PfSense 2.0.1-RELEASE with Squid & HAVP = major problems
-
OK its been a few days now that things were not too bad, but now: BOOM again! pfsense is acting again…. Right now, it refuses to deliver http://forum.xbmc.org/ and I get an error page like:
HAVP - DNS error HAVP A DNS error occurred while opening the page forum.xbmc.org Please contact your tech support
Why? I really dont know. This morning I accessed this forum without problems. Snort does not block anything the blocked list is empty. Squidguard's is deactivated
Im really tired of the randomness… It works now, 5 minutes later, it no longer works.. Why? I bet even God doesnt know.
Here are the problems, on top of this thread (and my 10 other threads on this forum):
Problems accessing youtube (buffing for 15-30 sec every minute or so while playing, plus takes about 3 to 5 minutes to start the video playback)
random websites stops going thru pfsense (forum.xbmc.org, www.mls.ca, this forum also stopped working at some point)...
Firefox behaves very strangely (like right now, it permanently says "Transferring data from forum.pfsense.org..." in the corner, and the "wheel contonuously spins in the page tab)I dont know how many times I mentioned this, but pfsense IS the problem. I plug my laptop directly to the cable modem, and BANG it works..!
What will it be next?I am getting to miss my stupid D-Link router.. Anybody cares to step forward and help me before I abandon pfsense? I really believes in the project, but to be honest, if I had a good run at it I would be more confidant to use it….
-
I think the best way now is to buy few paid support hours or contact havp package maintainer.
I do not have this problems but I do not use havp.
Dansguardian package with antivirus is under devel. Maybe when It's done you will have no need to use havp.
-
Do you have antivirus on your dlink?
If your problem is with havp, why not just disable it and use only squid+squidguard?
It will do more then dlink.
-
What puzzles me is that I seem to be the only one with such problems… Am I or its that nobody cares (except you of course)?
Hell, I thought some websites actually banned my IP since ive been several weeks without being able to access them... Going to the cable modem directly solved it. Browsing feels also much much much snappier...
-
Forgot to mention this: if there are really problems in the packages, the devs NEED to know about it.
-
@lpallard:
Forgot to mention this: if there are really problems in the packages, the devs NEED to know about it.
It could also be havp current version and not package gui.
Did you tried to rum havp on any Linux/unix server other then pfsense.Some times is better having firewall appart of proxy.
Packages are almost contributions to pfsense project sent by community, maybe havp is currently outdated because there is nobody with free time to maintain it.
-
@lpallard:
Forgot to mention this: if there are really problems in the packages, the devs NEED to know about it.
It could also be havp current version and not package gui.
Did you tried to rum havp on any Linux/unix server other then pfsense.Some times is better having firewall appart of proxy.
Packages are almost contributions to pfsense project sent by community, maybe havp is currently outdated because there is nobody with free time to maintain it.
Im gonna deactivate HAVP and see if it helps, but I think I already tried that.. Anyways, I have discovered in the last few days/weeks that most of my problems were from Snort or SquidGuard blocking stuff up, which I deactivated the rules and it helped. When that happened, I was getting a Connection failed error from HAVP, not a DNS error
what can cause a DNS error?
-
what can cause a DNS error?
As I saw in some posts, could be snort
http://forum.pfsense.org/index.php/topic,43628.0.htmlsome extra info about havp I got from package description:
maintainer: dvserg
pfsense package version: 0.91_1
latest version : 0.9.2a
latest havp update: 07.11.2010This package looks like really stable or few used as last release was more then a year ago.
I think the best configuration for this package is squid + havp as parent for squid.
-
OK Ive done some testing…
At first,
suppress gen_id 122, sig_id 22 ``` seemed to have fixed it. It worked for about 5 or 10 minutes,. Then, suddenly everything stopped to work. Now **every** sites (except google) gives the DNS error thing.. Every website! Until further notice, or a solution is found, pfsense is out of order… EDIT: Unplugging my laptop from the pfsense box, and re-plugging it to the pfsense box seems to help, now all seems to work. **Also Snort is deactivated.,** Snort might be the problem… It was until I added these rules:
suppress gen_id 120, sig_id 3
suppress gen_id 122, sig_id 22Any DNS experts out there?
-
this morning, not working. Unless a burglar or a ghost played with my router while I was sleeping, I dont see why it would have worked yesterday and not this morning.
forum.xbmc.org is not accessible.
The frustrating part is that pfsense with NO packages works PERFECTLY. So I wont blame pfsense devs because I have used it for more than a year now and it was flawless until I installed the snort/squid/squidguard/havp >:( stuff..
-
@lpallard:
The frustrating part is that pfsense with NO packages works PERFECTLY. So I wont blame pfsense devs because I have used it for more than a year now and it was flawless until I installed the snort/squid/squidguard/havp >:( stuff..
Just like I said, packages are contributions, some are maintained by core team, but not all.
Uncheck block ofenders from snort, so it will not block false positives and not deny your dns resolution.