OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of ejball02 »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - ejball02

Pages: [1]
1
Web Proxy Filtering and Caching / Re: Let's Encrypt and SSL Content Filtering
« on: June 13, 2021, 03:29:53 pm »
Quote from: ejball02 on June 13, 2021, 02:28:42 pm
Next question. Does Opnsense have a plugin which will push an internal certificate to connected devices when the network doesn't have group policies or active directory?

Let me rephrase the above question... Has anyone used Captive Portal to push a self-signed cert to a guest machine, when there is no GPO/AD?

2
Web Proxy Filtering and Caching / Re: Let's Encrypt and SSL Content Filtering
« on: June 13, 2021, 02:28:42 pm »
Google search didn't pull up anything on Symantec / Blue Coat case. But I'll keep looking.

Next question. Does Opnsense have a plugin which will push an internal certificate to connected devices when the network doesn't have group policies or active directory?

There are some humanitarian non-profit organizations, who don't have budgets for IT hardware/software and staff to support. So it seems there would be a big demand for a product that can both allow/block ports as well as allow/block content easily. Doesn't necessarily have to be turn-key but something a volunteer, like myself, can add to a network.

3
Web Proxy Filtering and Caching / Let's Encrypt and SSL Content Filtering
« on: June 12, 2021, 09:54:45 pm »
Is it possible to use Let's Encrypt cert for SSL filtering (transparent proxy)? I'm using the internal one right now, but everyone on the guest network gets the famous ERR_CERT_AUTHORITY_INVALID message. It's a guest network, that means, tablets, phones, laptops all kinds of different devices and different people. So, not possible to tell everyone they have to save the internal certificate into their browser. None of the guests even knows what that means!

If it's not possible then how can SSL be filtered? I created an AWS cert, and downloaded that to Opnsense, but that didn't do anything. I've also added Sensei plugin, free version, which gives some level of control, but still looking for a solution. Any ideas?

4
Tutorials and FAQs / Re: Tutorial: OPNsense, HAProxy, Let's Encrypt, Wildcard Certs, 100% A+ SSLLabs
« on: June 01, 2021, 08:55:28 pm »
I'm using a self-signed cert for HTTPS inspection for content filtering. I've got OPT2 configured as a guest network on my Protectli, and content filtering, using shallalist works great. Only downside, is that when I try to access am HTTPS site, Firefox/Chrome always give a warning page: "Your connection is not private" "ERR_CERT_AUTHORITY_INVALID". After much Googling, I came across an old post, that said Let's Encrypt can give public certs which would get rid of the message.

I added the LE plugin but couldn't figure out, how to create a cert for use on the Foward Proxy "CA to use" field, required for SSL inspection. Looking through this walkthrough, I'm wondering if there is something here that can help achieve creating a cert for content filtering. Anyone have any experience with this?

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2