Squid Tproxy, DynamicSSLCert & SslPeekAndSplice support
-
Hi
Does the squid support Tproxy mode?
According to http://wiki.squid-cache.org/ConfigExamples/Intercept/OpenBsdPf the newest versions of squid has the "–enable-pf-transparent" flag to use Tproxy mode with pf
Has the pfSense squid package been built with this flag enabled?
For SSLBump there are two new features in squid that helps with the certificate errors when proxying https - DynamicSslCert http://wiki.squid-cache.org/Features/DynamicSslCert & PeekAndSplice http://wiki.squid-cache.org/Features/SslPeekAndSplice
Does the pfSense squid package support these features?
-
Any feedback guys?
-
i have squid 3.5.19 –disable-ipf-transparent still there and i am waiting for it to be enabled or the way that makes it so
did you get any solution for that yet ?
-
Nope, still waiting to hear from the devs.
-
Bump
-
Hi
According to http://wiki.squid-cache.org/ConfigExamples/Intercept/OpenBsdPf the newest versions of squid has the "–enable-pf-transparent" flag to use Tproxy mode with pf
Has the pfSense squid package been built with this flag enabled?
If you use the latest pfsense squid 3.5.19 '–enable-pf-transparent' yes it is enabled
-
Guys,
In this case, HTTPS sites can be proxed/filtered using Transparent proxy mode?
Just to confirm, users need to use a local certificate to do SSLBump anyway, right?thanks in advance
-
TRPOXY mode currently is not supported on pfsense, according to my experience.
-
tproxy is not used anywhere in the package, plus not really sure why are people pulling SSL/MITM/certs to the topic (which has long been available in the package and is working)