HTTPS issues on Guest WiFi Zone



  • I'm trying to set up a Guest WiFi zone on my network (which I've done before) but I seem to be missing something this time around…

    My setup is ver 2.1.5-RELEASE with LAN on 10.0.1.0/24 Dual WAN zones set up in a fail-over group, squid 3 in transparent mode, and a new Guest WiFi zone set up on VLAN 9 10.0.9.0/24.
    My Access point is set up with dual SSID's, the private one untagged and the Guest-WiFi one on VLAN 9.  I have set up some filtering firewall rules for the Guest WiFi zone, but as I'm having issues, I currently have only one temporary rule in place to allow anything through using the failover group as the gateway.  (See screenshot below, the two bottom rules are disabled).

    Everything on the LAN is working perfectly, (including the wireless access) and there are no issues.

    The guest-WiFi zone is where the problem is, I can connect with no issues, and the clients are getting an IP and the correct gateway from the DHCP server in pfsense.  I can perform nslookups correctly, I can ping the gateway, and I can connect to any standard port 80 HTTP website.  The issue is I can't connect to any site running SSL.

    At first I thought the issue may have something to do with squid, so I disabled the transparent proxy and then completely uninstalled the squid package, but neither of these fixed the problem.

    Does anyone have any suggestions?



  • NAT could be an issue might explain port 80 works (proxy nat works, but  guest-wifi subnet does not.

    check if there are nat rules for the guestwifi



  • Anything of interest in your Firewall log?



  • It was an outbound NAT problem.  A while back while testing some diferent OpenVPN configs I had changed Outbound NAT over to manual.  I changed it back to Auto and everything's working perfectly now.

    I appreciate the suggestion!


Log in to reply