Problem with Transparent Proxy

Started by ohara, April 27, 2023, 12:43:59 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 27, 2023, 12:43:59 AM
Hello to all forum users.

I have this problem, I have configured Transparent Proxy in OPNsense 22.7-amd64.
I used the information contained in the YouTube: OPNsense Web Filtering/Proxy Configuration and in the Setup Transparent Proxy guide

And something is wrong.
I created a new certificate authority,
I imported the key into my OS and set it as trusted.

And it still (on some pages) shows me the messages: Software is preventing Firefox from connecting securely to the page.
And on other pages, e.g. with movies, it loads the page but as if the CSS stylesheet is missing.

What can I do to fix this problem.
April 27, 2023, 01:09:36 AM #1
Hi, you followed this guide? https://docs.opnsense.org/manual/how-tos/proxytransparent.html

You probably need to import the certificate into the Firefox Browser and not the OS. Or enable Firefox to search and import OS CA's: https://support.mozilla.org/en-US/kb/setting-certificate-authorities-firefox
April 27, 2023, 01:20:42 AM #2
OK, I'll check out this guide and follow your suggestion.
If there's still a problem, I'll ask again.
April 27, 2023, 01:49:09 AM #3
I answer:
I followed this: https://docs.opnsense.org/manual/how-tos/proxytransparent.html , and this tutorial: https://www.youtube.com/watch?v=o67NaMbjwaE
But there was nothing about changes in Firefox.

Regarding Setting Up Certificate Authorities (CAs) in Firefox
i have to screw it up. From what I've read, I have to make changes in the registry editor.
April 27, 2023, 09:59:39 AM #4
Hello again,
I followed the suggestions
TrustedComputer, and it works fine.
But ... another problem arose. Before I set up a transparent proxy, this directive placed in the file: sqiud.conf worked (and blocked me from Facebook):

Code Select
acl facebook dstdomain facebook.com
http_access deny facebook.

Now in transparent proxy doesn't work,...why? I also duplicated this in pis in the header.conf file located in the directory: \usr\local\etc\squid\
April 27, 2023, 07:31:45 PM #5
Please consider the previous entry as non-existent, I managed to remove the error.

But that's not all, another problem has arisen.

I set up an additional user account on win7, I did the same as "TrustedComputer" told me, and here is a total failure. At the top (next to the address bar) there is a padlock with an exclamation mark and the inscription unsecured.

Firefox shows the message: "'google.com' is probably a secure site, but a secure connection could not be established. This is caused by the program 'opnsense-ssl-ca' running on this computer or network."

Do colleagues have any suggestions?
April 27, 2023, 09:20:13 PM #6
Gentlemen, I withdraw all questions.  :)
Due to my failure to read the advice contained here: https://support.mozilla.org/en-US/kb/setting-certificate-authorities-firefox, I had an error.
Now everything works!!!!!
Print
Go Up Pages1
User actions