Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
Double Proxy / Applications Proxy + Squid
« previous
next »
Print
Pages: [
1
]
Author
Topic: Double Proxy / Applications Proxy + Squid (Read 3000 times)
mcc85
Newbie
Posts: 7
Karma: 0
Double Proxy / Applications Proxy + Squid
«
on:
March 01, 2019, 04:03:30 pm »
Here is the video you probably want to see...
https://www.youtube.com/watch?v=GBRcBGL3SwI
And, here is an explanation as to why I am doing things in this manner.
https://youtu.be/HmvA0h60rm8
«
Last Edit: March 25, 2019, 08:55:00 pm by mcc85
»
Logged
mcc85
Newbie
Posts: 7
Karma: 0
Re: Double Proxy / Applications Proxy + Squid
«
Reply #1 on:
March 24, 2019, 06:49:13 am »
This does talk about opnsense a ways down
-----
I just wanted to provide an update to what I've managed to do.
So, I've found out the hard way that Nexus Repository does NOT include the actual files from the vendors. So, if you have a package you'd like to use, it only ensures that the program is approved it is then given a certification and automatic installation script. That's all Nexus appears to do unless you dig a little deeper and are willing to pay money for C4B. Since I've been in active development mode, I haven't been able to validate whether a C4B license would be useful to me. I've actually engineered a way around having to use chocolatey at all, and it all came down to the deployment scripts that I've built.
I'll give anyone who's willing to read a little bit of an explanation as to what I've been up to.
I have worked with a few companies that used SCCM, it's Microsoft's way of providing the most up to date executables for domain environments. There is also MDT which you can use and it is free. However, there is an incredibly steep learning curve if you want to encapsulate it and make it more malleable, otherwise you'll have to constantly reload the boot images and pipe them over to WDS for deployment.
I built a solution that encapsulates all of what MDT/SCCM, WDS, Image and Configuration Designer, System Image Manager, Chocolatey, Ninite, PCMover, and many other programs... into one program that I've developed that runs on 15 root variables. It's ubiquitous. It works every time, for every machine, and has the latest versions of each program you want installed, it bypasses a need to use sysprep and oobe preparations, as it actually dynamically builds the version of the image you want to use with all of your drivers, applications, settings, oem stamping, all of that jazz, it also incorporates a way to automatically inject your SSC's from Acme or otherwise, and I'm looking to integrate what the server side does with opnsense directly through powershell.
I'm not quite ready to pioneer this side of the fence, I'm still working on auto-spawning server and child items, setting up role templates and things like that where if you're using a computer with a specific printer or device, or a specific set of tools for any given subset, then it'll install what it needs, including file sharing, security roles, certificates, etc.
The reason I was asking about this double proxy approach was simply because I think that it would've been a great way to avoid having to statically write in the application templates I was looking to deploy, however, it appears that there's about 6 dozen ways it can be done and a lot can go wrong. I would very much like to integrate what I've built more closely with opnsense, but I do not have the experience necessary beyond the more simple tasks I've gone over a bunch of times.
I think a reason why I've been so hesitant to do much with opnsense is simply because I don't have a whole lot of experience with BSD. Yes, I have played with all types of routers and switches, the basic functions of the software is all well known on my end... but the more advanced functions? That's where I think the documentation in the front end in addition to the material on the site could use a refresh. A lot of the manuals are outdated, the images and processes altogether really need to be updated, but not only that, I think that the 'additional information' for many advanced features leaves a lot to be desired. For instance, if I want to know what a particular option does, it sure would be nice to have an example of what each setting is supposed to do. Case in point, I wanted to set up an HAProxy frontend and backend, and a lot of the terminology was known to me, but as I looked through the manual, I realized that the pictures and descriptions were leaving a lot of the options out and not even explaining why. That's what I'm referring to, things like that.
As it is, I have DHCP and DNS turned completely off on my opnsense router, and I want to use it for proxying updates like applications that are less than 300mb. I also want to use it for OpenVPN static tunnels and more IPv6 NAT related stuff, but there appears to be a lot of holes with IPv6 in general and I don't think that this software has really done a lot to explain how to engineer around them like you can with IPv4.
That being said, I just wanted to give everybody an update because it seems obvious that some people might've been interested in the idea. However, I think that the reason Unify seems to be really popular is because of the active community support. Not my cup of tea honestly. I like learning how to use projects like this and I'm glad that I stumbled across it. I'm a port over from pfsense and I think opnsense is definitely superior to it in every way. Why? Well, for one thing, I've never had opnsense crash during an update. That's something that has happened virtually every other time I try to update a pfsense box. There's also the default out of the box security, like you can't just tap on the friggen keyboard and get into the opnsense box. I realize that's probably a default setting and such, but still, the fact that you guys are that determined to make it that hardened, deserves some special recognition.
At some point when everything I've been building gains some traction, I do intend on getting an enterprise account with Deciso, but there's still a lot left to learn before I do.
Anyway, enough ranting. Thanks for building a kick ass firmware.
-MC
«
Last Edit: March 24, 2019, 06:50:54 am by mcc85
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
Double Proxy / Applications Proxy + Squid