Show Posts
1
Web Proxy Filtering and Caching / About the CRL expiration and parent proxy feature
« on: July 26, 2023, 05:18:38 am »
Hello guys,
I am new for opnsense and this is my first topic.
I was using CP firewall for a long time(maybe 8 years), when I played VM and installed the opnsense, I found it's amazing and powerful...
Now I am planning to replace the CP, the opnsense now is all-in-one
FW,VPN,DNS,AD-BLOCK,AV,PROXY... and one more important thing is that I can easily customize all the settings 
And I do need some advice on two difficult problem. The first is about certificate, I set a windowd AD CA to the Authorities and issued some certificates from the AD CA, configured the openvpn to use windows AD users auth + certificate, it works perfectly. But the CRL makes me crazy
the windows CA CRL published every 7 days, so I need to update the CRL data in opnsense every week. I'd like to ask if there is any way to set up the opnsense auto download the CRL?
The second is about web proxy, the parent proxy feature setting is not what I want, this settings allow all traffic to the parent proxy exclude the local domain or IPs, but I want to invert this, I only want some domains or IPs going to the parent proxy. My question is if I make changes to the config file '/usr/local/opnsense/service/templates/OPNsense/Proxy/parentproxy.conf' , will it be overwrite in the next packages update? Is there a better way to keep the file persistence?
Thanks and good day!
I am new for opnsense and this is my first topic.
I was using CP firewall for a long time(maybe 8 years), when I played VM and installed the opnsense, I found it's amazing and powerful...
Now I am planning to replace the CP, the opnsense now is all-in-one
FW,VPN,DNS,AD-BLOCK,AV,PROXY... and one more important thing is that I can easily customize all the settings And I do need some advice on two difficult problem. The first is about certificate, I set a windowd AD CA to the Authorities and issued some certificates from the AD CA, configured the openvpn to use windows AD users auth + certificate, it works perfectly. But the CRL makes me crazy
the windows CA CRL published every 7 days, so I need to update the CRL data in opnsense every week. I'd like to ask if there is any way to set up the opnsense auto download the CRL?The second is about web proxy, the parent proxy feature setting is not what I want, this settings allow all traffic to the parent proxy exclude the local domain or IPs, but I want to invert this, I only want some domains or IPs going to the parent proxy. My question is if I make changes to the config file '/usr/local/opnsense/service/templates/OPNsense/Proxy/parentproxy.conf' , will it be overwrite in the next packages update? Is there a better way to keep the file persistence?
Thanks and good day!