
CA: CA_Splice
SSL Certificate Deamon Children:5
Remote Cert Checks: Accept remote server certificate with errors
Certificate Adapt: Sets the "Not Before" (setValidBefore) -
Finally I managed Squid + squidguard in "splice all" mode work…
It'was just a DNS problem.
I set client DNS IP to my pfSense router's IP (DNS resolver was already up and running). Before that I set it to my Windows DNS Server.
I guessed that from here: https://forum.pfsense.org/index.php?topic=112335.0Now Filtering works fine, (except for deny message: it says "Unable to connect" because the SSL protocol).
-
My devices use the Pfsense as DNS but I still have this problem
-
I have found that most of my issues with Splice All can actually be resolved in the "Headers Handling, Language and Other Customizations" section. It seems a lot of sites are pretty picky. Also, if you have squidguard set to not allow IP addresses that leads to a lot of problems with things like the Apple store and Netflix.
Oddly, when I used nested pfsense boxes, one for the gateway and one for squid and squidguard it seemed to work flawlessly (and VERY fast). Now that I moved the same VM to be the gateway that was doing proxy… my web browsing seems to stink on all clients except the ones that bypass squid.
-
My devices use the Pfsense as DNS but I still have this problem
Oddly Now mine works flawlessly even with my win DNS set on clients… No idea... :S
This is my "Headers Handling, Language and Other Customizations" conf
X-Forwarded Header Mode: on
Disable VIA Header: uncheked
(other options seem to me not relevat)For MrWinig: can you clear/explain better which option to set?
-
Strange. I can never get it to work right with the fbook app and google store even with squidguard disabled. thanks all for posting your feedback
-
UPDATE
Since Two days ago I had started to tested the conf on 2 client computer: mine (test) and a user's one (production)
Everything worked fine on both (http+https)
This morning, the production pc has stopped to work in https and slowed down on http, mine test pc has had no issue!After a a while, without changing nothing, production pc has stared to work flawlessly again.
:S -
UPDATE 2
I missed to notice I had "Server proxy" option set on windows "Lan settings" of test PC.
Server proxy settings is the following
<squid_ip>3128 (all service http+https+ftp)Now I cannot understand why this works (https port is 3129 in my conf)
BTW i tested the same conf on the production client and it works flawlessly (squidguard also)</squid_ip> -
Thank you for always keeping us up to date. So if I understand right you had proxy settings set? you should't have had anything in transparent mode. What did you change exactly to solve it?
-
So if I understand right you had proxy settings set?
Yes
you should't have had anything in transparent mode. What did you change exactly to solve it?
In Squid I did NOT change anything (see my conf above), transparent mode is on.
-
I do not know if we are miss understanding each other, but if you have squid in transparent mode, you shouldn't have set anything on your PC
-
No missunderstanding, It's like that, and that is the concearn…
Indeed this kind of conf is described here...https://forum.pfsense.org/index.php?topic=112335.0
I'm trying to understand why and how it works!If someone kindly could explain to me.... :)
-
Dude. in that guide he is showing you both ways transparent and non transparent, If you choose transparent in squid you do nothing at all to the client, If you want a manual proxy then you set the proxy setting on client