I'm seeing brutally slow load times on anything behind Squid. Installed the latest everything today. If I turn on Squid, then sites take up to 7 or 10 seconds to load all the elements. They load fast from cache after that, but the initial load, for any cold site, is completely useless.

@Cino:

unless your using 2.1, my workaround wont work for you since the 2.0 file is my workaround.

http://forum.pfsense.org/index.php/topic,42631.msg220911.html#msg220911

have your tried a fresh install of 2.0 and imported your config? Make sure you remove any entries that would install rate package from your config.xml

another option would be install 1.2.3 again, import your last 1.2.3 config… remove the rate package and upgrade to 2.0

I'm running current stable so I believe it is 2.0.  If so I'll try your fix and see if that does the trick.

Thanks!

Sounds good I think I'll try to deploy a FreeBSD VM tomorrow. I do actually need a stable version of HAProxy so I don't want to use the 1.5 Devel version. Thanks again you've been really helpful. I'll let you know how it works out.

if you want only browsing to be used without any restrictions, why not allow ssh login and then use socks proxy

Just make sure you check off the options that you want added to the whitelist or netlist under "Add auto generated ips"

From my experience:
I use whitelist for friendly IPs and check off every auto generated ip option, then I use netlist to add any subnet that pfSense doesn't know about and check off every auto generated ip option(My cable modem's internal subnet range, vpn subnets that pfsense dont know about because of custom routes i have)

hope this helps

This solution did not work in my case.

I  use SquidGuard. Is there any thing else that I could  try?

Regards.
Rafael

Hi,

to cache custom file-extensions I am using this:

refresh_pattern -i /.*.(iso|wmv|mov|rm|avi|mp4|mpeg|mpg|divx|xvid|swf|flv|x-flv) 10080 100% 10080 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-private;

This is working BUT the options are only working if it is http.

Your types could be correct ( I don't know for sure) but I think they are only for allowing or denying access to this kind of files. But I do not think that you are now able to cache these files.

Quoting from siproxd 0.8.1 README

Known interoperability issues with SIP service providers:

callcentric.com      (afaik callcentric fails with "500 network failure"
                        during REGISTER if more than one Via header is
                        present in a SIP packet. Having multiple Via headers
                        is completely in compliance with RFC3261. This might
                        be related to their "NAT problem avoidance magic".
                        There is nothing that can be done within siproxd
                        to avoid this issue as callcentric does not comply
                        with the SIP specification.

I've had this problem on a few installs as well.

I discovered that when I get the error, if I go wipe out all the reports in that folder it mentions, I can then Refresh Full and the problem goes away. Go to the shell:

cd /var/lightsquid/report
rm -rf *

Refresh full from Status -> Proxy Report, and problem solved.

@wagonza:

This stopping might be related to a change which fixed another problem - Im still yet to find a fix for this.

I have put a fix in for this, so just update your package.

wagonza your back!!!!
YAY! Yes I did that :)

Thanks!

i found the reason is i'm not open proxy port for all VLAN. It simple but I must take a half day to find.

Hi

I have the same problem :-(. its ok when configure the manual proxy in my the navegator

My PFSense is 2.0 and the squid is

Squid Cache: Version 2.7.STABLE9
configure options:  '–bindir=/usr/local/sbin' '--sbindir=/usr/local/sbin' '--datadir=/usr/local/etc/squid' '--libexecdir=/usr/local/libexec/squid' '--localstatedir=/var/squid' '--sysconfdir=/usr/local/etc/squid' '--enable-removal-policies=lru heap' '--disable-linux-netfilter' '--disable-linux-tproxy' '--disable-epoll' '--enable-auth=basic digest negotiate ntlm' '--enable-basic-auth-helpers=DB NCSA PAM MSNT SMB LDAP SASL YP' '--enable-digest-auth-helpers=password ldap' '--enable-external-acl-helpers=ip_user session unix_group wbinfo_group ldap_group' '--enable-ntlm-auth-helpers=SMB' '--enable-negotiate-auth-helpers=squid_kerb_auth' '--with-pthreads' '--enable-storeio=ufs diskd null aufs coss' '--enable-delay-pools' '--enable-snmp' '--enable-ssl' '--with-openssl=/usr' '--enable-htcp' '--enable-forw-via-db' '--enable-cache-digests' '--enable-referer-log' '--enable-arp-acl' '--enable-pf-transparent' '--enable-follow-x-forwarded-for' '--with-large-files' '--enable-large-cache-files' '--enable-err-languages=Armenian Azerbaijani Bulgarian Catalan Czech Danish  Dutch English Estonian Finnish French German Greek  Hebrew Hungarian Italian Japanese Korean Lithuanian  Polish Portuguese Romanian Russian-1251 Russian-koi8-r  Serbian Simplify_Chinese Slovak Spanish Swedish  Traditional_Chinese Turkish Ukrainian-1251  Ukrainian-koi8-u Ukrainian-utf8' '--enable-default-err-language=English' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/' '--build=i386-portbld-freebsd8.1' 'build_alias=i386-portbld-freebsd8.1' 'CC=cc' 'CFLAGS=-O2 -pipe -I/usr/local/include -I/usr/local/include  -I/usr/include -DLDAP_DEPRECATED -fno-strict-aliasing' 'LDFLAGS= -L/usr/local/lib -L/usr/local/lib -rpath=/usr/lib:/usr/local/lib -L/usr/lib' 'CPPFLAGS=-I/usr/local/include' 'CPP=cpp'

Anyone else using Apple gear and pfsense 2.0 ?????

Thank you for that, it's working now.

Not sure, but it's possible it's a timing issue that only pops up at certain times, where the rrd file is being updated by the system when the report is being run and it can't find the file at the moment it's trying to attach it.

Not sure what else it might be…