Squid 6.5 !! Nov 6th
-
@JonathanLee said in Squid 6.5 !! Nov 6th:
@jc1976 I have PfSense plus, if I did a reinstall it would lose Snort. That does not work in version 23.09 for my arm processor. With the updates I am locked out of the GUI. I opened a TAC support to get 23.05.01 firmware, but I realized it wouldn't fix the Snort package that has the core dump issues... Now it's like my Airport extreme it no longer gets updates. But the 23.05.01 version is perfect everything works. I love this version.
In the plus version I have no idea how this is going.
-
@jc1976 said in Squid 6.5 !! Nov 6th:
i had to do a fresh install of pfsense at work so we're on 2.7.1ce.
i take it that the squid installer first listed by Luiz is just an update? i ran the command that he had given us but nothing happened.
i'm a bit confused; if we can't install squid from the package manager because it's incompatible with 2.7.1 then how do we update it with the script?
Did you normally install Squid? it natively, in the pfsense repository it will be in version 6.3
The script I made updates the package to version 6.5 (the latest available). you will do this last.
I will calmly prepare a repository with all the packages in the Squid family (Squid, Squidguard, Lightsquid...), they are the ones that should lose native support in the next version.
From this point on, we will have to install Squid from scratch in this new repository (with dependencies, etc.)
Thx
Luiz Costa
-
FYI: Squid will be removed in the next major version:
Netgate now considers the add-on package for Squid, and the related add-on packages for Lightsquid and SquidGuard, to be 'deprecated.' We have determined that while these add-on packages will work in version 23.09 of pfSense Plus software and version 2.7.1 of pfSense CE software, the next major release of each product will no longer support their use, and they will be removed from the list of available add-on packages.
Souce: https://www.netgate.com/blog/deprecation-of-squid-add-on-package-for-pfsense-software
-
Yes we know that. That is why many users can't upgrade anymore, and won't upgrade.
I purchased a Netgate SG 2100 MAX with Proxy and Snort support, as it was advertised as such. Not a firewall that cuts out core features, and expects to function the same way after I spent years configuring it.
It works, I don't need to be told it doesn't.
Finding a solution in the open source community is what the forum is all about.When I actually purchased the official Netgate firewall it was actually advertised as a system that has web caching proxy and IPS/IDS. That's why I got it over a Cisco because I could learn about use of Squid.
I am sorry for a rash reaction to this, I am just frustrated.
-
after installing pfsense 2.7.1 at work, i have NOT installed squid because i misread the whole 'squid is being deprecated' bit as saying it wouldn't work with 2.7.1. if it'll work then i'll install it. sorry for the confusion. I have to be careful with what i do as our entire company was ransomed and while we bring the company back online, my little pfsense firewall is what is currently keeping this place afloat. :)
so you're saying to go ahead with the squid install from the package manager and from there run your script. ok! i'll give it a shot.
I will keep you posted as to how it all worked out.
Thank you again for all your contributions
-
i 2nd this..
this is BS. a firewall that's touted as being "enterprise grade" without the native ability to proxy?
i LOVE pfsense.. easy, clean, doesn't break.. but as time marches on, with dumb decisions such as this (to ditch squid and any other proxy and inline virus scanning support), it seems like pfblockerng is the only thing keeping it afloat.
if bbcan were to port pfblocker over to opnsense, i be a lotta pfsense folks would jump ship.
-
@jc1976 I have never used pfblocking as it is DNS based. I always thought this is more reaction based security with DoH and DNS TLS complications they have to update a block list when something is new. I stuck with Squidguard as it just looked at http/https get requests and could care less about the DNS it was using. Each has it's own issues, Squidguard when I marked a URL or something block you can never see it again regardless of what DNS is used. Side note Snort for me with custom AppID text rules could see my container bug I was searching for, and pinpoint the machine it was running on. I kept having applications accessed that were not even installed on one of my devices, I was like there is my bug. It was accessing German social media sites, Opera browser, Netflix without an account the list goes on and on, all from the same smartphone. Tools work good and they are taken away?? Makes no sense right? Sounds like someone in big tech likes lurking in the shadows to me and wants the tools that could put him in jail removed. I always thought the open source community wouldn't stand for it. I mean it works great, in addition to the "vulnerability" it's still way better than no security.
-
i tried squidguard way back in the day for popup blocking and all that stuff.. the only thing was a lotta stuff didn't come through that i needed. granted, i was a complete noob at the time and had no idea what i was doing so that probably had a lot to do with it..
i admit that i'm a novice.. pfblockerng was easier for me to setup and attain the desired results and it's what i stuck with ever since. i can't say i've ever had a problem with it and it's flexibility is pretty incredible, in my very humble opinion..
bbcan made one hell of a package. again, if you read through the chats, you'll find that a LOT of people stick to pfsense just for access to pfblockerng.i remember a while back, and i pulled it up recently, a query as to why he doesn't port it over to opnsense. the details of the reason escapes me at this time but it was something along the lines that the devs at opnsense didn't want a swiss-army knife-type package that pfblockerng is.. which i don't understand considering that opnsense has suricata and squid built into it to where you can't use snort if you wanted.. that seems pretty swiss-army knife-like to me.
would be cool if bbcan made his source code available to opnsense devs and allowed them to port it over.
-
Luiz, i just followed your instructions and all went through without a hitch!
again, thank you very much!
-
@jc1976 I think that side loaded Squid package has support for DoH as this version states it's included
-
@jc1976 I just use it for sites I don't want accessed.
-
Squid 6.6 available on:
https://pkg.pf2ad.com/pfsense/2.7.2/amd64/All/squid-6.6.pkg
Attention: only pfSense 2.7.2 amd64 !!!!
- I will create an experimental version for arm.
If anyone can test it later (I don't have hardware)
- I will create an experimental version for arm.
-
@lg1980 I have an SG2100 arm processor. It's on pfSense plus however...
That's amazing news!!!
-
how does one install this package?
when i installed it, i already had the squid package installed from the package manager and then ran your update script to bring it up to date because i don't know how to install the package outside of the package manager.
-
@lg1980 The only Arm builds for pfSense are pfSense Plus.
-
@JonathanLee said in Squid 6.5 !! Nov 6th:
@lg1980 I have an SG2100 arm processor. It's on pfSense plus however...
That's amazing news!!!
I made a new snippet and now you can update it through the package manager, just run the command below to show new packages:
I have separated and created parallel versions of squid and squidguard for now. They can be seen in the package manager, but they will conflict with the native packages (squid and squidguard), so you will have to uninstall the native packages to use these new ones.
The snippet with the source scripts is here: https://gitlab.labexposed.com/-/snippets/15
I hope this helps !
-
-
Really nice, glad that you guys found a solution =)
-
Hello,
If this was useful to you or even if you want to encourage my continued work and even improve support options, please make a donation to the effort. This encourages greater dedication to this work. I leave the link available here for anyone who can/wants it! Thank you very much !
https://paypal.me/pf2ad
About ARM architecture (Pfsense Plus): Anyone who has some hardware available in the laboratory that can provide access, I can try to work on updates like this for the Plus version. If you have any questions, please contact DM.
Merry Christmas and happy new 2024 !
Thx -
@lg1980 I have not been able to test it, as I have an Arm with pfSense plus on 23.05.01. Please let me know if someone is able to test it on the 2100 appliance. I can test and work with it when I have more time to help you with my lab setup, I have to swap the M2 drive so I can go back to my known working version after. So I got to take apart the firewall the test this. I will do it no issues, I just can't down the thing while all the family is home for the holidays, they will have my head.
Next week I can test with Pfsense Plus in my lab set up for you.
