pfSense outbound proxy

coolazura

Hello, I have been attempting for the last 2 weeks to get the outbound proxy setting under System > Miscellaneous > Proxy to work.

WAN_IP = 192.168.5.2 - pfSense WAN IP
WAN_OUT = 192.168.5.1 - Raspberry Pi with working squid proxy setup for allowing 192.168.0.0 and specifically 192.168.5.2

Using the shell:

setenv https_proxy "http://WAN_OUT:3128"
curl -L https://ip.me -v # works

Setting the proxy under Miscellaneous > Proxy and refreshing the System Dashboard tells me, eventually after sitting at "Obtaining update status" for a long time, "Unable to check for updates." Going to System > Package Manager > Available Packages gives me "Unable to retrieve package information."

Any client that connects to pfSense on the LAN interface cannot access the internet as well.

Is there something I am missing or does pfSense just ignore the outbound proxy after setting it under Misc > Proxy Support?

I should point out that this proxy I set up does not require authentication.

Any help to fix this would be greatly appreciated.

AKEGEC

@coolazura , are you using paid Proxy services?

coolazura

@akegec I am not. I use PdaNet on my phone which acts like a proxy if you don't use the corresponding windows application. It always has the ip of 192.168.49.1 and port of 8000. To use this I am able to point the squid proxy at it with cache_peer.

If I have a direct ethernet connection from my network to my pi it works. The problem becomes when I want to use pfSense as the network handler (so I can easily add an OpenVPN connection for certain types of traffic vs all traffic, etc).

I've had this working on an older ArchLinux host machine with a pfSense guest but due to the motherboard dying and current events I don't have the money to pay for something if I can get around the issue with using a pi (I have a couple already). So pfSense is currently on an old laptop that does not support VT-X (which means I can't just use the old virtualbox image).

Not sure if any of the background info helps but felt it better to include in case it somehow does. But anyways, I'll try to clarify the network a bit.

Phone (Wifi - Hotspot) ->wlan0 Raspberry Pi 3b+ (Local Squid Proxy) eth0->wan0(ethernet) pfSense Laptop (usb ethernet)-> 8 port switch -> any client (pc, raspberry pi, etc)

I can access all things as long as I follow the path of SSH into pfSense, SSH into Raspberry Pi.
The issues are that pfSense is not able to check for updates or packages in the Package Manager and that any client on the switch can't access the outbound internet. They can all access pfSense.

Please let me know if there is any other information that would help.

Rod-It

@coolazura

Would it not be simpler to install and configure squid or squid guard directly on the PfSense box?

The Pi would limit your overall speed as well.

coolazura

@rod-it I've tried with finding a way to get the phone connection to work with pfSense but have had limited results. EasyTether has a FreeBSD driver that dc's constantly and does not reconnect and I have no idea on how to enable the laptop's built in wifi adapter. One of the comparisons of router/firewall software was that FreeBSD derived distros have horrible wifi support.

At the moment I'm thinking of just setting the laptop up with a linux distro that I know how to configure and just do everything manually without a nice web interface (main reason I wanted to use pfSense). I don't have any experience with working with OSs that use FreeBSD and that seems to be where I am hitting the most road blocks.