• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Connect to remote proxy server with RSA private key

Scheduled Pinned Locked Moved General pfSense Questions
9 Posts 2 Posters 1.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    tigs
    last edited by Dec 11, 2020, 7:43 AM

    Hello all

    I am just learning to set up a proxy server on the amazon cloud. It was debian 10 and tinyproxy. The server was setup requiring RSA private key. Is there a way I can setup my pfsense box to connect to the server so that all the computers behind the firewall will go through the proxy?

    I can set up my windows machine easily by just using the IP and port under /settings/network/proxy. It works perfectly. However, on the pfsense box, under /system/advanced/miscellaneous: the proxy setup would require username and password. I tried to leave that blank, just input the IP and port. It did not seem to work. I mean the computers behind the pfsense box still has my ISP IP.

    I have two LAN interfaces. If this is possible, can I set it up in a way so that only one interfaces go through proxy, the other one still through the ISP IP?

    Thanks a lot.

    S 1 Reply Last reply Dec 11, 2020, 6:58 PM Reply Quote 0
    • S
      stephenw10 Netgate Administrator @tigs
      last edited by stephenw10 Dec 11, 2020, 8:32 PM Dec 11, 2020, 6:58 PM

      An http proxy? Including https?

      That value in Advanced setting is only for traffic from the firewall itself, for firmware updates etc.

      You would have to route client traffic via the proxy but it's probably going to fail. Better to just configure clients behind the firewall to use it directly.

      Steve

      T 1 Reply Last reply Dec 11, 2020, 7:11 PM Reply Quote 0
      • T
        tigs @stephenw10
        last edited by tigs Dec 11, 2020, 7:12 PM Dec 11, 2020, 7:11 PM

        @stephenw10 said in Connect to remote proxy server with RSA private key:

        An http proxy? Including https?

        That value in Advanced setting id only for traffic from the firewall itself, for firmware updates etc.

        You would have to route client traffic via the proxy but it's probably going to fail. Better to just configure clients behind the firewall to use it directly.

        Steve

        Thanks Steve!

        At the moment I was just trying to see if I can get this to work. So it doesn't matter it is http or https.

        Sound like it is not possible. At least I know the answer and will stop spending time getting it to work.

        Some of the devices does not have setting for proxy, e.g. the smart TV. I guess I will have to live with that.

        I was trying to switch from a VPN service provider to a proxy server as the openvpn is way too slow. I can only get 5% of my ISP speed.

        Anyway.

        Thanks for your help.

        1 Reply Last reply Reply Quote 0
        • S
          stephenw10 Netgate Administrator
          last edited by Dec 11, 2020, 8:35 PM

          Like 50Mbps out of 1G? Almost anything should be faster than that.

          You can use a proxy you just have to set the clients to use it. Otherwise it has to be a transparent proxy with all the SSL problems that implies.

          Steve

          T 1 Reply Last reply Dec 11, 2020, 9:45 PM Reply Quote 0
          • T
            tigs @stephenw10
            last edited by tigs Dec 11, 2020, 9:49 PM Dec 11, 2020, 9:45 PM

            @stephenw10 said in Connect to remote proxy server with RSA private key:

            Like 50Mbps out of 1G? Almost anything should be faster than that.

            You can use a proxy you just have to set the clients to use it. Otherwise it has to be a transparent proxy with all the SSL problems that implies.

            Steve

            you are right 50Mb out of 1G. I think I am done with openvpn after many years. It just started to slow down and drop connection from time to time. I used to have good experience with it, getting 200Mb out of 1G. PIA is unable to solve the problem.

            is there an instruction of setting up the upstream proxy with SSL? I just want to give it try. I seem to be able to follow all the squid and SSL stuff, just can never find where to input the upstream proxy IP and port stuff.

            What about SOCKS5 proxy? Shadowsocks? PIA offers both of this. also want to give those a try if possible?

            I was looking at other firewalls. ipfire has specifically places you can enter upstream proxy IP and port.

            R
            thanks

            S 1 Reply Last reply Dec 12, 2020, 3:18 PM Reply Quote 0
            • S
              stephenw10 Netgate Administrator @tigs
              last edited by Dec 12, 2020, 3:18 PM

              You can enter it in Sys > Adv > Misc but only for traffic from the firewall itself. Doing that means the firewall knows it's going via a proxy and accepts the SSL cert from there. Otherwise it will reject the cert as being not the expected site as any other client would.

              50Mbps is pretty slow though. If your hardware is even vaguely capable you should see far more than that.
              If you're running you own proxy in AWS you can also run your own VPN server. Since you control both ends you can optimise it easily. You could use IPSec.

              Steve

              T 1 Reply Last reply Jan 4, 2021, 7:58 PM Reply Quote 0
              • T
                tigs @stephenw10
                last edited by tigs Jan 4, 2021, 8:07 PM Jan 4, 2021, 7:58 PM

                @stephenw10 said in Connect to remote proxy server with RSA private key:

                You can enter it in Sys > Adv > Misc but only for traffic from the firewall itself. Doing that means the firewall knows it's going via a proxy and accepts the SSL cert from there. Otherwise it will reject the cert as being not the expected site as any other client would.

                50Mbps is pretty slow though. If your hardware is even vaguely capable you should see far more than that.
                If you're running you own proxy in AWS you can also run your own VPN server. Since you control both ends you can optimise it easily. You could use IPSec.

                Steve

                Hi Steve,

                following your pointer, I have been trying to play with IPsec with AWS. I have setup an IPsec server, and I am able to configure my desktop PC (win 10) or synology NAS to connect to it without any issues. However, I would like to conect my pfsense box to it so all local devices go through the same tunnel without having to configure them individually. I want my pfsense box work the same way as it does with VPN client. Can I accomplish this, configuring the pfsense as a Ipsec client?

                I have the following info available and nothing more:
                Server IP:
                IPsec PSK:
                Username:
                Password:

                Here is the link I followed to setup the IPsec server on a ubuntu server
                link text

                if not, are there any other platforms that would allow this configuration?

                Thanks and happy New Year!

                S 1 Reply Last reply Jan 5, 2021, 12:03 AM Reply Quote 0
                • S
                  stephenw10 Netgate Administrator @tigs
                  last edited by stephenw10 Jan 9, 2021, 6:50 PM Jan 5, 2021, 12:03 AM

                  Those scripts appear to be aimed at setting up a remote access / mobile ipsec style server and pfSense cannot act as a mobile client.
                  You want to be setting up a site-to-site style IPSec server.

                  The only problem is that if you use a policy based tunnel it will have to cover any destination so will be an all or nothing option.
                  If you use route based IPSec you can policy route traffic over it so be a lot more selective.

                  If it were me I would run pfSense in AWS too. That gives you the most options and the easiest setup.

                  Steve

                  T 1 Reply Last reply Jan 8, 2021, 6:43 PM Reply Quote 0
                  • T
                    tigs @stephenw10
                    last edited by Jan 8, 2021, 6:43 PM

                    @stephenw10 said in Connect to remote proxy server with RSA private key:

                    Those scripts appeat to be aimed at setting up a remote access / mobile ipsec style server and pfSense cannot act as a mobile client.
                    You want to be setting up a site-to-site style IPSec server.

                    The only problem is that if you use a policy based tunnel it will have to cover any destination so will be an all or nothing option.
                    If you use route based IPSec you can policy route traffic over it so be a lot more selective.

                    If it were me I would run pfSense in AWS too. That gives you the most options and the easiest setup.

                    Steve

                    thank you steve for pointing to the directions.

                    will do further research.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                      This community forum collects and processes your personal information.
                      consent.not_received