Skype + SSL Interception + Squid in Non Transparent mode
do1984 last edited by
I'm struggling for a few days about this setup. We have pfsense 2.4.4, using SSL Interception and Squid in Non transparent mode (user auth). Skype used to work in the past, but sometime ago We had a problem with our pfsense install and the backup.xml was old, so we had to build the some "rules" again. Since Skype can't be used through proxy anymore (8+ versions) we have to make it pass Squid, so I'd have to whitelist all the addresses it uses to connect. I captured the addressses through the "Real time" menu and whitelisted all addresses. No luck doing that. Direct outgoing to 443 is blocked, and must remain that way (no direct connection allowed, with exceptions).
Since I'm not using transparent mode I can't just point the Skype addresses to bypass proxy.
I have captured through tcpdump a list of addresses the workstation tries to connect and created Lan rules allowing all those networks to pass(an alias). But none of that worked and users still can't send messages. Sometimes the warning saying "Finish your Wi-Fi setup" don't show, but users still can't send / receive any messages.
My Squid Whitelist now:
Does anyone have a tip to make Skype work in this setup? Thanks!