Netgate Store

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - aGeekHere

Pages: [1] 2 3 4 5 ... 36
Cache/Proxy / Re: Improve Custom refresh pattern
« on: May 14, 2018, 10:18:09 pm »
Being trying to add nvidia updates (using GeForce Experience) to the refresh patten but not having any success

I have tried
Code: [Select]
#nvidia updates
refresh_pattern -i*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 432000 reload-into-ims

#nvidia updates
refresh_pattern -i*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 432000 reload-into-ims

#nvidia updates
refresh_pattern -i*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 432000 reload-into-ims

I get TCP_TUNNEL/200

Are nvidia updates not cacheable?

Cache/Proxy / Re: Squidguard google safe search
« on: April 12, 2018, 07:57:45 pm »
Read the part about forcing google and bing into safe mode, as safesearch in squidguard does not work anymore

I am not sure on this, if you use the transparent proxy then that only listens on port 80 and 443 for MITM.

Is there any way to force safesearch (google youtube etc...) if your DNS is on a Windows Server AD but your gateway pfSense is intercepting all http on a squid instance ?

Read the DNS resolver part in the guide and see if you can use that method.

Cache/Proxy / Re: Squid SSL Splice - intermittent errors
« on: April 04, 2018, 07:17:59 pm »
Use a WPAD (http and https) for the main layer

then use the transparent proxy with SSL Splice All to catch the rest (the rest being any program that cannot have its proxy value set)

Being using this methods without any connection issues

You have to create 3 files in /usr/local/www/

Each having this code
Code: [Select]
function FindProxyForURL(url, host)
    if (isPlainHostName(host) ||
        shExpMatch(host, "*.local") ||
        isInNet(dnsResolve(host), "",  ""))
        return "DIRECT";
    return "PROXY";

Instead of maintaining changes for all 3 files you can create a main file e.g. wpad.da and create a symbolic link for the other 2 files, that way all changes from wpad.da are copied over to the other files.

So now you only need to make changes to wpad.da.

General Questions / Re: CPU - higher single Core Speed vs Multi Core
« on: March 10, 2018, 04:32:24 pm »
Whatever u do, just don't do it like that guy LinusTech in youtube, overkilled it with dual-xeon octo-core something but end up burning through 3 motherboards before giving up.

But going with my original question, higher single core speed vs more cores it looks like even though the dual-xeon octo-core has more total compute power pfsense would better utilize a cpu with higher single core speed.

another example


2 cores @ 2GHZ


8 cores @ 1GHZ

Looks like the higher single core CPU will outperform the one with more cores and total compute power.

Fixed spelling

General Questions / CPU - higher single Core Speed vs Multi Core
« on: March 09, 2018, 04:50:21 pm »
Hi, Does pfsense favour higher single Core Speeds but less cores or slower single Core Speeds but more cores.
Now this depends on your setup or requirements but letís say the scenario is

Users 10 (30 devices)
Connection speed 100mbps
Squid (with caching and proxy http,https)

Now let's compare two cpus (7700K vs 1800X)

The 7700K has a much faster single core clock speed but the 1800X has a much faster total core speed.

So which would be best for pfsense, more cores or faster single core speed?

1. I created two rules, one for port 80 and one for 443 (I will update this part of the guide)

2. I do not think squid works on dual wan

I have multiple vlans with different IP addresses 
I do not use vlans so I do not know, sorry

Why is the difference between Squiguard and OpenDNS?
Squiguard block content on rules you set on your router (totally private).
OpenDNS block content on rules you set on their servers (they see all traffic, also can be slower)

Just one thing I can not get working
Windows updates (as well as Mac and linux) should all be working, if it is not that you may have missed a step. Check that the WPAD is working and your pc is set to auto configure.
If it is still not working read though the guide again, it should work.

We have lots of laptop and pc, is there an easier way to install the cert for all the devices?
You only have to create a cert of squid when using splice all not for all devices

Hope this helps

Tick, select.

I now recommend that you use both, WPAC as the default and transparent with splice all as backup. So software that has no proxy settings still get redirected to the proxy in stead of getting blocked by the firewall rule 80 443. For android you can manually set the proxy, sometimes splice all can show SSL errors when web browsing. I will clean up the guide when I have time.

OpenVPN / Re: openVPN join network game?
« on: September 19, 2017, 07:14:18 pm »
What happen for me was when joining a game when connected through the VPN it was using the local network adapter rather than the VPN adapter, in windows you have to give the VPN adapter higher priority then the local adapter. To test this host a game where it shows you your IP, if your IP is that of your local lan then it has used the wrong network adapter. If the IP is that of the open VPN then it should work.

Pages: [1] 2 3 4 5 ... 36