pfSense 2.4.4, Squid, SquidGuard: Outlook and Office365 - Disconnected.
-
This installation of pfSense (2.4.4) is configured with Squid and Squid_Guard. Squid is in transparent mode, and I have created/distributed a certificate for MitM on SSL.
The filtering works great for http and https. Everything is working pretty well, except E-Mail - it is not working, at all.
The email is setup as follows: The company subscribes to Office365. The users use Outlook on their PCs.When Outlook opens it says, "Trying to connect..." then "Disconnected". It goes back and forth a few times then stops on "Disconnected".
I simply do not know what to try next. I do not see a clear example of steps to try/follow.
I really need to get this working and would appreciate any assistance geared towards a first time user of pfSense.
-
Hello, Ivan
Two moments:
- outlook.office365.com domain resolves to a set of 25 IP addresses, most of which will reject connections depending on the part of the planet you are in. Squid by default tries the first 10 connection paths (ie the first 10 of those 12 IPv6 addresses) before giving up. You can avoid this failure by setting "forward_max_tries 25".
- Did you try to add content of https://gist.github.com/tjgruber/02ce85fe4f54243c45e4 to White list settings? For some reason O365 sometimes provides IPs for additional services which might not be resolved by DNS. For excepting this situation it would be great to add O365 networks and IPs to option Bypass Proxy for These Destination IPs
-
Thank you. The parameter "forward_max_tries 25" can I modify it from the web? or should I edit directly to squid.config? I'm sorry, I'm new to this.
-
You need to add them to squid's Advanced Options.
-
Note that it is added as well, however I do not know in what option it is added? if I just add the line and you're done? or is there a procedure to follow? Excuse my lack of knowledge ...
These are the options that appear to me but I do not know how or where to add the option they tell me:
-
Add it to the Integrations section just after the concurrency line:
url_rewrite_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf;url_rewrite_bypass off;url_rewrite_children 16 startup=8 idle=4 concurrency=0;forward_max_tries 25then click Save and you're done.
-
Ready. Unfortunately, the problem persists. Connect and disconnect continuously ... : /
I do not know what else to do. I appreciate all the help you can give me...
-
@Ivan-Ramirez Did you ever resolve this? I am in the process of troubleshooting this same issue on a new deployment as well.
-
@Asamat said in pfSense 2.4.4, Squid, SquidGuard: Outlook and Office365 - Disconnected.:
Hello, Ivan
Two moments:
- outlook.office365.com domain resolves to a set of 25 IP addresses, most of which will reject connections depending on the part of the planet you are in. Squid by default tries the first 10 connection paths (ie the first 10 of those 12 IPv6 addresses) before giving up. You can avoid this failure by setting "forward_max_tries 25".
- Did you try to add content of https://gist.github.com/tjgruber/02ce85fe4f54243c45e4 to White list settings? For some reason O365 sometimes provides IPs for additional services which might not be resolved by DNS. For excepting this situation it would be great to add O365 networks and IPs to option Bypass Proxy for These Destination IPs
Looking for assistance here as well, but from I was under the impression that forward_max_tries is set to 25 by default in squid >3.5.3. Is pfSense doing something different?
-
@Ivan-Ramirez Did you ever resolve it? I i face the same problem
-
@KOM is it normal to edit in the integration section and add this line , I am afraid to crash the squid proxy
-
It shouldn't cause any problems, but if you're unsure then wait until there is low traffic and then try it. It's easy enough to revert.
