Messages

1

17.1 Legacy Series / Re: Upgrade from SSH

« on: July 11, 2017, 06:01:24 pm »

The problem is indeed about fetch, but i can't seems to find a proper functionnal solution.
It throws me back "Proxy authentication required" even though i specified username and password for the proxy in environment.

2

17.1 Legacy Series / Re: Upgrade from SSH

« on: July 04, 2017, 01:33:47 pm »

Problem is still up ...
Can't seems to find solution.

3

17.1 Legacy Series / Upgrade from SSH

« on: June 20, 2017, 03:22:06 pm »

Hello,

I'm managing one OPNsense that is functionnal behind another proxy, modifications are done properly to set :
- a parent proxy in squid.conf
- setenv for parent proxy in pkg.conf.


However when i attempt to upgrade from SSH, it returns me :

Fetching packages-17.1-OpenSSL-amd64.tar: .............................................................opnsense-verify: Unable to open /var/cache/opnsense-update/2640/packages-17.1-OpenSSL-amd64.tar: No such file or directory
 failed


Any pointer to look into this problem ?

Regards.

4

General Discussion / Re: Extending the whitelisting in proxy

« on: January 03, 2017, 11:26:07 am »

Updated previous post with possible solution, could be marked as solved i think.

5

General Discussion / Re: Extending the whitelisting in proxy

« on: December 20, 2016, 10:52:56 am »

Hello,

Found out, it seems working with the following value: ^.
This should block every addresses and domains unless you allowed specifically the domain or ip access in "unrestricted ip addresses" or in "whitelist".

Thanks.

6

16.7 Legacy Series / Re: [SOLVED] Squid Parent Proxy

« on: December 08, 2016, 03:01:22 pm »

Oh my god i'm stupid ... it's not even thoses files ...
I edited the wrong file in fact ...

So actually i have default files and added theses lines, and it worked like a charm !
My bad again


squid.user.post_auth.conf :
- No file in /OPNsense/Proxy/ - one include in squid.conf -

squid.user.pre_auth.conf :
- No file in /OPNsense/Proxy/ - one include in squid.conf -

squid.conf :

#
# Added for Parent Proxy auth
cache_peer 192.168.*.* parent 3128 0 no-query no-digest default login=login:password
never_direct allow all

Is it normal that i can still access to parent proxy webpage or even internet directly with parent's proxy in browser parameters ?
I added a NAT port forward traffic port 80 to be redirected into 127.0.0.1:3128.
There is a No-Proxy bypass in OPNsense's firewall rules for LAN ...

And still can pass if i specify directly parent's proxy in web browser ... missed something with routing ?



Also, what about PKG trick with this Proxy Parent Auth ? Still has to be specified ?
https://forum.opnsense.org/index.php?topic=3833.0

Actually testing.

7

16.7 Legacy Series / Re: [SOLVED] Squid Parent Proxy

« on: December 07, 2016, 09:31:23 am »

# Added for Parent Proxy auth
cache_peer 192.168.*.* parent 3128 0 no-query no-digest default login=login:password
never_direct allow all
# Configure Local User Authentication helper
auth_param basic program /usr/local/etc/inc/squid.auth-user.php
{% if helpers.exists('OPNsense.proxy.forward.authentication.realm') %}
auth_param basic realm {{OPNsense.proxy.forward.authentication.realm}}
{% endif %}
{% if helpers.exists('OPNsense.proxy.forward.authentication.credentialsttl') %}
auth_param basic credentialsttl {{OPNsense.proxy.forward.authentication.credentialsttl}} hours
{% endif %}
{% if helpers.exists('OPNsense.proxy.forward.authentication.children') %}
auth_param basic children {{OPNsense.proxy.forward.authentication.children}}
{% endif %}
# ACL - Local Authorized Users - local_auth
acl local_auth proxy_auth REQUIRED

Actually it's a Double NAT configuration with double proxy, the endpoint is allowing only http connections for auth.

8

16.7 Legacy Series / Re: Squid Parent Proxy

« on: December 06, 2016, 03:27:26 pm »

hi,

i'm little confused. Franco wrote 16.1.16? AD wrote dev version... i followed the link. i use 16.7rc2 (release topic). in the announcement of Franco for this "proxy: move ACL parts to separate file and allow pre and post hooks"
i created the file (/core/issues/802) /usr/local/opnsense/service/templates/OPNsense/Proxy/squid.user.post_auth.conf and have the parameters entered, but this does not work.

cheers till

Hello,

I found out about this value that i could add here :
http://www.squid-cache.org/Doc/config/cache_peer/
Specified correct parameters for this parent proxy with "login=user:password" for parent's auth.

However still having issue to browse internet page, on logs i get TCP_MISS/503 4473 GET http://www.google.com/ - HIER_DIRECT ...

This is quite strange since i followed the entire configuration in OPNsense's How-To (Caching Proxy + Transparent Proxy).

Any pointer ?

9

General Discussion / Re: Extending the whitelisting in proxy

« on: December 02, 2016, 05:28:45 pm »

I am actually looking for this solution as well since i want:

- To block everything for some computers and only allows updates links in whitelist.
- To block everything and only allows a bigger whitelisted links added manually.
- Allows everything for specific IPs.

Which means having several whitelists and being able to block everything for specific computers / servers.

Dunno if it's actually possible ... ?


Edit:
I tried to add "*.*" and "*" on the blacklist whitout effect.
I wish to block everything and only accept whitelisted domains or links.

10

16.7 Legacy Series / Re: Upstream Proxy Gateway

« on: December 02, 2016, 03:26:52 pm »

For next peoples who are wondering too this trick worked smoothly:
https://forum.opnsense.org/index.php?topic=3833.0

I don't know about HTTPS, but for HTTP it went immediately after a reboot.

11

16.7 Legacy Series / Upstream Proxy Gateway

« on: December 01, 2016, 11:38:45 pm »

Hello,

I have actually the exact same question than this user: https://forum.opnsense.org/index.php?topic=2252.0
Since it seems not to be in "System: Settings: Miscellaneous" anymore.

Has been moved ?

Thanks folks !