Home » HowTo » pfSense SQUID configuration for VMware homelab

pfSense SQUID configuration for VMware homelab

How many times the same files are downloaded over and over again maybe from different machines? Not to mention the common web sites frequently accessed everyday. One way to reduce the network bandwidth and improve response times is by caching content to a temporary location. This article covers the main steps to install and run pfSense SQUID configuration in a VMware homelab.

There are many benefits for doing so. Last but not least the ability to cache redundant data like for example Windows Updates recurring on a number of machines. Certainly, purpose built update managers like Windows Server Update Services (WSUS) offer way more specific features. With a more agnostic and flexible approach for an heterogeneous environment like a homelab the pfSense SQUID configuration is probably one of most cost effective way in terms of resources.

pfSense SQUID setup

First steps to proceed with the pfSense SQUID configuration is to download and install the package directly from the pfSense System > Package Manager > Available Packages.

Next is to search for “SQUID” and the first package to install is the one with same name (version 0.4.44_9 at the time of installing the package). Lightsquid and squidGuard will be covered in a different article. Once ready press install.

domalab.com pfSense SQUID setup VMware

An additional screen will appear to confirm the package install. Upon confirmation, the selected package is downloaded and automatically installed. Before closing the window it is a good idea to copy the info on the package installation screen into a notepad or similar as it contains interesting extra info including documentation.

domalab.com pfSense SQUID setup VMware

Now that the pfSense SQUID package is installed next step is to proceed with first configuration. It is recommended to setup all the desired configurations, save and then check the box to enable the Squid proxy service with latest config. In the Proxy interface(s) field the ability to select the individual networks or VLANs where the Web Proxy is enabled. Allows the selection of multiple networks. By default the Squid port is 3128. Can be changed  if desired. In general default settings work for majority of installs.

In addition, it is also possible to specify for which network pfSense SQUID works as Transparent Web Proxy.

domalab.com pfSense SQUID setup VMware

Next step is to move to Local Cache tab. From here the option to define finer details like the Cache Replacement Policy and the associated algorithms. In particular there are the following options:

  • Heap LFUDA

Keeps popular objects in cache regardless of their size and thus optimizes byte hit rate at the expense of hit rate.

  • Heap GDSF

Optimizes object-hit rate by keeping smaller, popular objects in cache.

  • Heap LRU

Works like LRU, but uses a heap instead.

  • LRU

Keeps recently referenced objects (i.e., replaces the object that has not been accessed for the longest time).

domalab.com pfSense SQUID setup VMware

Following on the screen it is possible to define the Hard Disk Cache Size. This was already part for the initial considerations when deploying pfSense to VMware. Depending on the size of the environment might be a good idea to allow the cache on a separate disk. Even though this is the first install it is always a good idea to Clear Disk Cache NOW to start from a clean state. The other values can be left as default.

domalab.com pfSense SQUID setup VMware

Next item to review and config is the Squid Memory Cache Settings. In this case it is possible to specify the Memory Cache Size in MB and the maximum size for the object to keep in cache. In this case the value is in KB.

In order to optimise and allow a smoother experience to download content from Windows Updates it is possible to enable a sort of dynamic cache with specific instructions. It is a matter of enabling the Squid refresh pattern. A sample below includes the following:

refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
refresh_pattern -i microsoft.com.akadns.net/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
refresh_pattern -i deploy.akamaitechnologies.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims

After all changes a final Save to amend the configuration.

domalab.com pfSense SQUID setup VMware

One last setting to control is the Squid Proxy Server Service status and eventually enable this one from the pfSense > Status > Services panel.

domalab.com pfSense SQUID setup VMware

Tags

About the author

Michele Domanico

Passionate about Virtualization, Storage, Data Availability and Software Defined Data Center technologies. The aim of Domalab.com is sharing with the Community the knowledge and experience gained with customers, industry leaders and like minded peers. Always open to constructive feedback and new challenges.

2 Comments

Click here to post a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • Hello Michele,

    I am looking for a free and simple solution to isolate my network on my ESXi, this seems to be fine. If I understand correctly, above your ESXi, just a basic unmanageable switch and the router of your internet service provider?

    Thanks for this tutorial for installing pfSense on a VMware homelab! I can’t wait to read the rest, keep on reading.

    Jérémy

    • Hi Jeremy,
      Yes, you are right! This is all you need and also what I use in my homelab. pfSense has loads of different configurations and use cases. To keep this simple, I would recommend to have one pfSense network card talking to your ISP router. All the rest can be on dedicated VLANs on a separate network card. Let’s say, this way if you need to reboot the router, at least everything will use default settings. Of course there are FW rules you can put in place to allow specific connections/protocols/ports etc.. I hope to cover this in the next pfSense articles hopefully next weekend. Simple FW configuration to get started. Would be great to hear/share from the Community! 🙂
      Thanks for your comment and happy reading!
      Kind Regards,
      Michele

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Browse articles

June 2023
M T W T F S S
 1234
567891011
12131415161718
19202122232425
2627282930  

Articles by Category

Archives

error: Content is protected !!
%d bloggers like this: