SSL Error transparent proxy (Squid)

Sweety · Feb 8, 2021, 1:51 PM

Hi everyone !

I have a big problem with my Squid transparent proxy. I am using SSL filtering for my network and when I enable it's impossible to search every browser. When I type in a URL it works and I have access to the site (if it is allowed of course).
When SSL filtering is disabled everything works. I have created a certificate beforehand.
This error is displayed: ERR_SSL_PROTOCOL_ERROR -> only when I type something in the search bar (example: I type "test").
If I put for example "www.youtube.com" I access the site without error.

I am totally desperate, if a charitable soul could help me! Thank you good day / evening ^^

viktor_g · Feb 8, 2021, 2:56 PM

Make sure pfSense and LAN clients are using DNS Resolver on the appliance

see https://forum.netgate.com/topic/139457/transparently-intercept-and-redirect-dns-traffic-to-an-internal-dns

Sweety · Feb 8, 2021, 3:27 PM

@viktor_g Thank you for your answer :)

My resolver is configured. My primary DNS is 8.8.8.8 and I still cannot resolve my problem.

viktor_g · Feb 8, 2021, 3:34 PM

@sweety make sure that your clients are using pfSense as DNS Resolver

Please read https://docs.netgate.com/pfsense/en/latest/troubleshooting/squid.html#sites-not-loading-with-splice-error-409-in-access-log

Sweety · Feb 8, 2021, 7:40 PM

@viktor_g I'm gonna test tomorrow and tell you if it's working !

Sweety · Feb 9, 2021, 10:28 AM

@viktor_g That's not working, I didn't have any solution...
Does I have to install a WPAD on each client or a CERT ?

My config is :

Windows Server : 192.168.0.2
Hyper-V : 192.168.0.5
WAN : 192.168.3.2 (gateway : 192.168.3.1)
LAN : 192.168.0.249