Messages

Hi, I just reinstalled the OPNsense and trying to install the Sensei plugin but script is timing out.

Hello Guys, Currently i am running Sensei plugin for web filtering which does not have cache feature. Most of my network system are Ubuntu and updating from command line uses HTTP so i use squid Transparent HTTP for that purpose. It works for me all fine.

I am running internally a web server which i access from outside as port forwarding from WAN and it works internally as well. With "Reflection for port forwards", "Reflection for 1:1" & "Automatic outbound NAT for Reflection" enabled, i can access it with WAN IP from internal / LAN network.

Only issue is that when i access web server (Port 80) from inside with WAN IP with Transparent proxy enabled, it will not pass that traffic and after a minutes of trying to access the link it just timed out. If i disable proxy then it start working all fine.

I need transparent http for cache and sensei for web filtering & logs so If anyone has any solution please provide..

Hi Guyz, In my another setup i am using web proxy as explicit configuration. I am also using ldap authentication for that.

Everything works just fine. The only issue is that any system application which do not have settings for proxy setup or do not ask for authentication, is not working.

How can i allow those applications to use internet.

Firefox has its own proxy settings so it will work but google chrome uses system proxy settings so i have to enable proxy for entire system.

I know i can only enable HTTP and HTTPS in proxy settings and leave everything empty and it works but i am looking if there is any other solution for allow some applications without authentication with letting all go through the proxy.

This worked, Thanks. Now my command line updates and software centre both working including other applications.
Chrome use the certificate from system but Firefox still needs the certificate to import manually.

Now i have this issue: Only in 1 machine and only in Google chrome. Machine is Windows based.
Happens only When user try to access google or any google website, all other websites working fine.

Failed to establish a secure connection to 74.125.68.94
The system returned:
(92) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)
Handshake with SSL server failed: error:140920F8:SSL routines:ssl3_get_server_hello:unknown cipher returned

Hey Guys, I am running transparent proxy (HTTP and HTTPS)
1. If i enable "ssl inspection" and do not add any site to "ssl no bump site" then it opens every single website except slack, google and its websites.
2. For same as  1 and if i add .google.com and .slack.com in "ssl no bump site" then it allows slack and google and its website but block every other website until i add an certificate to web browser of all the clients.
3. But using https from command line or any other way (Software center of ubuntu) then it gives an error.

Any solution in this situation ?
OR
Any option to add certificate to entire system so that no matter which way i access https (web browser, command line or other applications like ubuntu software center / slack / etc) i will allow it always.. (I run  Windows, Linux and Mac systems in network)

Hi, Using Sensei plugin and its great. Need help in few thing:
1. Is there any live view to know which IPs are using the most bandwidth and then drill down to specific IP to check what sites / services it is using and which site / service is consuming the most. (I use ntopng and it has very nice view to tell which devices are consuming most bandwidth only)
2. I do not know why but when i check the "Table of Local / Remote hosts, it shows bytes in / out which is very low as compared to ntopng. and i have avg 25-30 devices running all the time out of 50 devices but it only show few so how can i list all of them.
3. Is there any way to get all the web history of a user or users ?
4. Is there any way to bind names to IP (local / LAN IP) as squid does in web proxy ?
5. It filter web traffic and works as transparent web proxy so is there any way to use it as cache server as well or if you are planning for it in future.

Yes, they are. I mean i have enabled the "Auto detect proxy" in web browser. Do i need to add it somewhere else in OS.

I have already followed this tutorial, I don't know what i am doing wrong but it doesn't work for me. I have created the rules as per steps as in guide. Enabled all options one by one for auto discovery and even enabled all 4 of them but nothing works.

Are these rules default for any basic network or just the reference. My opnsense is my DHCP, Secondary DNS. I checked it by using single dns i.e. opnsense as primary dns. nothing works..

Hey Guys, I have OPNsense configured as gateway in my 50 users network. I want to use Cache server only and only for Linux and Windows update, No web filter (HTTP or HTTPS). Is there any way i can do it without SSL inspection in transparent mode. I do not want to break authenticity of packet due to SSL MITM.

Many users take laptops to home so can not configure proxy explicit. I am not able to setup WPAD so if any one has very stright forward settings guide for WPAD, i will be greatful. I have one Internal network (LAN) and one OpenVPN setup for 10 users.

Also i have opnsense configured on different ports for login of HTTPS and SSH.