Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid Transparent + Virtual IP = No HTTPS?

    Scheduled Pinned Locked Moved
    2.0-RC Snapshot Feedback and Problems - RETIRED
    2
    4
    2.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      stramato
      last edited by

      Hello, I started a thread in the Packages section:

      http://forum.pfsense.org/index.php/topic,37008.0.html

      However, I'm not certain if this is a Squid issue or a RC1 issue.

      Basically, my Squid is set to transparent and I have a Virtual IP for the LAN interface. Clients using the Virtual IP subnet are not able to access HTTPS traffic. However, it works just fine with clients using the real IP subnet of the LAN interface.

      I'm on RC1 April 10 (I find this the most stable as of the moment. Ran for 2 weeks no prob except maybe this?)

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        HTTPS is not proxied transparently, so you are probably missing outbound NAT rules if you are running a second subnet on LAN via IP Alias VIP

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • S
          stramato
          last edited by

          @jimp:

          HTTPS is not proxied transparently, so you are probably missing outbound NAT rules if you are running a second subnet on LAN via IP Alias VIP

          good day jimp thank you for clarifying. currently I'm just using "Automatic outbound NAT rule generation"

          what rules should I create and would it be necessary to use Manual Outbound Nat?

          1 Reply Last reply Reply Quote 0
          • S
            stramato
            last edited by

            @stramato:

            @jimp:

            HTTPS is not proxied transparently, so you are probably missing outbound NAT rules if you are running a second subnet on LAN via IP Alias VIP

            good day jimp thank you for clarifying. currently I'm just using "Automatic outbound NAT rule generation"

            what rules should I create and would it be necessary to use Manual Outbound Nat?

            Got it, jimp. Setting it to Manual Outbound NAT automatically produced some rules. I just copied them and change the IP Addresses. Also added 127.0.0.0/8.

            Now I have multiple Virtual IP subnets, Squid, Multi-WAn and Load-Balancing in 1 box, working together. Very nice.

            Using April 10 RC1.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post