OPNsense Forum
English Forums => General Discussion => Topic started by: gladiatorf22 on November 08, 2016, 04:35:57 pm
-
Dear all,
Recently i have installed opnsense, and everything is working propely , so i have an issue after enable https transparent mode
skype app not working.
Note:
- i have import internal-CA on all client.
- The Skype application may start up and display the main window, but it will not be able to get online, stuck with the rotating blue dot with white arrows.
How i can allow skype on OPNsense
Thank in advance...
-
You should look at your proxy logs (, if enabled), which should contain the error message why the connection failed.
-
You should look at your proxy logs (, if enabled), which should contain the error message why the connection failed.
I cannot find the related error message in proxy logs
Sent from my iPhone using Tapatalk
-
Then you probably don't even get a TLS connection. you should check what is happening using wireshark or a similar tool.
You should especially check for segments between you and the proxy with a RST flag set and if it happens after the key exchange or if data are already sent (at least a request).
-
If Skype fails with transparent HTTPS while normal browsing is ok (besides the certificate swap) it probably realises the certificate offered does not match its hardwired requirements.
There is no way around this. Others will run into the same issues on any HTTPS MITM solution on every platform if that's the case.
Cheers,
Franco
-
thanks for all for your replay
i want to notice now i have faced another problem outlook not working also on some users but another working properly, now i have disabled HTTPS transparent mode in proxy server, and everything working without any problem, but i can not block all HTTPS traffic like Facebook website .
Any recommendation?
Thanks in advance...
-
It's Microsoft doing the right thing: securing itself against MITM Attacks.
You will need to figure out which servers to exclude from the HTTPS proxying.
Cheers,
Franco