how to disable squid

mhab12 · Dec 18, 2018, 3:03 PM

Do you have the Securly DNS servers listed in there now? What happens if you set the pfSense DNS to 208.67.222.222?

vallum · Dec 18, 2018, 3:08 PM

Actually, I am exploring a product called securly
Similar to opendns but broader scope of services.

You can actually keep squid on. define parent proxy (which will be Securly FQDN and port). I have tested this will work.

in squid add this in advanced , custom integrations:-
cache_peer FQDN_OF_Securly parent PORTNUMBER 0 no-query no-digest
never_direct allow all

mcuddy · Dec 18, 2018, 3:28 PM

@mhab12
Thank you. I missed that troubleshooting step...
With squid, the Securly DNS addresses did get me to the internet. Without, they didn't.
With 208.67.222.222, it works both ways...

It sounds like it may be a problem on thier end, then?

Correction:
the different DNS wasn't the solution... For some reason the Proxy service restarted when I changed the DNS.
If I keep squid service off, it doesn't work.

vallum · Dec 18, 2018, 3:11 PM

@mcuddy said in how to disable squid:

@mhab12
Thank you. I missed that troubleshooting step...
With squid, the Securly DNS addresses did get me to the internet. Without, they didn't.
With 208.67.222.222, it works both ways...

It sounds like it may be a problem on thier end, then?

208.67.222.222 is OpenDNS ...

mhab12 · Dec 18, 2018, 3:11 PM

Either their end or something with the upstream proxy configuration, if that is how they are actually setup. OpenDNS/Umbrella do everything via DNS...not sure of Securly.

mcuddy · Dec 18, 2018, 3:19 PM

the different DNS wasn't the solution... For some reason the Proxy service restarted when I changed the DNS.
If I keep squid service off, it doesn't work.

mcuddy · Dec 18, 2018, 3:27 PM

@vallum

Please clarify - Am I addidng the exact words on your script, or am I putting the Securly Domain Naim and ports (80 and 8080) in to the script?

cache_peer www.securly.com parent 8080 0 no-query no-digest?

vallum · Dec 18, 2018, 3:31 PM

@mcuddy said in how to disable squid:

@vallum

Please clarify - Am I addidng the exact words on your script, or am I putting the Securly Domain Naim and ports (80 and 8080) in to the script?

cache_peer www.securly.com parent 8080 0 no-query no-digest?

you can try with port 80 , did you create IPsec or Gre tunnel with Securly from your location? this is the requirement of CASB based solutions.

mcuddy · Dec 18, 2018, 3:35 PM

@vallum said in how to disable squid:

Psec or Gre

That would be my problem. I did not create a tunnel. All I did was change the dns addresses.

At the moment, I don't know how to add the tunnel, nor the implications of doing it (am I likely to take the internet down while setting it up? etc.) I'll look into it. Do you have any direction here?

vallum · Dec 19, 2018, 6:58 AM

@mcuddy said in how to disable squid:

@vallum said in how to disable squid:

Psec or Gre

That would be my problem. I did not create a tunnel. All I did was change the dns addresses.

Check their documentation for further details

At the moment, I don't know how to add the tunnel, nor the implications of doing it (am I likely to take the internet down while setting it up? etc.) I'll look into it. Do you have any direction here?

You can create IPsec tunnel in pfsense , I don't see any issue with that.
at securly end you need to create tunnel parameters like preshared key and IP address of site, subnet details etc.
Then same information in Pfsense while setting up tunnel.