Squid3 cache test?

killmasta93 · Mar 11, 2016, 11:25 PM

Hi,
I was wondering if someone could shed some light on the cache test?

So I always wonder sometimes if its worth to cache. Its great with squidguard blocking those unwanted ads and stuff but been trying to test with some downloads looking at the squid logs always seems to miss :(

Thank you

aGeekhere · Mar 14, 2016, 2:12 AM

try ticking Cache Dynamic Content.

I found the cache works best with large downloads and updates, though a lot of the time you will get misses.

killmasta93 · Mar 16, 2016, 12:00 AM

Thanks it did the trick also adding the WPAD is pretty incredible in a work environment of 50 computers, Only bad thing is that the navigation with OpenVPN , funny it can navigate to webpages but cannot access internal IP but it can ping so odd….just gives the squid error 60

aGeekhere · Mar 16, 2016, 10:00 AM

I am thinking that something like this might fix the VPN issue, just got to add a DIRECT rule for it.

function FindProxyForURL(url, host) 
{ 
    if (dnsDomainIs(host, "ADDRESS OF VPN") ||
    isPlainHostName(host) ||
    shExpMatch(host, "*.local") ||
    isInNet(dnsResolve(host), "192.168.1.0",  "255.255.255.0"))
    return "DIRECT";

    return "PROXY 192.168.1.1:3128";
}

Using this as a guide http://findproxyforurl.com/example-pac-file/

killmasta93 · Mar 16, 2016, 10:14 PM

Hey thanks for the reply in the code address of VPN would be the OpenVPN server in my case its 192.168.70.0/24

function FindProxyForURL(url, host) 
{ 
    if (dnsDomainIs(host, "192.168.70.0"  "255.255.255.0") ||
    isPlainHostName(host) ||
    shExpMatch(host, "*.local") ||
    isInNet(dnsResolve(host), "192.168.3.0",  "255.255.255.0"))
    return "DIRECT";

    return "PROXY 192.168.3.254:3128";
}

Then you say about direct rule you mean doing this on internet explorer?

Tic use a proxy server for your lan, add address and port
click advanced
And in exceptions add the OpenVPN server to bypass?

This is what I have currently

function FindProxyForURL(url, host) 
{ 
    if (isPlainHostName(host) ||
        shExpMatch(host, "*.local") ||
        isInNet(dnsResolve(host), "192.168.3.0",  "255.255.255.0"))
        return "DIRECT";

    return "PROXY 192.168.3.254:3128";
}

Thank you

aGeekhere · Mar 17, 2016, 1:04 AM

in the code address of VPN would be the OpenVPN server in my case its 192.168.70.0/24

Yes that is what i am thinking, not sure if it works yet.

Then you say about direct rule you mean doing this on internet explorer?

No i was referring to the WPAD that is on pfsense.

Tic use a proxy server for your lan, add address and port
click advanced
And in exceptions add the OpenVPN server to bypass?

This is the current work around that I have found. however it would be nice if it would be bypassed on the wpad so you do not have to set this up on each client.

This is what I have currently

This is the setup that is working however it does no bypass the VPN so I was thinking that adding something like
if the destination dns Domain is the address of your vpn go direct and not use the WPAD.

You might have to play around with a few different methods for the WPAD to bypass the VPN using this http://findproxyforurl.com/example-pac-file/

killmasta93 · Mar 17, 2016, 2:48 AM

This is the setup that is working however it does no bypass the VPN so I was thinking that adding something like
if the destination dns Domain is the address of your vpn go direct and not use the WPAD.

But whats odd is that PPTP and L2TP goes direct ignoring WPAD

Yes that is what i am thinking, not sure if it works yet.

Im going to give it a shot this week and let you know

Thanks again :)

killmasta93 · Mar 17, 2016, 11:12 PM

Hey there so i tried the code but site 2 has OpenVPN server of 192.168.70..no luck…So odd..im not understanding my OpenVPN wont go direct while PPTP and L2TP can? could it be the TAP driver?

function FindProxyForURL(url, host) 
{ 
    if (dnsDomainIs(host, "192.168.70.0"  "255.255.255.0") ||
    isPlainHostName(host) ||
    shExpMatch(host, "*.local") ||
    isInNet(dnsResolve(host), "192.168.3.0",  "255.255.255.0"))
    return "DIRECT";

    return "PROXY 192.168.3.254:3128";
}

killmasta93 · Mar 20, 2016, 12:40 AM

So i think i might have figured out a workaround not the best but its something. I created a !ignore list for ONLY users that need to connect to another site that is running OpenVPN in my case its only 1 person because hes a programer and connects to other sites that also have pfSense. Theres no need for him blocking sites either because hes a freelancer and He still gets the transparent proxy working also.

EDIT: NVM…It was working because i uncheck the automatic proxy settings :'(