Parent Proxy Slower in OpnSense than a standard squid proxy

[wild1145]

Hoping someone may be able to help. I currently have a standard squid proxy running on a linux box, which routes all traffic to an upstream proxy out of my control.

This current setup is fine, but requirements have changed and we need a proper setup, and OpnSense was what I have chosen to implement this setup. However, when I enable the proxy and configure the parent proxy the proxy either flat out doesn't work (Connections time out), or they are so exceptionally slow that it takes between 2 and 5 mins for a page to load, often missing assets.

I know the parent proxy works fine, as it currently works and is how I'm posting this, and the existing squid proxy I built before also works fine and is working with the parent proxy, but when I switch this existing squid proxy out for OpnSense things don't work.

I have even tried disabling the parent proxy option in the GUI, and using a custom set of configuration on the box that imports pre-auth to mirror what I currently have, and that's also had no success...

Any thoughts on how this should be done would be appreciated. 

[mimugmail]

You should first try to get it running without parent. Check ports, Firewall rules, acl and squid log.

[wild1145]

Can't get anything working without a parent as we have no internet connectivity without going through it.

I've managed to work around it anyway, because we explicitly state the proxy configuration I'm just going to disable the OpnSense Web proxy and use outbound NAT rules to forward it to the upstream proxy. Seems to work well enough in testing now.

[mimugmail]

Puh, this is hard to troubleshoot from remote :(

[fabian]

FYI: The squid in OPNsense is imho not modified by us. So it should be also just a "standard" squid which may have some patches from FreeBSD/HardenedBSD.