Messages

Hi!

I found something: http-traffic (80) works fine with captive -> proxy. https-traffic (443) is running into timeout.

My Proxy-Config is:
- Proxy Port 3128
- SSL Proxy port: 3129
- Enable Transparent HTTP proxy: activated

(is there no transparent for SSL?)

In captive-conf i've activated Transparent proxy (HTTP) and Transparent Proxy (HTTPS).

i have one firewall rule to allow traffic (TCP) to 127.0.0.1 3128-3129 and for testing allow traffic (TCP) to 192.168.15.254 (OPNsense) 1328-3129.

For HTTP it works fine now. For SSL not.

Thanks for your answer Franco.

I have an OPNsense in version 22.1.8.

On the OPNsense I have a WAN GW and 3 LAN interfaces. 2 of them are VLANs.

One of the VLANs will be the guest network for visitors in the future. Here I need the captive portal for the consent of the terms of use and I need the possibility to block single websites.

The guest network has as IP configuration 192.168.12.x/22. The OPNsense has the fixed IP 192.168.15.254 in this LAN.

The captive portal and the web proxy are only bound to this guest network.

I have created firewall rules only for the guest network. I allow ports 3128 and 3129 (TCP) to 127.0.0.1 (proxy) (but have also tried 192.168.15.254). For testing purposes, I also set nothing to be blocked on a trial basis.

In Captive Portal I have enabled Transparent Proxy HTTP and HTTPS.

The client requests also show up in the Squid log file, but the clients don't seem to get the web pages back (timeout).

Example from the Squid log file:

Code Select Expand

56 192.168.12.50 TCP_REFRESH_MODIFIED/200 329 GET http://ping.archlinux.org/nm-check.txt - ORIGINAL_DST/95.216.195.133 text/plain

Could it be that I am missing a firewall rule here that allows the proxy to deliver the web pages to the client?

What other information do you need to help me?

Hey,

I have activated the captive portal for the network "guest network", without authentication, just a click on login. This works without any further problems.

I have now enabled the web proxy (as transparent proxy, without authentication) in the guest network. This also works without problems, if I deposit it directly in the browser.

But now I want (so that I can block some URLs for the guest network) to switch the captive portal and the proxy together. The login window from the captive portal comes up, but calls to the web then don't work (the request shows up in the access logs from the proxy, but the browser times out).

Both the captive portal and the proxy are bound only on the interface of the guest network. I have not temporarily blocked anything in the firewall.

I have found various similar problems on the net, but never a suitable answer. Has anyone here ever successfully set it up this way?

I would be grateful if someone could help me.

Moin moin :)

Ich habe für das Netz "Gast-Netz" das Captive Portal aktiviert, ohne authentifizierung, einfach nur ein Klick auf Login. Das funktioniert ohne weitere Probleme.

Ich habe nun in dem Gast-Netz den Web-Proxy (als transparenten Proxy, ohne Authentifizierung) aktiviert. Dieser funktioniert auch ohne Probleme, wenn ich ihn direkt im Browser hinterlege.

Nun möchte ich aber (damit ich einige URLs für das Gast-Netz blocken kann) das Captive Portal und den Proxy zusammen schalten. Das Login-Fenster vom Captive Portal kommt, Aufrufe im Web funktionieren dann aber nicht (die Anfrage tauch in den Access-Logs vom Proxy auf, aber der Browser läuft in einen Timeout).

Sowohl das Captive Portal, als auch der Proxy sind nur auf dem Interface des Gast-Netzes gebunden. In der Firewall habe ich temporär nichts geblockt.

Ich habe schon diverse ähnliche Probleme im Netz gefunden, aber nie eine passende Antwort. Hat das hier schonmal jemand erfolgreich so eingerichtet?

LG
Stephan