Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SSL Proxy giving me problems.

    Scheduled Pinned Locked Moved Cache/Proxy
    1 Posts 1 Posters 862 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      TurboAAA
      last edited by

      This should be an easy one for someone to help me with.

      I am NOT trying to use transparent mode, but instead want users to decide whether or not they want their devices running through my SSL proxy. My ISP is extremely slow and caching is a huge deal for me.

      PFSense 2.3
      Latest Squid package
      Proxy is enabled and http is on port 3128 https 3129.
      Firewall rule to allow TCP 3128-3129 to the firewall.
      Firefox is configured to use the above ports for the proxy.
      HTTP sites work correctly
      HTTPS sites time out with no errors

      When I try to access one of my websites I get the following using the Firefox developer tools
      Requested URL : http://michaelwiki.geekgalaxy.com/
      Request method : GET
      Remote address : 192.168.11.1:3128
      Status code: 301 Moved Permanently

      Ok all normal there, but then it tries to load the encrypted page
      Requested URL: https://michaelwiki.geekgalaxy.com/w/index.php/Main_Page
      Request method: GET

      and nothing happens.

      Any ideas on where to start looking would be appreciated.

      UPDATE:

      I was able to narrow down the problem to being that squid is NOT listening on port 3129 for some reason. So if anyone has run into any related bugs please let me know.

      UPDATE 2:
      I found my problem.

      1. You do NOT need to create a firewall rule to allow proxy traffic.
      2. Leaving the defaults, both encrypted and unencrypted traffic share the same port. Even though there is an option to specify the SSL proxy port.

      So this problem is solved, now I need to verify caching is working and I will be able to mark this to-do item done.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.