PfSense and Upstream Proxy



  • Have been trying for some time to get a Pfsense (2.3.4) solution running in a secure environment, where connectivity to internet is only available via an upstream authenticated proxy (squid 2.6).

    Proxy setup in System/Advanced/Miscellaneous has been completed and verified, but Package Manager is not able to retrieve package information.

    Any windows or linux box inside the FW accessing the same proxy (with same credentials, through this fw) works fine (for both http & https).

    It appears (from a packet capture) to be the proxy rejecting the credentials from pfSense.. but i have repeatedly confirmed they are correct.

    The only thing i have noted of any worth so far is the proxy password has "@" in it, although substituting @ or %40 in-place has no effect.

    The only references to anything like this i can find shows a resolution through changing the xmlrpcbaseurl from https to http in globals.inc, however this variable does not seem to exist in the current version, nor am i able to confirm http works any better.

    I can find nothing in any logfile to help me understand what is going on.

    Any ideas?



  • Would seem this is a known FreeBSD bug, and has been fixed in pFsense 2.4 beta release available now.

    https://forum.pfsense.org/index.php?topic=119497.0
    https://redmine.pfsense.org/issues/6949


Log in to reply