I have a PFSense router running Squid Proxy with ClamAV antivirus. I want to connect all my windows computers from the LAN network to the proxy on default port 3128. My windows PC loses internet access when i enable the manual proxy settings.
2 DISCOVERIES
I can access example.com on HTTP but not HTTPS
I can ping google.com successfully
These 2 facts suggests Squid is getting hung up on redirecting my requests.
Turning off the proxy in Windows returns internet access. My network has 4 subnets
10.0.0.0/30 - REVERSEPROXY 10.0.1.0/24 - INTRA 10.0.2.0/24 - DMZ 10.0.3.0/24 - LAN 10.0.4.0/24 - VPN PF Sense Firewall: ALLOW ALL traffic on all subnets. Nothing is blocked
SQUID PROXY SETTINGS / Squid General Settings
Enable Squid Proxy: ENABLED Keep Settings/Data: ENABLED Listen IP Verdion: IPv4+Iv6 CARP Status VIP: none Proxy Interfaces: LAN, INTRA, DMZ, REVERSEPROXY, VPN Outgoing Network Interface: Default Proxy Port: 3128 IPC Port: Blank Allow Users On Interface: ENABLED Patch Captive Portal: Removed Resolve DNS IPv4 Fist: NO Disable ICMP: NO Use Alternate DNS: BLANK Extra Trusted CA: THEARKNET.ME Transparent HTTP Proxy: DISABLED SQUID PROXY SETTINGS / SSL Man In The Middle Filtering
HTTPS/SSL Interception: ENABLED SSL/MITM Mode: Splice Whitelist, bump otherwise SSL Interception: LAN, DMZ, INTRA, DMZ, RVERSEPROXY, VPN SSL Proxy Port: BLANK SSL Proxy Compatibility Mode: Modern DHParams Key Size: 4096 Remote Cert Checks: Accept remote with error + Do not verify Certificate Adapt: BLANK SQUID PROXY SETTINGS / ACLs
Allowed Subnets: 10.0.3.0/24 Unrestricted IPs: 10.0.3.2, 10.0.3.3 SQUID PROY SETTINGS / STATUS
HTTP/1.1 403 Forbidden Server: squid/6.12 Mime-Version: 1.0 Date: Sat, 01 Nov 2025 04:27:38 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3707 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en Cache-Status: localhost Via: 1.1 localhost (squid/6.12), 1.1 localhost (squid/6.12) Cache-Status: localhost;detail=no-cache Connection: close ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://localhost:3128/squid-internal-mgr/info Access Denied. WINDOWS PC
IP: 10.0.3.2 Subnet Mask: /24 Gateway 10.0.3.1 Proxy: 10.0.3.1 Port: 3128 Trusted CA THEARKNET.ME has been exported from PFSense and added to the Trusted Root Certification Authorities in Windows.
Everything has been restarted compulsively
EDIT: MORE TESTING
Ran the following command on PFSense
[email protected]/root: sockstat -4 | grep:squid 10.0.3.1:3128 [email protected]/root: curl -vk -x 10.0.3.1:3128 https://example.com 200OK [email protected]/root: grep -E "https_port|ssl_bump" /usr/local/etc/squid/squid.conf ssl_bump peek step1 ssl_bump bump all [email protected]/root: cat /var/log/squid/access.log nothing Disabled ClamAV and restarted Squid. Nothing
SQUID PROXY SETTINGS / SSL Proxy Port has been changed to 3128 and squid has been restarted
SQUID PROXY SETTINGS / SSL Proxy Port has been changed to 3129 and squid has been restarted
Reinstalled Squid with the PFSense Package Manager
LOGS
