Hi all,
I’ve been trying to configure a transparent squid proxy on my PFSense router for a few months to no avail. I believe I’ve narrowed the issue down to a issue with the package and the firewall rules. Downloads typically fail around the 200-300MB mark because the connections appear to be asymmetrically routed as described here https://www.netgate.com/docs/pfsense/firewall/troubleshooting-blocked-log-entries-due-to-asymmetric-routing.htm
I’ve attempted to fix this by creating sloppy state and outright disabling state tracking on connections from my local devices(192.168.1.1/24) to PFSense box (192.168.1.1), these rules were somewhat successful as downloads would crash around the 500-900 instead of earlier. I’ve also made sure that these rules were present on both LAN and Floating Tabs.
I can confirm that the proxy is caching HTTP resources on disk and in memory, the access logs confirm that hits are being made. Since I’m running a OpenVPN connection I have a series of gateway redirection rules present on the LAN interface which route traffic over the VPN Gateway. I’ve attempted to configure the squid proxy to bind to the LAN interface in transparent mode. Strangely I’ve noticed when i do this the throughput of the connection is 12MB/s as opposed to the regular 9MB/s when using my desktop with its traffic being routed to the VPN gateway, this is why i think asymmetric routing is occurring
Is there any way of binding squid the WAN and VPN interfaces and transparently intercepting HTTP traffic on them in an effort to bypass the issues with binding squid to the LAN interface. I’m just guessing but any traffic that is intercepted in this manner should by symmetric in nature? I’ve tried to do this in the GUI but nothing happens, downloads work as they normally do with no caching
Other than that the only other changes I’ve made is I’ve tuned boot.conf and a few other system tuneables just to optimize speed and efficiency.
Help is greatly appreciated I really want to put my 8GB of memory and 120GB SSD to good use but these issues are driving me insane, cant tell if its an issue with my setup or the current build squid is just broken.