On 01/05/2016 04:29 PM, Stuart Henderson wrote:
On 2016-01-05, Craig Skinner <skin...@britvault.co.uk> wrote:
Hi Carlo,
On 2016-01-04 Mon 16:36 PM |, C.L. Martinez wrote:
I have configured squid in an OpenBSD host acting as a transparent proxy.
Actually all works OK for all traffic except for SSL/TLS, ex: port 443.
I don't use it transparently, but here are some links from those who do:
http://www.benzedrine.ch/transquid.html
http://www.kernel-panic.it/openbsd/proxy/
^^ out of date
http://nomoa.com/bsd/gateway/proxies/web.html
^^ doesn't really deal with "transparent" proxies other than telling
you not to
http://wiki.squid-cache.org/ConfigExamples/Intercept/OpenBsdPf
http://wiki.squid-cache.org/KnowledgeBase/OpenBsd
These should be pretty much OK, though they cover two different
config cases, one of which is a bad idea and involves either running
squid as root or giving it access to /dev/pf.
The docs in the pkg-readme are probably a better bet for someone
using the package as they only cover the method needed for the way
that the squid package is built.
However OP has got this side of things working already, the problem
is only when using it with SSL MITM.
I'd suggest double-checking the PF rules, but I need to get this
working myself soon too, so I'll try and put a test setup together.
Thanks Stuart. It is correct: my squid is working ok in transparent mode
when services are not encrypted via TLS/SSL, ex: http, 1025><655535 ...
The problem is only with SSL/TLS services ....
