Hi everybody,
besides filtering I use the squid proxy in opnsense for IP address translation (LAN: IPv4 only --> WAN: IPv4/IPv6). In general squid prefers IPv6 over IPv4 which works fine, so far. So, in case the DNS resolves an IPv4 and IPv6 address for accessing a server squid tries to use the IPv6 address. But, when the server is not responding squid automatically performs a fallback to IPv4.
In its standard configuration the timeout for fallback is 60 seconds. This is too long because the firefox (and maybe some other browsers) have a shorter request timeout. Thus, the fallback will never occur, provided that the timout in squid is configured with a lower value.
By adding the following line to the squid configuration, the fallback works fine:
connect_timeout 7 seconds
Maybe, you can add a configuration field to override the standard timeout?
Thanks.
Feature request added to github: https://github.com/opnsense/core/issues/4092 (https://github.com/opnsense/core/issues/4092)