OpenSense on SG-2100
-
@bmeeks I think a value-add to the package is the MITM aspect. Unfortenly most if not all of the blocklists that were used for Squid are no longer or just not good when compared to commercial products.
Im of two minds about it.
Squid is an oldie but a goodie. It can still have some relevance today for page blocking or content control albeit in limited scope.If you have a proxy in the path, you cant bypass at all. DoH is a game of wack-a-mole. Easy to do but can be easily bypassed. -
@jimp
This was suggested on Reddit and i think its a good idea if one has the resources.
Squid with the unresolved CVEs is probably best sitting behind a firewall . I dunno. Just a thought. -
@JonathanLee said in OpenSense on SG-2100:
I want the web cache support for Squid is what I am after. I am going to be stuck in 23.05.01 land until the end of time.
23.09 includes Squid per the blog post.
re: cache, SSD is recommended for the disk writes on eMMC...
https://www.netgate.com/supported-pfsense-plus-packages
https://docs.netgate.com/pfsense/en/latest/troubleshooting/disk-lifetime.html -
SSD
@JonathanLee I see from one of your other posts you have a Max so never mind this comment. I like to post it when it comes up since many don't know about the recommendation list (which would help if it was in the docs, or linked from the docs; AFAIK it isn't).
-
Indeed Squid is in 23.09. I agree though, running a separate internal proxy is probably a better option.
-
@stephenw10
To be fair, commercial solutions like Cisco Umbrella or Zorus do a really better job at this whole proxy thing.
I know there isnβt a home lab or SMB pricing that makes sense which is really the pain point here for mostly everyone.
Also Iβm not aware of any commercial proxy to be used internally. Is BlueCoat still a thing? -
@michmoor what is bluecoat? I have Squid 6.6 running great in 24 minor issue the status page changed to non squidclient based. But other than that it has a lot of the CVEs fixed I am told itβs the latest and greatest.
-
If you want to proxy and filter all the traffic from/to a small country you call Bluecoat.
-
@stephenw10
SWG are the future. Its been the future? Its here now :)https://www.cloudflare.com/learning/access-management/what-is-a-secure-web-gateway/
-
'SWG' seems like another acronym for what has been around for years. Maybe with a shinier front end glued onto it.
-
@stephenw10
lol oh for sure !
