OPNsense Forum

English Forums => Web Proxy Filtering and Caching => Topic started by: The_Sage on January 19, 2019, 01:06:45 am

Title: Definitive list of solutions to common issues (mainly aiming at SSL Bump)
Post by: The_Sage on January 19, 2019, 01:06:45 am

I have tried pfSense SSL Man in the middle years ago and ran into many issues, and have picked it up again in OPNsense. I have managed to get get many annoying things going, but still have issues with several aspects (described later) that are show stoppers. The current docs are adequate to start  the Web Proxy, but there are many things not documented. This is by no means a dig at the developers, more of a plea to the community to contribute to this AWESOME project. 

With my understanding of the mission ".. the most widely used open source security platform." we need to band together and consolidate our knowledge into documentation so we can continue to make this the BEST Security platform available and make more accessible and straight forward to new users.

How can we get these questions answered and incorporated into the Docs / Wiki after they are confirmed actual best practices for the problem they solve.

I will start.

Here is a list of how I solved some common issues (sourced from this forum, the web and some deep dark areas of my brain)

iPhone App store, Add these to the No Bump  .apple.com, .cdn-apple.com, .icloud-content.com, .itunes.com, .nzstatic.com.

Bypass proxy altogether. Create Alias "No_Proxy", Add IPs of devices to completely bypass. Edit the NAT rules for transparent with source to be invert Alias.

I added home Playstation's and X Boxes to the No_proxy alias so it would connect to the PS network.
 
On iOs devices, instagram how do I get videos to play with transparent Squid SSL proxy?.

We cant just add hosts to the No_proxy alias so one program / one app / one feature works. This defeats the purpose of the transparent squid proxy.

Can we get ideas and solutions in one place so we can try to add these to the wiki / docs.


 

Title: Re: Definitive list of solutions to common issues (mainly aiming at SSL Bump)
Post by: mimugmail on January 19, 2019, 07:11:37 am

I'm not really sure what you want to achieve, you want the no_bump and proxy exclude to go into the docs?
Just create a GitHub account, fork the docs repo, extend the proxy howto and create a PR :) It's not that hard.  8)

Title: Re: Definitive list of solutions to common issues (mainly aiming at SSL Bump)
Post by: The_Sage on January 19, 2019, 08:05:19 am

Thanks mimugmail, I lost this post and didnt finish it, I thought i deleted it.

I will continue the list, and I ask for some issues that I cant find answers too and try to add to the docs. I will do this at a later date.

Title: Re: Definitive list of solutions to common issues (mainly aiming at SSL Bump)
Post by: The_Sage on January 25, 2019, 06:01:48 am

OK, after an exhausting weekend of success and failure, I decide to try dev 19.1. Rebooted and lo and behold. All the features I was trying to get setup just worked.
 :'( :'( :'(

But at least it is working now :D

Title: Re: Definitive list of solutions to common issues (mainly aiming at SSL Bump)
Post by: mimugmail on January 25, 2019, 06:04:02 am

Perhaps it was just the clean setup, as there is no real difference in the code