Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Caching Steam / Epic and Windows updates?

    Scheduled Pinned Locked Moved
    Cache/Proxy
    3
    3
    312
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      PowerUp
      last edited by

      Good evening.

      I have tried to see if there is a way to cache big updates, like Epic games, Steam and Windows updates. E.g Epic games offers quite often big updates, like last was something like 17 Gb and it will pull our WAN quite busy for hours. And if you are in a Teams meting (behind remote desk) , I just cannot describe how annoying it is to try keep up when voice and video will stop for seconds and then you hear four second and well... Yes... Sorry, what was you saying? I know many of you are behind a fast connections and many users are not interested from caching because many file transfers are secured by SSL ( E.g port 443) and it makes thing hard. And it is easy to just download update how it is. But any way, is there a known addon or package or way to cache these updates? Squid, transparent SSL proxy? Will it break something?

      Best regards,

      PowerUp

      1 Reply Last reply Reply Quote 0
      • AndyRHA
        AndyRH
        last edited by

        Windows can be set to share updates.
        It might be easier to do QoS.

        o||||o
        7100-1u

        1 Reply Last reply Reply Quote 0
        • A
          aGeekhere
          last edited by

          I found that lancache is better at caching steam and windows updates than squid. Though you can setup squid to cache these updates. Best way to do it is the following

          1. install squid and set it up and add refresh pattens https://github.com/mmd123/squid-cache-dynamic_refresh-list
          2. Configure all clients to use the proxy manually or setup pfsense to use a WPAD to do it automatically.
          3. For software that does not support autoconfigure proxy enable transparent proxy, do not rely on only the transparent proxy as it can break things.
          4. Enable transparent SSL and under SSL/MITM Mode either select spliceall or if you want to cache some ssl select custom

          4a. under Custom Options (SSL/MITM) here you can create your squid rule, for an example if you do the follow
          Create a txt file at
          /home/bumpsites.txt
          /home/excludeSites.txt

          acl bump_sites ssl::server_name "/home/bumpsites.txt"
acl excludeSites ssl::server_name "/home/excludeSites.txt"
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump splice bypassusers
ssl_bump bump bump_sites
ssl_bump splice all

          the bumpsites.txt are all the sites you want do decrypt so you can cache it, an example will be like this

          download.nvidia.com
us.download.nvidia.com
international-gfe.download.nvidia.com

          This will bump the nvidia driver url and will allow you to cache the update

          While it may seem nice to bump and decrypt everything sadly that breaks a lot of things and not everything can be cached. So the best option is to see what are the biggest download urls on your network, first see if you can are able to decrypt and cache it without any issues then add it to the to the list and restart squid.

          Play around with it and let me know how you go.

          Never Fear, A Geek is Here!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post