Hi all,
I just wanted to share how I've setup OPNsense to provide Transparent Proxy over multiples interfaces.
The idea was to provide TP over: LAN, Internal WiFi, Guest WiFi and SSLVPN Road Warriors as well.
01 - For the SSLVPN part, you first need to assign your OpenVpn interface as an assigned interface.
02 - Enable the Web Proxy and assign all the interfaces you want your Squid Proxy daemon to listen to.
03 - Create NAT rules: Firewall --> NAT --> Port Forward / I have here created two rules (TCP:80 & TCP:443) involving all the interfaces I wanted to be Transparently Proxied/redirected (to TCP:3128 & TCP:3129 respectively).
04 - Within the Web Proxy > Forward Proxy > Access Control List -- you need to specify your Allowed Subnet within the Forward Proxy > Allowed Subnet.
05 - IF you're using Unbound DNS, you'll need to create Access Lists according to your different subnets using the Unbound DNS services.
You can see my config's within the attachments below.
Hope this helps.
Cheers,
m.
PS: can I use the attached images within my own post? couldn't figure how/if possible...