Messages

Hello guys i need you help,recently our gateway works fine before the update.

-I installed or update to the latest released of OPNSense ( OPNsense 17.1.7-amd64 )



Problem:
-Due to update i'm having difficulties on accessing website like rappler ( http://www.rappler.com/) youtube and google sometimes



The configuration is the same from previous setup w/o updating and it works like a charm.


Web Proxy Logs:
[imghttps://image.prntscr.com/image/f5eee099fa18477cbd4d30d018c561a9.png[/img]


and i tried to disable web proxy also but the problem still persist, thanks and looking for your fast response.


Regards,
pr3p

I used Intrusion Detection with suricata i downloaded and update rules and block or drop p2p, and with web proxy also i enabled ACL and Blacklist destination domains.You may use a regular expression like http://prntscr.com/fap8d0

and it works like a charm,

Not sure what's going on here. No apparent errors, no Suricata-specific changes in 17.1.4. No info about the previous version that worked...

The only think that I know of is ET Open rules changing to UTF-8 characters, causing a bit of fuzz. Patch and details here:

https://github.com/opnsense/core/issues/1516


Thanks,
Franco

Thanks franco problem resolved.

Hello guys any idea/help The suricate services stop working when updated to 17.1.4 released.

Problem Encountered.
-suricata service stop working  and when you click the button or restart the services it starts then a couple of minutes stop working again, the services will stop abnormally.

http://prntscr.com/er5ldg
http://prntscr.com/er5p76


System Logs:
http://prntscr.com/er5py1
http://prntscr.com/er5pda

Recently my web proxy working fine and on previous version upto OPNsense 17.1.1 version.

i setup ACL (Access Control List on web proxy or squid)
=before i can add and allow whitelist and blacklist, even (Block specific MIME type reply) was working before but due to update its not working anymore it blocks or i cant download .iso .exe and .torrent files anymore even those was already removed to blacklist, with previous version its working fine.

yes  :) i reformatted with gparted to ntps and it works fine now, then from ntfs to fat32 hehhehe

Yes, OPNsense supports configuring a transparent squid proxy for HTTPS, but you have to configure the clients anyway (installing the root certificate), if you are not only configuring it for domain filtering only.

You need to enable SSL mode with a root certificate, which is trusted by your clients.

At least in Firefox you will have to import your root certificate. Many other applications are affected too and some use certificate pinning. This are the apps you will have to whitelist because otherwise they won't work.

@fabian thanks for the info, yes i tested to it with cert imported to all browsers and so far i have no problem with it, since we don't have access on personal devices of our staff and students we cant import those cert manually. is there any other way?

Did you also select the CA certificate in the proxy settings?


Cheers,
Franco

@franco yes its the CA Certificate is enabled and selected,

Question: is there anyway to use proxy with ssl enabled w/o configuring any browser setting to use proxy?

SSL mode is not enabled

oh sorry i just temporary disabled now i cant access forum and other website, but when its enable still not working. its only work when i set proxy on my browser

missing certificate, squid not restarted or wrong port?

I already setup certificate and port is correct as the default port for proxy set on firewall.







Proxy is working fine with http only https, but when i set or configure browser to use proxy server both are working fine, is there any way to work proxy ssl enabled without setting on client side such as laptop, mobiles and etc


Regards,
pr3p

[Enable SSL mode]

Hi enabled web proxy services on opnsense, everything is working fine, but when i enabled Enable SSL mode i cant browse https website, any idea? i already set rules on firewall


Reference:
https://docs.opnsense.org/manual/how-tos/proxytransparent.html


Regards,
pr3p

I reinstall OPNSense with fresh 17.1 already thanks for the support.

Just to be sure, unchecking the setting "Password protect the console menu" does not allow you to see the root menu *without* login?

I did franco but still looping on login area and cant proceed on password, its looping and keep asking user only only.

Hi i created a usb bootable drive with usb via Rufu ive notice that im getting BSOD when process is completed on windows machine, even i inserted the usb on windows machine im getting BSOD this is only happen on rufus installer.

Just to be sure, unchecking the setting "Password protect the console menu" does not allow you to see the root menu *without* login?

I did i cant still acces or login on console. it show login but upon entering user: doesnt proceed to password its just on login login login