OS X VPN Proxy settings
This did not seem to exactly fit into the IPSec category so if there is a better location feel free to move this but this seemed the best place for it.
I have pfsense set up in several locations now with squid+quidguard and ipsec. I have no problems with any of that but I do with my settings in OS X. Now sure it seems I should be asking this on a Mac forum, but lets face it, your 'AVERAGE' Mac user doesnt know a whole lot about networking and VPNs and proxies.
This is what my setup is like at my house that Im connecting to.
On my Mac I have a basic IPSec network interface and in the proxy section I have it pointing to '192.168.11.1' which is the internal IP of my firewall/vpn-proxy with the default squid port. This is set for both http and https traffic. When I am at work I can connect to my home network just fine, but the proxy is never enabled. OS X maintains the proxy settings from the 'WiFi' at work and the proxy for my home network is never used.
I'm hoping someone here knows how to properly configure this so that when I connect to my home vpn it is automatic.
If I understand what you're trying to do correctly, you want to route all http/https traffic from your Mac through your VPN to your home network?
It should work but when the VPN is started it seems to ignore the proxy settings for the VPN.
I've often used an ssh tunnel like in this example:
SSH has a serious design flaw so I have SSH disabled to the outsides world. Any known user can connect an infinite number of times. SSH leaves it up to the OS to manage this.
SSH tunneling on a mac and windows both require administrative privileges to create the bridge interface as it's on-demand and not an OS level service. On top of that I need all the devices using the same VPN system and ssh tunneling can only be done with a jailbroken iOS device or with OpenVPN which is horrible on iOS and is not able to work on cellular for proxying.
I may just have to resort to installing Server on the mini and just using pfsense for firewall/proxy. With OS X Server it's much easier to use profile management on apple devices and force settings but I would rather just have one border device.