OPNsense Forum

English Forums => Web Proxy Filtering and Caching => Topic started by: efjay on July 13, 2020, 02:36:27 pm

Title: Parent Proxy configuration
Post by: efjay on July 13, 2020, 02:36:27 pm
Hello everyone
I have a problem with my parent proxy configuration. Basically I have two networks.
1st Network:

2nd Network:
opnsense Firewall:

The goal is:
The workstation should automatically use the proxy if the destination IP-Address is not in its network. I tried to configure a parent proxy like this:

Services / Web Proxy / Administration / General Proxy Settings
Enable proxy: enabled

Services / Web Proxy / Administration / Parent Proxy Settings
Enable Parent Proxy: enabled
Port: 8080
Enable Authentication: enabled
Username: <username>
Password: <password>
Local Domains: <blank>
Local IPs: <blank>

The problem: it does not work!
If I set the proxy manually in the windows settings, it does work, so the the firewall rules should be correct and the proxy is available.

Do I have to setup anything else besides the Parent Proxy Configuration?

Thanks in advance!
Title: Re: Parent Proxy configuration
Post by: Amr on July 20, 2020, 06:41:04 pm
Hello efjay,
from your description I understand that you want your LAN clients to use the remote proxy, I took the liberty of hand-sketching (and badly I have to add) a diagram of your network -not sure why I did-.

Do I have to setup anything else besides the Parent Proxy Configuration?
Short answer : Yes!
the steps would be as follows:
1-Setup a local proxy
2-connect your clients to the local proxy
3-connect your proxy (the child one) to the remote proxy (the daddy one)

Luckily for you (and me) there's already many guides out there on how to setup a proxy on opnsense and connect your clients to (you can even force clients to connect only through the proxy).

however you'll come across a choice : a normal proxy or a transparent proxy?
-normal one: is the one you have to manually configure each client in order to connect to (basically what you did in your browser and got it to work) in that case you don't even need a local proxy, this is optimal if you have very few clients and manually configuring each one won't be a bother.
-Transparent:in this case you won't have to configure each client manually (but you'll have to force them to use the local proxy by redirecting them to it) since they most probably won't even notice any change (hence the name transparent) however depending on your case it might not prove easy (or ethically) to setup up a transparent proxy (in your case I assume you don't want to see what your clients are viewing or block certain sites, which is way easier),this is optimal for enterprises (espically medium to big ones) as  there's no need to configure each client.