Hello,
I read a lot of guides how to fix the bug Web Proxy with android devices. All of them fail on 2023 with OPNsense 23.7.9-amd64 version.
Is anybody here that solved this bug. Please tell me the way to solve on my opnsense firewall.
I want to enable web proxy on my system but I cannot because all my android devices cannot connect to the internet.
Thank you
sorry, what bug would that be?
Quote from: cookiemonster on November 23, 2023, 10:55:42 PM
sorry, what bug would that be?
Web proxy works all devices excpet android devices. There are post here with the same problem since 2018. Please look at the forum below.
https://forum.opnsense.org/index.php?topic=7664.0
I don't see a bug there, only a problem reported that ended up as a couple of configuration problems.
Quote from: cookiemonster on November 24, 2023, 03:17:35 PM
I don't see a bug there, only a problem reported that ended up as a couple of configuration problems.
I have setup sucessfully web proxy. My laptop and stable pc works perfect without any problem. On two android device I have installed cerftifaction "VPN and apps" but I don't have internet at all whole device.
Do you know what problem there is? I setup with below guide
https://docs.opnsense.org/manual/how-tos/proxytransparent.html
Thank you
So, am I a unique person that I have this problem on OPNsense?
All users has successfully setup web proxy with android devices or they don't care about my question.
Is anybody here that solved this bug. If yes...Please tell me the way to solve the same problem on my opnsense.
Thank you
Nobody I personally know uses web proxies.
Sorry novel. I don't use them, I don't see the need in a non-corporate environment where other and better solutions (commercial and expensive) exist. I don't criticise your want to set it up by the way.
What I am trying to point out is that you keep calling a failure to create a documented setup as a bug. Maybe it is, but without fully qualifying it and showing what you have setup including your mobiles, showing logs, failures with evidence, etc., it is hard to qualify it as such on a forum.
I suggest you open an issue on github. This includes instructions on how to reproduce the problem.
Quote from: Patrick M. Hausen on November 25, 2023, 10:11:24 PM
Nobody I personally know uses web proxies.
Can I ask you something? Services: Web Proxy: <--- is this osi layer 7 ? I think yes....How can I inspect the http/https application layer 7 web pages and other protocols???
There are a lots of other brands firewalls that inspect the traffic at layer 7 . Is there alternative in opnsense?? Layer 7 - application layer
Quote from: cookiemonster on November 25, 2023, 10:15:37 PM
Sorry novel. I don't use them, I don't see the need in a non-corporate environment where other and better solutions (commercial and expensive) exist. I don't criticise your want to set it up by the way.
What I am trying to point out is that you keep calling a failure to create a documented setup as a bug. Maybe it is, but without fully qualifying it and showing what you have setup including your mobiles, showing logs, failures with evidence, etc., it is hard to qualify it as such on a forum.
As I said to Patrick aplication layer - osi lelve 7 is very important. I want to use it. My laptop and stable pc are ok. The problem is for ipad and android devices. There are other posts that have the same problem.
Pleaase can you help me? How to solve it?
Quote from: Patrick M. Hausen on November 25, 2023, 10:19:14 PM
I suggest you open an issue on github. This includes instructions on how to reproduce the problem.
I don' know how to do it. I have a account on github but I don't use it.
Novel, the answer to your question "how to inspect HTTPS" is simple: the point of HTTPS is that you don't. There are hundreds of engineers working hard to improve what started as "SSL" to create a reliably confidential channel between the browser and the server/application.
Quote from: Patrick M. Hausen on November 25, 2023, 10:41:16 PM
Novel, the answer to your question "how to inspect HTTPS" is simple: the point of HTTPS is that you don't. There are hundreds of engineers working hard to improve what started as "SSL" to create a reliably confidential channel between the browser and the server/application.
Ok, I understand...So your experience is that I don't need inspection for https . Right?
Please tell me unecrypted traffic on port 80 http ? Is this protocol needs configuration with web proxy. If you know other way , thats fine.
Zenarmor?
what is your requirement novel, what do you want to achieve?
Quote from: cookiemonster on November 25, 2023, 11:02:31 PM
what is your requirement novel, what do you want to achieve?
Hello,
I had have another firewall with layer 7 enabled. The other firewall had antivirus could inspects http/https sites with certfitcation file (pem extension) that you could imported it on firefox or android devices and ipad. It had have Application Control that allow and block any host or ip ...from bittorent,facebook,google.....I had choices layer 7.
Now I want to use OPNsense. then I enabled web proxy. Web proxy on my laptop works fine so far, but I disabled it because I could not install certificate on my ipad.Two android devices I installed certificate from opnsense sucessfully but I don't have internet at all. <-- This problem I saw it another post 2018
I used for couple days zenarmor then I uninstalled. It useless on free edition, and It is too heavy , cpu fan works over 60% . When I used the other firewall with the same pc I didn't have any hardware problems.
Please tell me, is web proxy outdated? Can I use it on 2023? Is there alternative that I have layer 7 options?
> The other firewall had antivirus could inspects http/https sites with certfitcation file (pem extension) that you could imported it on firefox or android devices and ipad.
> Web proxy on my laptop works fine so far, but I disabled it because I could not install certificate on my ipad.Two android devices I installed certificate from opnsense sucessfully but I don't have internet at all.
So you want to inspect encrypted https traffic using your own certificates. It seems then you need to diagnose the installation failing on the ipad. We can't tell why that is on a forum. You need to diagnose it and bring details.
Similarly for the Android phones, you need to diagnose it. We can't put our hands on your handsets :)
But why do you want to inspect encrypted traffic? If to block host or ip, indeed blocking the services might be an option, like AdguardHome or Zenarmor. They don't solve the problem of inspecting TLS (https) but might be suitable with adequate processing power on the appliance.
Quote from: cookiemonster on November 30, 2023, 01:21:30 PM
> The other firewall had antivirus could inspects http/https sites with certfitcation file (pem extension) that you could imported it on firefox or android devices and ipad.
> Web proxy on my laptop works fine so far, but I disabled it because I could not install certificate on my ipad.Two android devices I installed certificate from opnsense sucessfully but I don't have internet at all.
So you want to inspect encrypted https traffic using your own certificates. It seems then you need to diagnose the installation failing on the ipad. We can't tell why that is on a forum. You need to diagnose it and bring details.
Similarly for the Android phones, you need to diagnose it. We can't put our hands on your handsets :)
But why do you want to inspect encrypted traffic? If to block host or ip, indeed blocking the services might be an option, like AdguardHome or Zenarmor. They don't solve the problem of inspecting TLS (https) but might be suitable with adequate processing power on the appliance.
All seriously firewalls inspect http/https traffic. This is fact! So, certificate on androids devices have been installed successfully , then I followed all details.
https://forum.opnsense.org/index.php?topic=7664.0
https://github.com/opnsense/core/issues/2311
So is web proxy outdated or not? Zenarmor I said is useless on free edition and too heavy. In the past I tried Adguard withj some problems but I will installed again.
So the only alternative choice from web proxy , is zenarmor and adguard?