OPNsense Forum

English Forums => Web Proxy Filtering and Caching => Topic started by: kevin192291 on July 19, 2018, 02:22:44 am

Title: after activating SSL proxy, nothing happening.
Post by: kevin192291 on July 19, 2018, 02:22:44 am

Hello,
Would anyone mind assisting me determine what is wrong with my configuration of my ssl proxy? I have activated SSL proxy, however, when I go to a website, I don't get the missing ssl message.
I have not installed the ssl cert on my pc yet as a test, so i believe that the proxy is not intercepting correctly.

As attachments I have uploaded images of my configuration. I think I have done everything correctly, and I have
tried changing the config in many many different ways and have come to this, I really thought it would work, but does
not.
any help would be greatly appreciated.
Thank you very much

Title: Re: after activating SSL proxy, nothing happening.
Post by: franco on July 19, 2018, 10:10:12 am

Can you clarify what this "OpenVPN" interface is and why you want to intercept its traffic in the first place?


Cheers,
Franco

Title: Re: after activating SSL proxy, nothing happening.
Post by: kevin192291 on July 19, 2018, 07:09:10 pm

Hello Franco,
The OpenVPN interface is the interface created by the OpenVPN wizard. That is working just fine.
I would like to intercept the ssl connections because the anti-virus clamAV is not scanning files that are
https, it works great with files over http though, and that is good. I had ssl interception working about 6
months ago, however I removed it because I was having trouble with playing a few games on my desktop.
but that was on my wired connection. What I would really like to do is have my wifi blocking all ports, except
for OpenVPN and then when i want to connect to my home network, I will connect to my wifi, then vpn in, and
also have clamAV scanning for viruses as well. (i know calm av isn't great, but it is something)
I am starting to wonder if it isn't working because it isn't a real port on my box...

Title: Re: after activating SSL proxy, nothing happening.
Post by: kevin192291 on July 22, 2018, 04:46:28 am

I am not there yet, however I am not seeing a change in the file: /usr/local/etc/squid/squid.conf when I turn on/off
ssl. I am not sure if this is even the correct file. I believe it is because turning on icap in the file worked. editing the file
manually even though it says not to, I added:
https_port 127.0.0.1:3129 intercept ssl-bump cert=/var/squid/ssl/ca.pem dynamic_cert_mem_cache_size=10MB generate-host-certificates=on
but still nothing... I will report more here as I learn.

Title: Re: after activating SSL proxy, nothing happening.
Post by: ab5g on September 21, 2018, 04:50:17 pm

I don’t think you can force the OpenVPN traffic through the proxy. I have the http proxy turned on in transparent mode. When I connect to my home through SSLVPN i cant seem to register the http traffic on proxy logs. I had the the same configurations as you and it wouldn’t register the http traffic. I looked around a bit and i thought i saw someone mention that its not supported (I didn’t read up much on it to be honest or gave it another go - happy to be proved wrong).

Title: Re: after activating SSL proxy, nothing happening.
Post by: franco on September 24, 2018, 09:16:10 am

There was a bug in the interface selector that let through IPsec and OpenVPN even though that doesn't work, particularly with squid it would prevent squid from starting. Unfortunately you can't see that from the first screenshot due to cropping...

The selector was fixed in 18.7.1 to not offer these two pseudo-devices.


Cheers,
Franco