[SOLUCIONADO] Problemas con squid3-dev - 3.3.10 pkg 2.2 lo instalo y no inicia
-
Buenas compañeros, Necesito ayuda estoy implementado el PfSense 2.1x64 con dos NIC`s. Estoy actualmente en periodo de prueba, le instale el paquete nuevo de squid 3.3.10 pkg ya que lei y tiene la capacidad de cachear paginas https en modo transparente el caso es que lo configuro modo transparent y luego lo activo y el servicio no se habilita se queda en stop.
Que pudiera estar pasando?
Ir directo a solución (moderador) –-> https://forum.pfsense.org/index.php?topic=73007.msg402349#msg402349
-
Verifica logs…
https://forum.pfsense.org/index.php/topic,46513.msg243870.html#msg243870
-
La version actual o sea la 3 no -DEV, ya trae esas opciones no?
-
Fijate k lo instale ayer e igual no me iniciaba y tengo mi configuracion bien a como lo configuro y nada k inicia
-
Falta una librería…
cat /var/log/system.log
Mar 11 17:28:27 pfSense php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was '/libexec/ld-elf.so.1: Shared object "libheimntlm.so.10" not found, required by "squid"'
https://redmine.pfsense.org/issues/3202
https://forum.pfsense.org/index.php?topic=66633.msg371602#msg371602
-
Tras descargar las librerías para mi pfSense 32 bit de pruebas en VirtualBox, squid3-dev arranca sin problemas.
Por contra, no arranca squidGuard y el error mostrado es:
Mar 11 18:10:58 pfSense php: /pkg_edit.php: The command '/usr/pbi/squid-i386/sbin/squid -k reconfigure -f /usr/pbi/squid-i386/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'
como si squid no estuviera trabajando. Cuestión no cierta.
-
squid3 + squidGuard-squid3 sí arrancan.
Me queda la duda de sin las librerías bajadas arrancaría squid3.
La diferencia entre squid3 y squid3-devel es que este último tiene incluído SSL Bump, es decir, capacidad de filtrado SSL
http://wiki.squid-cache.org/Features/SslBump
Como que para esto tiene que incluir el servicio ICAP, se pueden hacer toda clase de inspección/modificación de contenidos (antivirus, rescritura de headers…)
¡Ojo que esto puede ser o no legal según la legislación del lugar de la instalación!
-
what you get with squid -v on console? Did you fetched missing libs?
-
Yes, I fetched the libraries, and squid3-devel is working.
The problem is that squidGuard-squid3 is not starting, saying that parent squid process no exist (???). It exists, verified with ps command and WebGui.
I tried with other available squidGuard packages and same problem.
And squid3 + squidGuard-squid3 combination works fine.
I made a new fresh install, but I can't access to pfsense.com repository. I will try later and inform you about squid -v
-
I'll test it if time permits. I'm really busy on my job.
-
Ok, thanks!
New 2.1 fresh installation + squid3-dev
[2.1-RELEASE][admin@pfSense.localdomain]/root(2): squid -v squid: Command not found. [2.1-RELEASE][admin@pfSense.localdomain]/root(3): rehash [2.1-RELEASE][admin@pfSense.localdomain]/root(4): squid -v /libexec/ld-elf.so.1: Shared object "libheimntlm.so.10" not found, required by "squid" [2.1-RELEASE][admin@pfSense.localdomain]/root(5): fetch -o /usr/local/lib/libasn1.so.10 http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libasn1.so.10 /usr/local/lib/libasn1.so.10 100% of 478 kB 241 kBps [2.1-RELEASE][admin@pfSense.localdomain]/root(6): fetch -o /usr/local/lib/libgssapi.so.10 http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libgssapi.so.10 /usr/local/lib/libgssapi.so.10 100% of 34 kB 98 kBps [2.1-RELEASE][admin@pfSense.localdomain]/root(7): fetch -o /usr/local/lib/libheimntlm.so.10 http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libheimntlm.so.10 /usr/local/lib/libheimntlm.so.10 100% of 16 kB 67 kBps [2.1-RELEASE][admin@pfSense.localdomain]/root(8): fetch -o /usr/local/lib/libhx509.so.10 http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libhx509.so.10 /usr/local/lib/libhx509.so.10 100% of 214 kB 170 kBps [2.1-RELEASE][admin@pfSense.localdomain]/root(9): fetch -o /usr/local/lib/libkrb5.so.10 http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libkrb5.so.10 /usr/local/lib/libkrb5.so.10 100% of 379 kB 225 kBps [2.1-RELEASE][admin@pfSense.localdomain]/root(10): fetch -o /usr/local/lib/libroken.so.10 http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libroken.so.10 /usr/local/lib/libroken.so.10 100% of 61 kB 118 kBps [2.1-RELEASE][admin@pfSense.localdomain]/root(11): squid -v Squid Cache: Version 3.3.10 configure options: '--with-default-user=squid' '--bindir=/usr/pbi/squid-i386/sbin' '--sbindir=/usr/pbi/squid-i386/sbin' '--datadir=/usr/pbi/squid-i386/etc/squid' '--libexecdir=/usr/pbi/squid-i386/libexec/squid' '--localstatedir=/var' '--sysconfdir=/usr/pbi/squid-i386/etc/squid' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid/squid.pid' '--with-swapdir=/var/squid/cache/squid' '--enable-auth' '--enable-build-info' '--enable-loadable-modules' '--enable-removal-policies=lru heap' '--disable-epoll' '--disable-linux-netfilter' '--disable-linux-tproxy' '--disable-translation' '--enable-auth-basic=DB MSNT MSNT-multi-domain NCSA PAM POP3 RADIUS fake getpwnam LDAP NIS' '--enable-auth-digest=file' '--enable-external-acl-helpers=file_userip time_quota unix_group LDAP_group' '--enable-auth-negotiate=kerberos wrapper' '--enable-auth-ntlm=fake smb_lm' '--enable-storeio=diskd rock ufs aufs' '--enable-disk-io=AIO Blocking DiskDaemon IpcIo Mmapped DiskThreads' '--enable-log-daemon-helpers=file' '--enable-url-rewrite-helpers=fake' '--enable-delay-pools' '--enable-ssl' '--with-openssl=/usr' '--enable-ssl-crtd' '--enable-icmp' '--enable-htcp' '--disable-forw-via-db' '--enable-cache-digests' '--enable-wccp' '--enable-wccpv2' '--enable-eui' '--disable-ipfw-transparent' '--enable-pf-transparent' '--disable-ipf-transparent' '--enable-follow-x-forwarded-for' '--disable-ecap' '--enable-icap-client' '--disable-esi' '--enable-kqueue' '--with-large-files' '--prefix=/usr/pbi/squid-i386' '--mandir=/usr/pbi/squid-i386/man' '--infodir=/usr/pbi/squid-i386/info/' '--build=i386-portbld-freebsd8.3' 'build_alias=i386-portbld-freebsd8.3' 'CC=cc' 'CFLAGS=-O2 -pipe -I/usr/pbi/squid-i386/include -I/usr/include -DLDAP_DEPRECATED -fno-strict-aliasing' 'LDFLAGS= -L/usr/pbi/squid-i386/lib -pthread -Wl,-rpath=/usr/lib:/usr/pbi/squid-i386/lib -L/usr/lib' 'CPPFLAGS=' 'CXX=c++' 'CXXFLAGS=-O2 -pipe -I/usr/pbi/squid-i386/include -I/usr/include -DLDAP_DEPRECATED -fno-strict-aliasing' 'CPP=cpp' --enable-ltdl-convenience
Start squid3-devel
[2.1-RELEASE][admin@pfSense.localdomain]/root(12): ps -aux | grep squid root 97385 0.0 1.0 13756 10200 ?? Is 11:43PM 0:00.00 /usr/pbi/squid-i386/sbin/squid -f /usr/pbi/squid-i386/etc/squid/squid.conf proxy 97749 0.0 1.5 24004 15308 ?? I 11:43PM 0:00.02 (squid-1) -f /usr/pbi/squid-i386/etc/squid/squid.conf (squid)
Running…
-
Trying to use squid3-devel with my Firefox and connection denied by squid.
Activated squid logs and I can see:
[2.1-RELEASE][admin@pfSense.localdomain]/var/squid/logs(21): cat cache.log 2014/03/11 23:43:21 kid1| Starting Squid Cache version 3.3.10 for i386-portbld-freebsd8.3... 2014/03/11 23:43:21 kid1| Process ID 97749 2014/03/11 23:43:21 kid1| Process Roles: worker 2014/03/11 23:43:21 kid1| With 11095 file descriptors available 2014/03/11 23:43:21 kid1| Initializing IP Cache... 2014/03/11 23:43:21 kid1| DNS Socket created at [::], FD 12 2014/03/11 23:43:21 kid1| DNS Socket created at 0.0.0.0, FD 14 2014/03/11 23:43:21 kid1| Adding domain localdomain from /etc/resolv.conf 2014/03/11 23:43:21 kid1| Adding nameserver 127.0.0.1 from /etc/resolv.conf 2014/03/11 23:43:21 kid1| Adding nameserver 80.58.61.250 from /etc/resolv.conf 2014/03/11 23:43:21 kid1| Adding nameserver 80.58.61.254 from /etc/resolv.conf 2014/03/11 23:43:21 kid1| WARNING! invalid error detail name: X509_V_ERR_DIFFERENT_CRL_SCOPE 2014/03/11 23:43:21 kid1| parse error while reading template file: /usr/pbi/squid-i386/etc/squid/errors/en/error-details.txt 2014/03/11 23:43:21 kid1| Unable to load default error language files. Reset to backups. 2014/03/11 23:43:21 kid1| WARNING! invalid error detail name: X509_V_ERR_DIFFERENT_CRL_SCOPE 2014/03/11 23:43:21 kid1| parse error while reading template file: /usr/pbi/squid-i386/etc/squid/errors/templates/error-details.txt 2014/03/11 23:43:21 kid1| WARNING: failed to find or read error text file error-details.txt 2014/03/11 23:43:21 kid1| WARNING! invalid error detail name: X509_V_ERR_DIFFERENT_CRL_SCOPE 2014/03/11 23:43:21 kid1| WARNING! invalid error detail name: X509_V_ERR_DIFFERENT_CRL_SCOPE 2014/03/11 23:43:21 kid1| Logfile: opening log /dev/null 2014/03/11 23:43:21 kid1| WARNING: log parameters now start with a module name. Use 'stdio:/dev/null' 2014/03/11 23:43:21 kid1| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2014/03/11 23:43:21 kid1| Store logging disabled 2014/03/11 23:43:21 kid1| Swap maxSize 0 + 8192 KB, estimated 630 objects 2014/03/11 23:43:21 kid1| Target number of buckets: 31 2014/03/11 23:43:21 kid1| Using 8192 Store buckets 2014/03/11 23:43:21 kid1| Max Mem size: 8192 KB 2014/03/11 23:43:21 kid1| Max Swap size: 0 KB 2014/03/11 23:43:21 kid1| Using Least Load store dir selection 2014/03/11 23:43:21 kid1| Current Directory is /usr/local/www 2014/03/11 23:43:21 kid1| Loaded Icons. 2014/03/11 23:43:21 kid1| HTCP Disabled. 2014/03/11 23:43:21 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted 2014/03/11 23:43:21 kid1| sendto FD 22: (1) Operation not permitted 2014/03/11 23:43:21 kid1| ipcCreate: CHILD: hello write test failed
/var/log/system.log shows also problems…
Mar 11 23:39:30 pfSense php: /pkg_mgr_install.php: Beginning package installation for squid3-dev . Mar 11 23:40:20 pfSense check_reload_status: Syncing firewall Mar 11 23:40:22 pfSense php: /pkg_mgr_install.php: Stopping any running proxy monitors Mar 11 23:40:23 pfSense php: /pkg_mgr_install.php: Starting Squid Mar 11 23:40:23 pfSense php: /pkg_mgr_install.php: Starting a proxy monitor script Mar 11 23:40:23 pfSense php: /pkg_mgr_install.php: [Squid] - Squid_resync function call pr: bp:1 rpc:no Mar 11 23:40:23 pfSense check_reload_status: Reloading filter Mar 11 23:40:23 pfSense php: /pkg_mgr_install.php: [Squid] - Squid_resync function call pr: bp:1 rpc:no Mar 11 23:43:19 pfSense php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was 'squid: No running copy' Mar 11 23:43:21 pfSense squid[97385]: Squid Parent: will start 1 kids Mar 11 23:43:21 pfSense squid[97385]: Squid Parent: (squid-1) process 97749 started Mar 11 23:47:39 pfSense php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no Mar 11 23:47:40 pfSense check_reload_status: Syncing firewall Mar 11 23:47:40 pfSense php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no Mar 11 23:47:40 pfSense check_reload_status: Reloading filter Mar 11 23:47:41 pfSense php: /pkg_edit.php: Reloading Squid for configuration sync Mar 11 23:47:41 pfSense php: /pkg_edit.php: The command '/usr/pbi/squid-i386/sbin/squid -k reconfigure -f /usr/pbi/squid-i386/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'
So, squid3-dev doesn't work. No matter if squidGuard package is installed or not.
-
remove/comment these X509_V_ERR_DIFFERENT_CRL_SCOPE options on squid.conf/squid.inc
It may fix package startup.
I'll fix it on next package update as soon as possible.
Thanks for the feedback.
-
@ marcelloc,
Thanks. I'll translate your answer to Spanish….
-
remove/comment these X509_V_ERR_DIFFERENT_CRL_SCOPE options on squid.conf/squid.inc
It may fix package startup.
I'll fix it on next package update as soon as possible.
Thanks for the feedback.
_Quitar/comentar las opciones X509_V_ERR_DIFFERENT_CRL_SCOPE en squid.conf/squid.inc
De esto modo quedará corregido el arranque del paquete.
Incluiré esta modificación en la próxima actualización del paquete, lo más pronto que pueda.
Gracias por el testeo.
marcelloc (desarrollador de los paquetes pfSense para squid)_
**En cuanto pueda, probaré lo dicho con mi pfSense de pruebas en VirtualBox…
Josep (moderador)**
-
remove/comment these X509_V_ERR_DIFFERENT_CRL_SCOPE options on squid.conf/squid.inc
It may fix package startup.
I'll fix it on next package update as soon as possible.
Thanks for the feedback.
I had to modify /usr/pbi/squid-i386/etc/squid/errors/en/error-details.txt
[2.1-RELEASE][admin@pfSense.localdomain]/usr/pbi/squid-i386/etc/squid/errors/en(61): diff error-details.txt error-details.txt-original 176a177,184 > name: X509_V_ERR_DIFFERENT_CRL_SCOPE > detail: "%ssl_error_descr: %ssl_subject" > descr: "Different CRL scope" > > name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE > detail: "%ssl_error_descr: %ssl_subject" > descr: "Unsupported extension feature" > 180a189,216 > name: X509_V_ERR_PERMITTED_VIOLATION > detail: "%ssl_error_descr: %ssl_subject" > descr: "permitted subtree violation" > > name: X509_V_ERR_EXCLUDED_VIOLATION > detail: "%ssl_error_descr: %ssl_subject" > descr: "excluded subtree violation" > > name: X509_V_ERR_SUBTREE_MINMAX > detail: "%ssl_error_descr: %ssl_subject" > descr: "name constraints minimum and maximum not supported" > > name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE > detail: "%ssl_error_descr: %ssl_subject" > descr: "unsupported name constraint type" > > name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX > detail: "%ssl_error_descr: %ssl_subject" > descr: "unsupported or invalid name constraint syntax" > > name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX > detail: "%ssl_error_descr: %ssl_subject" > descr: "unsupported or invalid name syntax" > > name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR > detail: "%ssl_error_descr: %ssl_subject" > descr: "CRL path validation error" >
but still not working:
2014/03/12 22:55:21 kid1| Starting Squid Cache version 3.3.10 for i386-portbld-freebsd8.3... 2014/03/12 22:55:21 kid1| Process ID 50666 2014/03/12 22:55:21 kid1| Process Roles: worker 2014/03/12 22:55:21 kid1| With 11095 file descriptors available 2014/03/12 22:55:21 kid1| Initializing IP Cache... 2014/03/12 22:55:21 kid1| DNS Socket created at [::], FD 12 2014/03/12 22:55:21 kid1| DNS Socket created at 0.0.0.0, FD 14 2014/03/12 22:55:21 kid1| Adding domain localdomain from /etc/resolv.conf 2014/03/12 22:55:21 kid1| Adding nameserver 127.0.0.1 from /etc/resolv.conf 2014/03/12 22:55:21 kid1| Adding nameserver 80.58.61.250 from /etc/resolv.conf 2014/03/12 22:55:21 kid1| Adding nameserver 80.58.61.254 from /etc/resolv.conf 2014/03/12 22:55:21 kid1| Logfile: opening log /var/squid/logs/access.log 2014/03/12 22:55:21 kid1| WARNING: log parameters now start with a module name. Use 'stdio:/var/squid/logs/access.log' 2014/03/12 22:55:21 kid1| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2014/03/12 22:55:21 kid1| Store logging disabled 2014/03/12 22:55:21 kid1| Swap maxSize 0 + 8192 KB, estimated 630 objects 2014/03/12 22:55:21 kid1| Target number of buckets: 31 2014/03/12 22:55:21 kid1| Using 8192 Store buckets 2014/03/12 22:55:21 kid1| Max Mem size: 8192 KB 2014/03/12 22:55:21 kid1| Max Swap size: 0 KB 2014/03/12 22:55:21 kid1| Using Least Load store dir selection 2014/03/12 22:55:21 kid1| Current Directory is /usr/local/www 2014/03/12 22:55:21 kid1| Loaded Icons. 2014/03/12 22:55:21 kid1| HTCP Disabled. 2014/03/12 22:55:21 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted 2014/03/12 22:55:21 kid1| sendto FD 18: (1) Operation not permitted 2014/03/12 22:55:21 kid1| ipcCreate: CHILD: hello write test failed
Bug?
http://www.squid-cache.org/mail-archive/squid-users/201302/0060.html
Has pfSense diskd activated? I have some proxys FreeBSD based and diskd must be activated by kernel…
-
Squidguard-squid3 systempatch for use with squid3-dev
I found it today on forum.
-
Ok, thanks, but first problem is running squid3-devel after fresh installation.
For the moment, I don't have squidGuard-squid3
-
@ marcelloc,
My error was IPV6 disabled!
https://forum.pfsense.org/index.php?topic=63618.msg344165#msg344165
2014/03/12 23:25:03 kid1| Starting Squid Cache version 3.3.10 for i386-portbld-freebsd8.3... 2014/03/12 23:25:03 kid1| Process ID 35219 2014/03/12 23:25:03 kid1| Process Roles: worker 2014/03/12 23:25:03 kid1| With 11095 file descriptors available 2014/03/12 23:25:03 kid1| Initializing IP Cache... 2014/03/12 23:25:03 kid1| DNS Socket created at [::], FD 12 2014/03/12 23:25:03 kid1| DNS Socket created at 0.0.0.0, FD 14 2014/03/12 23:25:03 kid1| Adding domain localdomain from /etc/resolv.conf 2014/03/12 23:25:03 kid1| Adding nameserver 127.0.0.1 from /etc/resolv.conf 2014/03/12 23:25:03 kid1| Adding nameserver 80.58.61.250 from /etc/resolv.conf 2014/03/12 23:25:03 kid1| Adding nameserver 80.58.61.254 from /etc/resolv.conf 2014/03/12 23:25:03 kid1| Logfile: opening log /var/squid/logs/access.log 2014/03/12 23:25:03 kid1| WARNING: log parameters now start with a module name. Use 'stdio:/var/squid/logs/access.log' 2014/03/12 23:25:03 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted 2014/03/12 23:25:03 kid1| Unlinkd pipe opened on FD 19 2014/03/12 23:25:03 kid1| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2014/03/12 23:25:03 kid1| Store logging disabled 2014/03/12 23:25:03 kid1| Swap maxSize 102400 + 8192 KB, estimated 8507 objects 2014/03/12 23:25:03 kid1| Target number of buckets: 425 2014/03/12 23:25:03 kid1| Using 8192 Store buckets 2014/03/12 23:25:03 kid1| Max Mem size: 8192 KB 2014/03/12 23:25:03 kid1| Max Swap size: 102400 KB 2014/03/12 23:25:03 kid1| Rebuilding storage in /var/squid/cache (no log) 2014/03/12 23:25:03 kid1| Using Least Load store dir selection 2014/03/12 23:25:03 kid1| Current Directory is /usr/local/www 2014/03/12 23:25:03 kid1| Loaded Icons. 2014/03/12 23:25:03 kid1| HTCP Disabled. 2014/03/12 23:25:03 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted 2014/03/12 23:25:03 kid1| Pinger socket opened on FD 26 2014/03/12 23:25:03 kid1| Squid plugin modules loaded: 0 2014/03/12 23:25:03 kid1| Adaptation support is off. 2014/03/12 23:25:03 kid1| Accepting HTTP Socket connections at local=192.168.1.1:3128 remote=[::] FD 23 flags=9 2014/03/12 23:25:03 kid1| Accepting ICP messages on [::]:7 2014/03/12 23:25:03 kid1| Sending ICP messages from [::]:7 2014/03/12 23:25:03| pinger: Initialising ICMP pinger ... 2014/03/12 23:25:03| pinger: ICMP socket opened. 2014/03/12 23:25:03| pinger: ICMPv6 socket opened 2014/03/12 23:25:03 kid1| Done scanning /var/squid/cache dir (0 entries) 2014/03/12 23:25:03 kid1| Finished rebuilding storage from disk. 2014/03/12 23:25:03 kid1| 0 Entries scanned 2014/03/12 23:25:03 kid1| 0 Invalid entries. 2014/03/12 23:25:03 kid1| 0 With invalid flags. 2014/03/12 23:25:03 kid1| 0 Objects loaded. 2014/03/12 23:25:03 kid1| 0 Objects expired. 2014/03/12 23:25:03 kid1| 0 Objects cancelled. 2014/03/12 23:25:03 kid1| 0 Duplicate URLs purged. 2014/03/12 23:25:03 kid1| 0 Swapfile clashes avoided. 2014/03/12 23:25:03 kid1| Took 0.13 seconds ( 0.00 objects/sec). 2014/03/12 23:25:03 kid1| Beginning Validation Procedure 2014/03/12 23:25:03 kid1| Completed Validation Procedure 2014/03/12 23:25:03 kid1| Validated 0 Entries 2014/03/12 23:25:03 kid1| store_swap_size = 0.00 KB 2014/03/12 23:25:04 kid1| storeLateRelease: released 0 objects
But if I'm not having IPv6 on my network why I need it activated?
-
Por mi parte, solucionado:
01. IPv6 activado. squid3 está compilado en este paquete con IPv6 activado y lo precisa, aunque no lo emplee.
02. Las librerías que faltan, https://forum.pfsense.org/index.php?topic=66633.msg371602#msg371602
03. Instalación de squid3-devel
04. Services - Proxy Server - General - Enabled logging - /var/squid/logs (opcional, si se quiere access.log)
Services - Proxy Server - Local cache - Save (crear la caché inicial)
Services - Proxy Server - Restart Proxy Server (reiniciar)05. 192.168.1.1:3128 como proxy en el navegador y funciona.
06. Eliminar error netdb.state (OPCIONAL), http://forum.pfsense.org/index.php?topic=74312.msg406254#msg406254
Resuelto con la versión 2.2.2 del paquete squid3-dev
Ver cambios de versión –-> https://github.com/pfsense/pfsense-packages/commits/master/config/squid3/3307. Avisos de error en error-details.txt. No son graves y se deben a diferencias de versiones de OpenSSL. Pueden eliminarse modificando el fichero según se explica en http://bugs.squid-cache.org/show_bug.cgi?id=3936
Ahora queda probar el resto: modo transparente y SSL Bump (poder saber páginas visitadas por HTTPS si modo transparente).
http://wiki.squid-cache.org/Features/SslBump