On 2016-01-05, Craig Skinner <[email protected]> wrote: > Hi Carlo, > > On 2016-01-04 Mon 16:36 PM |, C.L. Martinez wrote: >> >> I have configured squid in an OpenBSD host acting as a transparent proxy. >> Actually all works OK for all traffic except for SSL/TLS, ex: port 443. >> > > I don't use it transparently, but here are some links from those who do: > > http://www.benzedrine.ch/transquid.html > http://www.kernel-panic.it/openbsd/proxy/
^^ out of date > http://nomoa.com/bsd/gateway/proxies/web.html ^^ doesn't really deal with "transparent" proxies other than telling you not to > http://wiki.squid-cache.org/ConfigExamples/Intercept/OpenBsdPf > http://wiki.squid-cache.org/KnowledgeBase/OpenBsd These should be pretty much OK, though they cover two different config cases, one of which is a bad idea and involves either running squid as root or giving it access to /dev/pf. The docs in the pkg-readme are probably a better bet for someone using the package as they only cover the method needed for the way that the squid package is built. However OP has got this side of things working already, the problem is only when using it with SSL MITM. I'd suggest double-checking the PF rules, but I need to get this working myself soon too, so I'll try and put a test setup together.
