[SOLUCIONADO] Problemas con squid3-dev - 3.3.10 pkg 2.2 lo instalo y no inicia

bellera

Verifica logs…

https://forum.pfsense.org/index.php/topic,46513.msg243870.html#msg243870

periko

La version actual o sea la 3 no -DEV, ya trae esas opciones no?

mellomx

Fijate k lo instale ayer e igual no me iniciaba y tengo mi configuracion bien a como lo configuro y nada k inicia

bellera

Falta una librería…

cat /var/log/system.log

Mar 11 17:28:27 pfSense php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was '/libexec/ld-elf.so.1: Shared object "libheimntlm.so.10" not found, required by "squid"'

https://redmine.pfsense.org/issues/3202

https://forum.pfsense.org/index.php?topic=66633.msg371602#msg371602

bellera

Tras descargar las librerías para mi pfSense 32 bit de pruebas en VirtualBox, squid3-dev arranca sin problemas.

Por contra, no arranca squidGuard y el error mostrado es:

Mar 11 18:10:58 pfSense php: /pkg_edit.php: The command '/usr/pbi/squid-i386/sbin/squid -k reconfigure -f /usr/pbi/squid-i386/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'

como si squid no estuviera trabajando. Cuestión no cierta.

bellera

squid3 + squidGuard-squid3 sí arrancan.

Me queda la duda de sin las librerías bajadas arrancaría squid3.

La diferencia entre squid3 y squid3-devel es que este último tiene incluído SSL Bump, es decir, capacidad de filtrado SSL

http://wiki.squid-cache.org/Features/SslBump

Como que para esto tiene que incluir el servicio ICAP, se pueden hacer toda clase de inspección/modificación de contenidos (antivirus, rescritura de headers…)

¡Ojo que esto puede ser o no legal según la legislación del lugar de la instalación!

marcelloc

what you get with squid -v on console? Did you fetched missing libs?

bellera

Yes, I fetched the libraries, and squid3-devel is working.

The problem is that squidGuard-squid3 is not starting, saying that parent squid process no exist (???). It exists, verified with ps command and WebGui.

I tried with other available squidGuard packages and same problem.

And squid3 + squidGuard-squid3 combination works fine.

I made a new fresh install, but I can't access to pfsense.com repository. I will try later and inform you about squid -v

marcelloc

I'll test it if time permits. I'm really busy on my job.

bellera

Ok, thanks!

New 2.1 fresh installation + squid3-dev

[2.1-RELEASE][admin@pfSense.localdomain]/root(2): squid -v
squid: Command not found.
[2.1-RELEASE][admin@pfSense.localdomain]/root(3): rehash
[2.1-RELEASE][admin@pfSense.localdomain]/root(4): squid -v
/libexec/ld-elf.so.1: Shared object "libheimntlm.so.10" not found, required by "squid"
[2.1-RELEASE][admin@pfSense.localdomain]/root(5): fetch -o /usr/local/lib/libasn1.so.10 http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libasn1.so.10
/usr/local/lib/libasn1.so.10                  100% of  478 kB  241 kBps
[2.1-RELEASE][admin@pfSense.localdomain]/root(6): fetch -o /usr/local/lib/libgssapi.so.10 http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libgssapi.so.10
/usr/local/lib/libgssapi.so.10                100% of   34 kB   98 kBps
[2.1-RELEASE][admin@pfSense.localdomain]/root(7): fetch -o /usr/local/lib/libheimntlm.so.10 http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libheimntlm.so.10
/usr/local/lib/libheimntlm.so.10              100% of   16 kB   67 kBps
[2.1-RELEASE][admin@pfSense.localdomain]/root(8): fetch -o /usr/local/lib/libhx509.so.10 http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libhx509.so.10
/usr/local/lib/libhx509.so.10                 100% of  214 kB  170 kBps
[2.1-RELEASE][admin@pfSense.localdomain]/root(9): fetch -o /usr/local/lib/libkrb5.so.10 http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libkrb5.so.10
/usr/local/lib/libkrb5.so.10                  100% of  379 kB  225 kBps
[2.1-RELEASE][admin@pfSense.localdomain]/root(10): fetch -o /usr/local/lib/libroken.so.10 http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libroken.so.10
/usr/local/lib/libroken.so.10                 100% of   61 kB  118 kBps
[2.1-RELEASE][admin@pfSense.localdomain]/root(11): squid -v
Squid Cache: Version 3.3.10
configure options:  '--with-default-user=squid' '--bindir=/usr/pbi/squid-i386/sbin' '--sbindir=/usr/pbi/squid-i386/sbin' '--datadir=/usr/pbi/squid-i386/etc/squid' '--libexecdir=/usr/pbi/squid-i386/libexec/squid' '--localstatedir=/var' '--sysconfdir=/usr/pbi/squid-i386/etc/squid' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid/squid.pid' '--with-swapdir=/var/squid/cache/squid' '--enable-auth' '--enable-build-info' '--enable-loadable-modules' '--enable-removal-policies=lru heap' '--disable-epoll' '--disable-linux-netfilter' '--disable-linux-tproxy' '--disable-translation' '--enable-auth-basic=DB MSNT MSNT-multi-domain NCSA PAM POP3 RADIUS  fake getpwnam LDAP NIS' '--enable-auth-digest=file' '--enable-external-acl-helpers=file_userip time_quota unix_group LDAP_group' '--enable-auth-negotiate=kerberos wrapper' '--enable-auth-ntlm=fake smb_lm' '--enable-storeio=diskd rock ufs aufs' '--enable-disk-io=AIO Blocking DiskDaemon IpcIo Mmapped DiskThreads' '--enable-log-daemon-helpers=file' '--enable-url-rewrite-helpers=fake' '--enable-delay-pools' '--enable-ssl' '--with-openssl=/usr' '--enable-ssl-crtd' '--enable-icmp' '--enable-htcp' '--disable-forw-via-db' '--enable-cache-digests' '--enable-wccp' '--enable-wccpv2' '--enable-eui' '--disable-ipfw-transparent' '--enable-pf-transparent' '--disable-ipf-transparent' '--enable-follow-x-forwarded-for' '--disable-ecap' '--enable-icap-client' '--disable-esi' '--enable-kqueue' '--with-large-files' '--prefix=/usr/pbi/squid-i386' '--mandir=/usr/pbi/squid-i386/man' '--infodir=/usr/pbi/squid-i386/info/' '--build=i386-portbld-freebsd8.3' 'build_alias=i386-portbld-freebsd8.3' 'CC=cc' 'CFLAGS=-O2 -pipe -I/usr/pbi/squid-i386/include -I/usr/include -DLDAP_DEPRECATED -fno-strict-aliasing' 'LDFLAGS= -L/usr/pbi/squid-i386/lib -pthread -Wl,-rpath=/usr/lib:/usr/pbi/squid-i386/lib -L/usr/lib' 'CPPFLAGS=' 'CXX=c++' 'CXXFLAGS=-O2 -pipe -I/usr/pbi/squid-i386/include -I/usr/include -DLDAP_DEPRECATED -fno-strict-aliasing' 'CPP=cpp' --enable-ltdl-convenience

Start squid3-devel

[2.1-RELEASE][admin@pfSense.localdomain]/root(12): ps -aux | grep squid
root   97385  0.0  1.0 13756 10200  ??  Is   11:43PM   0:00.00 /usr/pbi/squid-i386/sbin/squid -f /usr/pbi/squid-i386/etc/squid/squid.conf
proxy  97749  0.0  1.5 24004 15308  ??  I    11:43PM   0:00.02 (squid-1) -f /usr/pbi/squid-i386/etc/squid/squid.conf (squid)

Running…

bellera

Trying to use squid3-devel with my Firefox and connection denied by squid.

Activated squid logs and I can see:

[2.1-RELEASE][admin@pfSense.localdomain]/var/squid/logs(21): cat cache.log 
2014/03/11 23:43:21 kid1| Starting Squid Cache version 3.3.10 for i386-portbld-freebsd8.3...
2014/03/11 23:43:21 kid1| Process ID 97749
2014/03/11 23:43:21 kid1| Process Roles: worker
2014/03/11 23:43:21 kid1| With 11095 file descriptors available
2014/03/11 23:43:21 kid1| Initializing IP Cache...
2014/03/11 23:43:21 kid1| DNS Socket created at [::], FD 12
2014/03/11 23:43:21 kid1| DNS Socket created at 0.0.0.0, FD 14
2014/03/11 23:43:21 kid1| Adding domain localdomain from /etc/resolv.conf
2014/03/11 23:43:21 kid1| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2014/03/11 23:43:21 kid1| Adding nameserver 80.58.61.250 from /etc/resolv.conf
2014/03/11 23:43:21 kid1| Adding nameserver 80.58.61.254 from /etc/resolv.conf
2014/03/11 23:43:21 kid1| WARNING! invalid error detail name: X509_V_ERR_DIFFERENT_CRL_SCOPE
2014/03/11 23:43:21 kid1|  parse error while reading template file: /usr/pbi/squid-i386/etc/squid/errors/en/error-details.txt
2014/03/11 23:43:21 kid1| Unable to load default error language files. Reset to backups.
2014/03/11 23:43:21 kid1| WARNING! invalid error detail name: X509_V_ERR_DIFFERENT_CRL_SCOPE
2014/03/11 23:43:21 kid1|  parse error while reading template file: /usr/pbi/squid-i386/etc/squid/errors/templates/error-details.txt
2014/03/11 23:43:21 kid1| WARNING: failed to find or read error text file error-details.txt
2014/03/11 23:43:21 kid1| WARNING! invalid error detail name: X509_V_ERR_DIFFERENT_CRL_SCOPE
2014/03/11 23:43:21 kid1| WARNING! invalid error detail name: X509_V_ERR_DIFFERENT_CRL_SCOPE
2014/03/11 23:43:21 kid1| Logfile: opening log /dev/null
2014/03/11 23:43:21 kid1| WARNING: log parameters now start with a module name. Use 'stdio:/dev/null'
2014/03/11 23:43:21 kid1| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2014/03/11 23:43:21 kid1| Store logging disabled
2014/03/11 23:43:21 kid1| Swap maxSize 0 + 8192 KB, estimated 630 objects
2014/03/11 23:43:21 kid1| Target number of buckets: 31
2014/03/11 23:43:21 kid1| Using 8192 Store buckets
2014/03/11 23:43:21 kid1| Max Mem  size: 8192 KB
2014/03/11 23:43:21 kid1| Max Swap size: 0 KB
2014/03/11 23:43:21 kid1| Using Least Load store dir selection
2014/03/11 23:43:21 kid1| Current Directory is /usr/local/www
2014/03/11 23:43:21 kid1| Loaded Icons.
2014/03/11 23:43:21 kid1| HTCP Disabled.
2014/03/11 23:43:21 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
2014/03/11 23:43:21 kid1| sendto FD 22: (1) Operation not permitted
2014/03/11 23:43:21 kid1| ipcCreate: CHILD: hello write test failed

/var/log/system.log shows also problems…

Mar 11 23:39:30 pfSense php: /pkg_mgr_install.php: Beginning package installation for squid3-dev .
Mar 11 23:40:20 pfSense check_reload_status: Syncing firewall
Mar 11 23:40:22 pfSense php: /pkg_mgr_install.php: Stopping any running proxy monitors
Mar 11 23:40:23 pfSense php: /pkg_mgr_install.php: Starting Squid
Mar 11 23:40:23 pfSense php: /pkg_mgr_install.php: Starting a proxy monitor script
Mar 11 23:40:23 pfSense php: /pkg_mgr_install.php: [Squid] - Squid_resync function call pr: bp:1 rpc:no
Mar 11 23:40:23 pfSense check_reload_status: Reloading filter
Mar 11 23:40:23 pfSense php: /pkg_mgr_install.php: [Squid] - Squid_resync function call pr: bp:1 rpc:no
Mar 11 23:43:19 pfSense php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was 'squid: No running copy' 
Mar 11 23:43:21 pfSense squid[97385]: Squid Parent: will start 1 kids
Mar 11 23:43:21 pfSense squid[97385]: Squid Parent: (squid-1) process 97749 started
Mar 11 23:47:39 pfSense php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no
Mar 11 23:47:40 pfSense check_reload_status: Syncing firewall
Mar 11 23:47:40 pfSense php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no
Mar 11 23:47:40 pfSense check_reload_status: Reloading filter
Mar 11 23:47:41 pfSense php: /pkg_edit.php: Reloading Squid for configuration sync
Mar 11 23:47:41 pfSense php: /pkg_edit.php: The command '/usr/pbi/squid-i386/sbin/squid -k reconfigure -f /usr/pbi/squid-i386/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy' 

So, squid3-dev doesn't work. No matter if squidGuard package is installed or not.

marcelloc

remove/comment these X509_V_ERR_DIFFERENT_CRL_SCOPE options on squid.conf/squid.inc

It may fix package startup.

I'll fix it on next package update as soon as possible.

Thanks for the feedback.

bellera

@ marcelloc,

Thanks. I'll translate your answer to Spanish….

bellera

@marcelloc:

remove/comment these X509_V_ERR_DIFFERENT_CRL_SCOPE options on squid.conf/squid.inc

It may fix package startup.

I'll fix it on next package update as soon as possible.

Thanks for the feedback.

_Quitar/comentar las opciones X509_V_ERR_DIFFERENT_CRL_SCOPE  en squid.conf/squid.inc

De esto modo quedará corregido el arranque del paquete.

Incluiré esta modificación en la próxima actualización del paquete, lo más pronto que pueda.

Gracias por el testeo.

marcelloc (desarrollador de los paquetes pfSense para squid)_

**En cuanto pueda, probaré lo dicho con mi pfSense de pruebas en VirtualBox…

Josep (moderador)**

bellera

@marcelloc:

remove/comment these X509_V_ERR_DIFFERENT_CRL_SCOPE options on squid.conf/squid.inc

It may fix package startup.

I'll fix it on next package update as soon as possible.

Thanks for the feedback.

I had to modify /usr/pbi/squid-i386/etc/squid/errors/en/error-details.txt

[2.1-RELEASE][admin@pfSense.localdomain]/usr/pbi/squid-i386/etc/squid/errors/en(61): diff error-details.txt error-details.txt-original 
176a177,184
> name: X509_V_ERR_DIFFERENT_CRL_SCOPE
> detail: "%ssl_error_descr: %ssl_subject"
> descr: "Different CRL scope"
> 
> name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE
> detail: "%ssl_error_descr: %ssl_subject"
> descr: "Unsupported extension feature"
> 
180a189,216
> name: X509_V_ERR_PERMITTED_VIOLATION
> detail: "%ssl_error_descr: %ssl_subject"
> descr: "permitted subtree violation"
> 
> name: X509_V_ERR_EXCLUDED_VIOLATION
> detail: "%ssl_error_descr: %ssl_subject"
> descr: "excluded subtree violation"
> 
> name: X509_V_ERR_SUBTREE_MINMAX
> detail: "%ssl_error_descr: %ssl_subject"
> descr: "name constraints minimum and maximum not supported"
> 
> name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE
> detail: "%ssl_error_descr: %ssl_subject"
> descr: "unsupported name constraint type"
> 
> name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX
> detail: "%ssl_error_descr: %ssl_subject"
> descr: "unsupported or invalid name constraint syntax"
> 
> name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX
> detail: "%ssl_error_descr: %ssl_subject"
> descr: "unsupported or invalid name syntax"
> 
> name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR
> detail: "%ssl_error_descr: %ssl_subject"
> descr: "CRL path validation error"
>

but still not working:

2014/03/12 22:55:21 kid1| Starting Squid Cache version 3.3.10 for i386-portbld-freebsd8.3...
2014/03/12 22:55:21 kid1| Process ID 50666
2014/03/12 22:55:21 kid1| Process Roles: worker
2014/03/12 22:55:21 kid1| With 11095 file descriptors available
2014/03/12 22:55:21 kid1| Initializing IP Cache...
2014/03/12 22:55:21 kid1| DNS Socket created at [::], FD 12
2014/03/12 22:55:21 kid1| DNS Socket created at 0.0.0.0, FD 14
2014/03/12 22:55:21 kid1| Adding domain localdomain from /etc/resolv.conf
2014/03/12 22:55:21 kid1| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2014/03/12 22:55:21 kid1| Adding nameserver 80.58.61.250 from /etc/resolv.conf
2014/03/12 22:55:21 kid1| Adding nameserver 80.58.61.254 from /etc/resolv.conf
2014/03/12 22:55:21 kid1| Logfile: opening log /var/squid/logs/access.log
2014/03/12 22:55:21 kid1| WARNING: log parameters now start with a module name. Use 'stdio:/var/squid/logs/access.log'
2014/03/12 22:55:21 kid1| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2014/03/12 22:55:21 kid1| Store logging disabled
2014/03/12 22:55:21 kid1| Swap maxSize 0 + 8192 KB, estimated 630 objects
2014/03/12 22:55:21 kid1| Target number of buckets: 31
2014/03/12 22:55:21 kid1| Using 8192 Store buckets
2014/03/12 22:55:21 kid1| Max Mem  size: 8192 KB
2014/03/12 22:55:21 kid1| Max Swap size: 0 KB
2014/03/12 22:55:21 kid1| Using Least Load store dir selection
2014/03/12 22:55:21 kid1| Current Directory is /usr/local/www
2014/03/12 22:55:21 kid1| Loaded Icons.
2014/03/12 22:55:21 kid1| HTCP Disabled.
2014/03/12 22:55:21 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
2014/03/12 22:55:21 kid1| sendto FD 18: (1) Operation not permitted
2014/03/12 22:55:21 kid1| ipcCreate: CHILD: hello write test failed

Bug?

http://www.squid-cache.org/mail-archive/squid-users/201302/0060.html

Has pfSense diskd activated? I have some proxys FreeBSD based and diskd must be activated by kernel…

marcelloc

Squidguard-squid3 systempatch for use with squid3-dev 

I found it today on forum.

bellera

Ok, thanks, but first problem is running squid3-devel after fresh installation.

For the moment, I don't have squidGuard-squid3

bellera

@ marcelloc,

My error was IPV6 disabled!

https://forum.pfsense.org/index.php?topic=63618.msg344165#msg344165

2014/03/12 23:25:03 kid1| Starting Squid Cache version 3.3.10 for i386-portbld-freebsd8.3...
2014/03/12 23:25:03 kid1| Process ID 35219
2014/03/12 23:25:03 kid1| Process Roles: worker
2014/03/12 23:25:03 kid1| With 11095 file descriptors available
2014/03/12 23:25:03 kid1| Initializing IP Cache...
2014/03/12 23:25:03 kid1| DNS Socket created at [::], FD 12
2014/03/12 23:25:03 kid1| DNS Socket created at 0.0.0.0, FD 14
2014/03/12 23:25:03 kid1| Adding domain localdomain from /etc/resolv.conf
2014/03/12 23:25:03 kid1| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2014/03/12 23:25:03 kid1| Adding nameserver 80.58.61.250 from /etc/resolv.conf
2014/03/12 23:25:03 kid1| Adding nameserver 80.58.61.254 from /etc/resolv.conf
2014/03/12 23:25:03 kid1| Logfile: opening log /var/squid/logs/access.log
2014/03/12 23:25:03 kid1| WARNING: log parameters now start with a module name. Use 'stdio:/var/squid/logs/access.log'
2014/03/12 23:25:03 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
2014/03/12 23:25:03 kid1| Unlinkd pipe opened on FD 19
2014/03/12 23:25:03 kid1| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2014/03/12 23:25:03 kid1| Store logging disabled
2014/03/12 23:25:03 kid1| Swap maxSize 102400 + 8192 KB, estimated 8507 objects
2014/03/12 23:25:03 kid1| Target number of buckets: 425
2014/03/12 23:25:03 kid1| Using 8192 Store buckets
2014/03/12 23:25:03 kid1| Max Mem  size: 8192 KB
2014/03/12 23:25:03 kid1| Max Swap size: 102400 KB
2014/03/12 23:25:03 kid1| Rebuilding storage in /var/squid/cache (no log)
2014/03/12 23:25:03 kid1| Using Least Load store dir selection
2014/03/12 23:25:03 kid1| Current Directory is /usr/local/www
2014/03/12 23:25:03 kid1| Loaded Icons.
2014/03/12 23:25:03 kid1| HTCP Disabled.
2014/03/12 23:25:03 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
2014/03/12 23:25:03 kid1| Pinger socket opened on FD 26
2014/03/12 23:25:03 kid1| Squid plugin modules loaded: 0
2014/03/12 23:25:03 kid1| Adaptation support is off.
2014/03/12 23:25:03 kid1| Accepting HTTP Socket connections at local=192.168.1.1:3128 remote=[::] FD 23 flags=9
2014/03/12 23:25:03 kid1| Accepting ICP messages on [::]:7
2014/03/12 23:25:03 kid1| Sending ICP messages from [::]:7
2014/03/12 23:25:03| pinger: Initialising ICMP pinger ...
2014/03/12 23:25:03| pinger: ICMP socket opened.
2014/03/12 23:25:03| pinger: ICMPv6 socket opened
2014/03/12 23:25:03 kid1| Done scanning /var/squid/cache dir (0 entries)
2014/03/12 23:25:03 kid1| Finished rebuilding storage from disk.
2014/03/12 23:25:03 kid1|         0 Entries scanned
2014/03/12 23:25:03 kid1|         0 Invalid entries.
2014/03/12 23:25:03 kid1|         0 With invalid flags.
2014/03/12 23:25:03 kid1|         0 Objects loaded.
2014/03/12 23:25:03 kid1|         0 Objects expired.
2014/03/12 23:25:03 kid1|         0 Objects cancelled.
2014/03/12 23:25:03 kid1|         0 Duplicate URLs purged.
2014/03/12 23:25:03 kid1|         0 Swapfile clashes avoided.
2014/03/12 23:25:03 kid1|   Took 0.13 seconds (  0.00 objects/sec).
2014/03/12 23:25:03 kid1| Beginning Validation Procedure
2014/03/12 23:25:03 kid1|   Completed Validation Procedure
2014/03/12 23:25:03 kid1|   Validated 0 Entries
2014/03/12 23:25:03 kid1|   store_swap_size = 0.00 KB
2014/03/12 23:25:04 kid1| storeLateRelease: released 0 objects

But if I'm not having IPv6 on my network why I need it activated?

bellera

Por mi parte, solucionado:

01. IPv6 activado. squid3 está compilado en este paquete con IPv6 activado y lo precisa, aunque no lo emplee.

02. Las librerías que faltan, https://forum.pfsense.org/index.php?topic=66633.msg371602#msg371602

03. Instalación de squid3-devel

04. Services - Proxy Server - General - Enabled logging - /var/squid/logs (opcional, si se quiere access.log)
    Services - Proxy Server - Local cache - Save  (crear la caché inicial)
    Services - Proxy Server - Restart Proxy Server (reiniciar)

05. 192.168.1.1:3128 como proxy en el navegador y funciona.

06. Eliminar error netdb.state (OPCIONAL), http://forum.pfsense.org/index.php?topic=74312.msg406254#msg406254
Resuelto con la versión 2.2.2 del paquete squid3-dev
Ver cambios de versión –-> https://github.com/pfsense/pfsense-packages/commits/master/config/squid3/33

07. Avisos de error en error-details.txt. No son graves y se deben a diferencias de versiones de OpenSSL. Pueden eliminarse modificando el fichero según se explica en http://bugs.squid-cache.org/show_bug.cgi?id=3936

Ahora queda probar el resto: modo transparente y SSL Bump (poder saber páginas visitadas por HTTPS si modo transparente).

http://wiki.squid-cache.org/Features/SslBump

bellera

Modo transparente para http –-> Funciona correctamente.

Modo transparente para https –-> No arranca, https://forum.pfsense.org/index.php?topic=72872.msg402537#msg402537

Modo transparente para https (SSL Bump) –-> Sí arranca. Se precisa:

01. Crear una autoridad certificadora (CA) propia en pfSense
System: Cert Manager: CAs

02. Configurar dicha CA en SSL man in the middle Filtering de las opciones generales del paquete squid3-devel

03. SSL Proxy port distinto del no SSL (3128). Por ejemplo, 3129

04. Volver a la emisión de CAs y hacer export CA cert (primer botón a la derecha del botón [e] de edición).

05. Distribuir el archivo MiAutoridadCertificadora.crt a todos los usuarios.

06a. En Firefox Linux, MiAutoridadCertificadora.crt se importa yendo a:
Edita / Preferencias / Avanzado / Visualiza los certificados / Importa / Confía en esta CA para identificar sitios web

06b. Con servidor web se puede simplificar la distribución con algo como www.midominio.tld/MiAutoridadCertificadora.crt. Abriendo el archivo con el navegador, éste pregunta si se quiere importar la CA.

La distribución a los usuarios del certificado de autoridad y su instalación puede ser bastante engorrosa en muchos entornos.

Se precisa una autoridad certificadora propia para ir emitiendo "al vuelo" un certificado para cada servidor distinto visitado por https. El mecanismo se basa en un ataque MITM, http://es.wikipedia.org/wiki/Ataque_Man-in-the-middle y es usado también por muchos dispositivos (appliances) comerciales cortafuegos que inspeccionan el tráfico.

Ejemplo: http://www.pandasecurity.com/spain/enterprise/support/card?id=41811#Cambios_aplicados_2013-01-31

Instalación de la CA en Android –-> http://forum.pfsense.org/index.php?topic=74007.msg405526#msg405526
Instalación de la CA en iOS ---> http://forum.pfsense.org/index.php?topic=74007.msg405578#msg405578

Bug en squid3-dev 3.3.10 pkg 2.2.2
http://forum.pfsense.org/index.php?topic=62256.msg407762#msg407762