Squid on 2.8
-
Re: Squid fails to re-install on 2.8
@jc1976 What error do you get? I was able to install it. -
It just says install failed.
i ran it twice and received different error messages both times.
I'd run the installer again to help you out with error messages but 1) again, each message was different so i doubt that would help you, and 2) i'm a bit concerned that if i keep running and trying to force it, something might further break and end up taking me offline and I can't be offline at this moment.
hopefully someone can chime in and direct me as to how to get the logs so I can provide the needed info, although unfortunately squid/clamAV isn't well liked and support can be a bit iffy, so I dunno if anyone will bother to provide advice.
-
@jc1976 I'm sorry I'm not more learned about pfSense, but do you have enough space for the caching? Just a hunch.
-
@70tas oh yeah, that's not an issue..
squid was somewhat deprecated but one of the users on this forum started updating it so that the latest version of clamav could work with pfsense. although it wasn't considered "official" as per the package manager, it installed and worked perfectly.
lotta library updates with this last version update i guess and somewhere there's an incompatibility, i guess..
this was NOT a trivial update (going from 2.7.2->2.8). I have 3 pfsense boxes and in all my years and updates, i've never had an issue going from one version to the next. this was the first time. I followed the instructions; uninstalled all my packages and rebooted before initiating the version upgrade. on each box there was a problem where despite the upgrade claiming to be successful, i had to manually update a second time or two, rebooting between to get it to show the correct version before reinstalling my packages.
that's probably where the issue lies with squid..
-
Try installing it at the CLI with debug to get more error output:
pkg -d install pfSense-pkg-squid -
@stephenw10 said in Squid on 2.8:
pkg -d install pfSense-pkg-squid
that didn't work.. just gave me a bunch of errors
DBG(1)[70249]> want to upgrade advisory to exclusive lock
pkg: Cannot delete vital package: pfSense!
pkg: If you are sure you want to remove pfSense,
pkg: unset the 'vital' flag with: pkg set -v 0 pfSense
DBG(1)[70249]> release an exclusive lock on a database
DBG(1)[70249]> release an advisory lock on a database -
You have the full output?
Does
pkg -d updatecomplete successfully? -
I followed the upgrade instructions from 2.7.2->2.8 precisely and have been having issues with the firewall ever since (along with 2 others).
it seems that suricata and pfblockerng-devel aren't doing well with it because again, on all 3 installs there are random lockups. the OS itself isn't locking up, but just randomly lose internet access.. even if i statically set my dns on my pc, i can't get out... i can ping the gateway. unfortunately I'm just not good enough at deciphering logs and whatnot to provide proof.. just seems to me that after the upgrade an issue developed between suricata, pfblocker, and unbound. when i disable the two packages, all works fine.
i'm at a point where i'm going to wipe the drive and do a full iso install of 2.7.2 and leave it as is. i feel that if I were able to do a full iso install of 2.8 than all would work properly, but that's not possible, so.. sucks because I've been touting pfsense and trying to push my boss into switching to it from our old fortigates, because i DO believe it is superior in all ways that we need it but after this he's gone sour.
-
@jc1976 said in Squid on 2.8:
pkg: Cannot delete vital package: pfSense!
That implies some issue with the pkg system since it obviously shouldn't be trying to remove the pfSense meta package.
So:
@stephenw10 said in Squid on 2.8:Does pkg -d update complete successfully?
...and if it doesn't please show the full output with whatever errors are present.
-
@jc1976 said in Squid on 2.8:
upgrade an issue developed between suricata, pfblocker, and unbound. when i disable the two packages, all works fine
Let's consider :
If you leave the 'unbound' (the resolver) settings to "all default", the way you found them when you first installed pfSense.
You remove / don't install the extra stuff = suricata and pfblocker.
Then : no issues what so ever.
Right ?This means your issue isn't "pfSense 2.8.0" or the upgrade. Its an 'ordinary' package settings issue - call the admin
Tell you boss that suricata can only filter non TLS traffic **, something that doesn't exist anymore. Check for yourself : who visits http (port 80) sites these day ? Who collects mail using port 110 ? Who sends mail using port 25 ?
Imho : suricata, for what it's worth, can't do much these days, it can 'see' the data payload in the packets. Everything is TLS these days.** It is possible to do TLS filtering, but that demands a 'proxy' setup, making you a real expert.
pfBlockerng is blocking you, DNS or something else ? That's any easy one, and rather simple do debug.
