Thanks for the video, this is a great how to on configuring cache settings. I have a lot going on with my network including webservers under lagg, and lacp, so far after following your setup in this video i dont see any conflicting issues with my current webservers and them running their own personal ssl certificates,
I must say that your method is by far the best and simplest one to filter even SSL traffic..brilliant...I have a request for you please...Can you make a video on how to configure squid on multiple interfaces with dhcp enabled on optional interfaces...meaning, excluding the LAN....
You may want to consider using NAT to force all your traffic through the proxy. I am planning on releasing another video in the coming days that will perform this type of task with DNS.
Thanks for sharing this video, I'm using this to save bandwidth and it works for http however I want to cache ssl/https (facebook and youtube videos etc.) is there any possible way not to install certificate on every device? Thanks.
Love the video - thanks. I would like to see your internal IP addresses - are you double NATing or are the gateway and the client on the same LAN segment?
you are right I should have added the ip addresses so you could see the structure. Yes, the client is on the same LAN segment as the proxy server configured that is configured for transparent interception. I am double NATing but not to make the proxy work but to create a private network to make the video on.
Hi ! Thanks a lot for your video. Maybe I did miss something, but how does your client knows it have to go through the transparent proxy ? in my environment I have to manually configure a proxy into my chrome browser. thanks again.
When you select your interface there is an option to enable transparent proxy. That tells pFSense and Squid to intercept the traffic and automatically redirect to the proxy server. Hope this helps ...
I tried setting up squid as a transparent proxy in a similar topography but I got errors when going to certain sites despite not blocking any addresses or setting any acl's.
I liked the video, but having some issues. After configuring proxy Play Station Vue, Netflix, Arlo Videos Cameras stopped working. So two questions: 1. Is it practical to use proxy without FW rule forcing all be on LAN? 2. How to address problems with Play Station Vue, Netflix, Arlo Videos Cameras Overall wonder about usefulness vs problems it creates.
In my opinion if you believe all people should be using the proxy you should put a deny all and only allow the ports needed to pass through the to the proxy. Yes there are ways to make the services above work through your proxy server "e.g. might be the bypass / whitelist". There should always be consideration for security vs. usability and is it worth it to go down these paths. It really depends on what you are trying to protect and how important it is to you. I can tell you businesses want to protect their intellectual property and equipment and deploy services like proxies to help create visibility that they would not normally have. I do not want to go down a rabbit hole about security but a proxy server is one of the many strategies used to help fight against malicious activities and can be worth the time and effort to implement. Controlling who has access to what is also another use case for proxies "e.g. blocking access to certain sites" very valuable for some who need this type of security. I hope this helps your questions ...
Would you be up to doing a WPAD setup video. Trying to get one setup for my network and just not having luck. This one helped me config my machines. Ty
Sorry I have not set anything up but there is an opensource repository for installing 3rd party packages that support creating and deploying WPAD from PFSense.
Also, the initial test The SSL is blocking www.google.com and is filtering much of www.yahoo.com homepage. I can get to www.msn.com and others. There was a temporary DNS error. Try refreshing the page. Error Code: INET_E_RESOURCE_NOT_FOUND
No your clients will reach your proxy then your proxy will make the request by the end users. If a user is going through your proxy to get to there VPN location all traffic will be unreadable by your proxy server and bypassed "assuming the VPN client is configured correctly".
Well, dont want to be downer, but its just not working for me, I even went for factory reset for pfsense and setup just basics then followed the video. Every browser, every system on the network complains about insecure connection. Had to disable ssh filtering. Setting up a certificate and setting splicing all, setting CA to one created,... it did not do its magic
To answer your question no service can share the same port at the same time on the same system unless it was designed to do so. I am not sure what you are asking so my answer above is based on what I think you are asking.
Basically I have 3 networks (LAN's) on my box. currently I have IPSEC setup to gain access to all 3 LAN nets remotely. I want to isolate one LAN network specifically for remote clients to access the lab network. how do I keep my current IPSEC setup and add another P2 entry to allow specific clients to the lab network?
with transparent proxy the squid package will auto intercept http and https traffic and run them through the proxy. The management ip is the pfsense lan interface ... the external ip is the wan interface. I am assuming I am understanding what you are asking ...