Hello,
if OPNsense is installed behind a proxy server, is there any way to make Internet access possible to clients behind OPNsense without using proxy settings on them?
I am thinking about simply configuring the IP address of OPNsense as DNS server and Gateway to those clients network configuration and OPNsense redirects all those requests coming from the clients via the proxy to the Internet (also including authentification at the proxy done by OPNsense).
I'm aware of the fact, that this would not allow "full" Internet access, but only limited to HTTP traffic (or whatever the proxy allows).
Can this be done with OPNsense? If so, any hints?
Thanks a lot in advance,
Thomas
You're talking about a transparent web proxy, where any traffic to 80/443 is forwarded to the proxy on its port (e.g. 8080). You may be able to configure that in Firewall, NAT, Outbound
However, this breaks HTTP in fun and interesting ways unlikely to play nice with modern AJAX sites :)
What about hosting a pac file and sending your clients to that? DHCP option 252 may help.
Bart...
Thanks for this hint. This helps me definitely :)
Is OPNsense also able to authenticate itself against a proxy?
Sorry Thomas, I'm not sure - the proxy documentation doesn't mention authenticating against an upstream proxy: https://docs.opnsense.org/manual/proxy.html
Bart...