OPNsense Forum
English Forums => General Discussion => Topic started by: pr3p on November 22, 2016, 07:27:37 am
-
My 1st opnsense server with multiwan setup and DNS Resolver was stable and i enable proxy server,
Question: Guys it is possible to set the proxy server automatic to all clients without configuring browser to set the proxy server.
My Setup:
General Setting:
(http://image.prntscr.com/image/666d13333a3946b8a394c106a737d950.png)
(http://image.prntscr.com/image/2bce4bab444748f7bd17a1d95b362ed2.png)
Forward Proxy:
(http://image.prntscr.com/image/4d78504288b94f25b8f861ecdf311cfb.png)
I tried and test the proxy server with browser ( Firefox) and its working fine.
(http://image.prntscr.com/image/7041699a5775431497deb3b6294c97b0.png)
with authentication setting also works fine.
(http://image.prntscr.com/image/85202a62be6549e8a98581c4c10df19f.png)
Regards,
James
-
Hi James,
unfortunately you can't.
But you can Setup Transparent Proxy (https://docs.opnsense.org/manual/how-tos/proxytransparent.html?highlight=transparent%20proxy).
Kind regards
Frank
-
Multi-WAN + Transparent Proxy doesn't currently work in FreeBSD.
Cheers,
Franco
-
Multi-WAN + Transparent Proxy doesn't currently work in FreeBSD.
Cheers,
Franco
thanks i setup transparent proxy and works fine, my problem is the ssl certificate it needs to install manually on client side.
-
Proxy Server:
The proxy server is working fine but i got problem on downloading ACL's it seems doenst apply or download.
https://docs.opnsense.org/manual/how-tos/proxywebfilter.html
(http://image.prntscr.com/image/8ab6624927774ef7823b27eed295a8ba.png)
is it ok to set this way? on local cache setting. i want to maximize the server.
(http://image.prntscr.com/image/ed09a5680e7f475e851d46c7ffd706a4.png)
System Information:
(http://image.prntscr.com/image/4133060b297d45eeaf9623230d971e0c.png)
Regards,
pr3p
-
On Windows you should be able to do this via a group policy - then you would have it inside most apps (except some which bring their own trust store) and on Linux you would have to use some kind of an automation tool which will copy the certificates on the system and updates the ca store. On Linux you can set the environment variable HTTP_PROXY inside a login script so the applications will be aware of an proxy if you are not using a transparent proxy.
-
On Windows you should be able to do this via a group policy - then you would have it inside most apps (except some which bring their own trust store) and on Linux you would have to use some kind of an automation tool which will copy the certificates on the system and updates the ca store. On Linux you can set the environment variable HTTP_PROXY inside a login script so the applications will be aware of an proxy if you are not using a transparent proxy.
Thanks fabian, its working like a charm now, but some website with ssl has problem like on google drive/gmail i was not able to create folder when SSL mode is enabled.
Anyway can you check also the ACL its not applying or downloading.
-
This sounds like a TLS connection failed (maybe due a certificate mismatch). You should check if the connection is rejected (maybe by having open the network tab of FireBug or a similar tool) by looking at the error messages.