Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Explicit Proxy won't forward ssl

    General pfSense Questions
    1
    2
    1155
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pfsenseman081 last edited by

      I'm having an explicit (non transparent) proxy on my LAN side. The proxy forwards its traffic thru an upstream proxy (squid cache_peer)

      Client –> squid3/pfsense --> upstream cache --> internet

      This setting works fine for http.
      Unfortunately, it doesn't work for https.

      HTTPS can't connect thru the pfsense proxy.

      Here's my config:

      acl manager proto cache_object
      acl localhost src 127.0.0.1/32 ::1
      acl home_network src 192.168.1.0/24
      acl guest_network src 192.168.0.0/24

      #Ports allowed through Squid
      acl Safe_ports port 80 #http
      acl Safe_ports port 443 #https
      acl SSL_ports port 443
      acl SSL method CONNECT
      acl CONNECT method CONNECT

      #allow/deny
      http_access allow localhost
      http_access allow home_network
      http_access allow guest_network
      http_access deny !Safe_ports
      http_access deny CONNECT !SSL_ports
      http_access deny all

      #proxy ports
      http_port {proxy_server_IP}:3128

      Does anyone see my what's going wrong here?

      Cu
      Ben

      1 Reply Last reply Reply Quote 0
      • P
        pfsenseman081 last edited by

        Just for the record: To make sure, your pfsense squid proxy will use the upstream proxy also for SSL connections, you need to add the following line in your configuration:

        always_direct deny all

        1 Reply Last reply Reply Quote 0
        • First post
          Last post