Как настроить прозрачное проксирование в sqiud методом SSL Peek and Splice?

acl terminals src 10.214.2.128/25
acl localnet src 192.168.1.0/24
acl vpnnet src 192.168.3.0/24

acl SSL_ports port 443
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http
acl CONNECT method CONNECT

visible_hostname gateway
dns_nameservers 10.214.2.137

http_port 3128 intercept options=NO_SSLv3:NO_SSLv2
http_port 3130 options=NO_SSLv3:NO_SSLv2

https_port 3129 intercept ssl-bump options=ALL:NO_SSLv3:NO_SSLv2 connection-auth=off cert=/etc/squid/squidCA.pem
always_direct allow all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER

acl break time MTWHF 12:00-13:00
acl night time MTWHF 08:00-17:00

acl anonymizers url_regex "/etc/squid/rules/anonymizers.acl"
acl dating url_regex "/etc/squid/rules/dating.acl"
acl fileshare url_regex "/etc/squid/rules/fileshare.acl"
acl porn url_regex "/etc/squid/rules/porn.acl"
acl social url_regex "/etc/squid/rules/social.acl"
acl umor url_regex "/etc/squid/rules/umor.acl"
acl open-win url_regex "/etc/squid/rules/open-win.acl"
acl js url_regex "/etc/squid/rules/js.acl"
acl games url_regex "/etc/squid/rules/games.acl"
acl fake url_regex "/etc/squid/rules/fake.acl"
acl 451 url_regex "/etc/squid/rules/451.acl"

acl test ssl::server_name .2ip.ru

acl step1 at_step SslBump1

sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

http_access allow localhost manager
http_access deny manager

#######################
http_access allow all

#ssl
ssl_bump peek step1
ssl_bump terminate test
ssl_bump splice all

#no ssl

http_access deny open-win
http_access deny js
http_access deny fake
http_access deny 451
http_access deny anonymizers 
http_access deny dating !break night
http_access deny fileshare !break night
http_access deny porn
http_access deny social !break night
http_access deny umor !break night
http_access deny games !break night

http_access allow localhost
http_access allow localnet
http_access allow terminals
http_access allow vpnnet

http_access deny all

##########################

cache_dir ufs /var/spool/squid 6249 16 256
maximum_object_size 10240 KB
cache_mgr admin@admin.ru

coredump_dir /var/spool/squid

refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
refresh_pattern .		0	20%	4320