Messages

Figured it out!

I added the rdr rule in the wrong place, should be on NAT, PortForward

Source LAN net -> port * -> Destination "ALIAS" -> port 80 & 443 -> gateway *

And for the unrestricted IPs on LAN:

Source ADMIN alias -> port * -> Destination * -> port * -> gateway *

I added now firewall alias for the site (IP and FQDN) HOST and added a rule before all other rules:
Source LAN net -> port * -> Destination "ALIAS" -> port 80 & 443 -> gateway *

But still! blocked by proxy
What am I doing wrong?

I followed the tutorial described on the OPNsense site HOWTO https://wiki.opnsense.org/manual/how-tos/proxytransparent.html
So like described there the rules for 3128 & 3129.
Weird thing is SSL nobump is configured for the site in question (https://www.nfe.fazenda.gov.br) but it is still in the middle......

Hi,

I´m new here and rolled out some OPNsense installations with clients.
So far OPNsense supersedes my expectations (am also fanatic pfSense user), so keep up the good work!

With one client I have problems with the bypassing the transparent proxy for some government sites in Brazil.
I added the domain to SSL no bump, whitelist in access control, but still it is giving an error.
It says:
"ERROR requested URL could not be retrieved" Failed to establish secure connection to 200.x.x.x (IP from site)"
(92) Protocol error (TLS code X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
SSL Certificate error: certificate issuer (CA) not known: "issuer from certificate (which is valid)"
This proxy and the remote host failed tonegociate a mutually acceptable security settings for handling your request......

Locally (desktop browser)  installed the self issued CA certificate from OPNsense and locally installed the certificate needed to access this site (government).

So I added the URL, IP, to mentioned sections, but still it looks like the proxy is in between.
I´m a little lost now...  :o
Anyone an idea????

regards