Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't get squid3-dev 3.3.10 pkg 2.2.1 working

    Scheduled Pinned Locked Moved Cache/Proxy
    14 Posts 7 Posters 6.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      getut
      last edited by

      I'm in the process of trying to get SSL filtering working on my pfsense box. The first stage is get squide-dev working which I am failing at. I have had previous installs of squid 2 and squid 3 along with squidguard running on this box but squid 3 dev just isn't working for me. I at first thought it was problems with leftovers from the previous installs so I removed all packages and cleared out all the old configs from /cf/conf/config.xml then installed squd3-dev from scratch again. Same thing. My test browser works fine going through pfsense until I either enable transparent proxy in squid or configure explicit proxy in the browser then it stops working. The error log doesn't seem to show anything helpful, and process listing shows that squid is up and running.

      Any ideas to help me out? Let me know if I need to add any additional logs or data to this.

      squid -v
      Squid Cache: Version 3.3.10
      configure options:  '--with-default-user=squid' '--bindir=/usr/pbi/squid-i386/sbin' '--sbindir=/usr/pbi/squid-i386/sbin' '--datadir=/usr/pbi/squid-i386/etc/squid' '--libexecdir=/usr/pbi/squid-i386/libexec/squid' '--localstatedir=/var' '--sysconfdir=/usr/pbi/squid-i386/etc/squid' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid/squid.pid' '--with-swapdir=/var/squid/cache/squid' '--enable-auth' '--enable-build-info' '--enable-loadable-modules' '--enable-removal-policies=lru heap' '--disable-epoll' '--disable-linux-netfilter' '--disable-linux-tproxy' '--disable-translation' '--enable-auth-basic=DB MSNT MSNT-multi-domain NCSA PAM POP3 RADIUS  fake getpwnam LDAP NIS' '--enable-auth-digest=file' '--enable-external-acl-helpers=file_userip time_quota unix_group LDAP_group' '--enable-auth-negotiate=kerberos wrapper' '--enable-auth-ntlm=fake smb_lm' '--enable-storeio=diskd rock ufs aufs' '--enable-disk-io=AIO Blocking DiskDaemon IpcIo Mmapped DiskThreads' '--enable-log-daemon-helpers=file' '--enable-url-rewrite-helpers=fake' '--enable-delay-pools' '--enable-ssl' '--with-openssl=/usr' '--enable-ssl-crtd' '--enable-icmp' '--enable-htcp' '--disable-forw-via-db' '--enable-cache-digests' '--enable-wccp' '--enable-wccpv2' '--enable-eui' '--disable-ipfw-transparent' '--enable-pf-transparent' '--disable-ipf-transparent' '--enable-follow-x-forwarded-for' '--disable-ecap' '--enable-icap-client' '--disable-esi' '--enable-kqueue' '--with-large-files' '--prefix=/usr/pbi/squid-i386' '--mandir=/usr/pbi/squid-i386/man' '--infodir=/usr/pbi/squid-i386/info/' '--build=i386-portbld-freebsd8.3' 'build_alias=i386-portbld-freebsd8.3' 'CC=cc' 'CFLAGS=-O2 -pipe -I/usr/pbi/squid-i386/include -I/usr/include -DLDAP_DEPRECATED -fno-strict-aliasing' 'LDFLAGS= -L/usr/pbi/squid-i386/lib -pthread -Wl,-rpath=/usr/lib:/usr/pbi/squid-i386/lib -L/usr/lib' 'CPPFLAGS=' 'CXX=c++' 'CXXFLAGS=-O2 -pipe -I/usr/pbi/squid-i386/include -I/usr/include -DLDAP_DEPRECATED -fno-strict-aliasing' 'CPP=cpp' --enable-ltdl-convenience
      
      squid -k parse
      2014/03/27 12:47:01| Startup: Initializing Authentication Schemes ...
      2014/03/27 12:47:01| Startup: Initialized Authentication Scheme 'basic'
      2014/03/27 12:47:01| Startup: Initialized Authentication Scheme 'digest'
      2014/03/27 12:47:01| Startup: Initialized Authentication Scheme 'negotiate'
      2014/03/27 12:47:01| Startup: Initialized Authentication Scheme 'ntlm'
      2014/03/27 12:47:01| Startup: Initialized Authentication.
      2014/03/27 12:47:01| Processing Configuration File: /usr/pbi/squid-i386/etc/squid/squid.conf (depth 0)
      2014/03/27 12:47:01| Processing: http_port 172.22.5.252:3128
      2014/03/27 12:47:01| Processing: icp_port 7
      2014/03/27 12:47:01| Processing: dns_v4_first off
      2014/03/27 12:47:01| Processing: pid_filename /var/run/squid.pid
      2014/03/27 12:47:01| Processing: cache_effective_user proxy
      2014/03/27 12:47:01| Processing: cache_effective_group proxy
      2014/03/27 12:47:01| Processing: error_default_language en
      2014/03/27 12:47:01| Processing: icon_directory /usr/pbi/squid-i386/etc/squid/icons
      2014/03/27 12:47:01| Processing: visible_hostname localhost
      2014/03/27 12:47:01| Processing: cache_mgr admin@localhost
      2014/03/27 12:47:01| Processing: access_log /var/squid/logs/access.log
      2014/03/27 12:47:01| Processing: cache_log /var/squid/logs/cache.log
      2014/03/27 12:47:01| Processing: cache_store_log none
      2014/03/27 12:47:01| Processing: logfile_rotate 0
      2014/03/27 12:47:01| Processing: shutdown_lifetime 3 seconds
      2014/03/27 12:47:01| Processing: acl localnet src  172.22.4.0/23
      2014/03/27 12:47:01| Processing: uri_whitespace strip
      2014/03/27 12:47:01| Processing: acl dynamic urlpath_regex cgi-bin \?
      2014/03/27 12:47:01| Processing: cache deny dynamic
      2014/03/27 12:47:01| Processing: cache_mem 8 MB
      2014/03/27 12:47:01| Processing: maximum_object_size_in_memory 32 KB
      2014/03/27 12:47:01| Processing: memory_replacement_policy heap GDSF
      2014/03/27 12:47:01| Processing: cache_replacement_policy heap LFUDA
      2014/03/27 12:47:01| Processing: minimum_object_size 0 KB
      2014/03/27 12:47:01| Processing: maximum_object_size 10 KB
      2014/03/27 12:47:01| Processing: offline_mode off
      2014/03/27 12:47:01| Processing: cache allow all
      2014/03/27 12:47:01| Processing: acl allsrc src all
      2014/03/27 12:47:01| Processing: acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 3127 1025-65535
      2014/03/27 12:47:01| Processing: acl sslports port 443 563
      2014/03/27 12:47:01| Processing: acl purge method PURGE
      2014/03/27 12:47:01| Processing: acl connect method CONNECT
      2014/03/27 12:47:01| Processing: acl HTTP proto HTTP
      2014/03/27 12:47:01| Processing: acl HTTPS proto HTTPS
      2014/03/27 12:47:01| Processing: acl allowed_subnets src 172.22.0.0/16
      2014/03/27 12:47:01| Processing: http_access allow manager localhost
      2014/03/27 12:47:01| Processing: http_access deny manager
      2014/03/27 12:47:01| Processing: http_access allow purge localhost
      2014/03/27 12:47:01| Processing: http_access deny purge
      2014/03/27 12:47:01| Processing: http_access deny !safeports
      2014/03/27 12:47:01| Processing: http_access deny CONNECT !sslports
      2014/03/27 12:47:01| Processing: request_body_max_size 0 KB
      2014/03/27 12:47:01| Processing: delay_pools 1
      2014/03/27 12:47:01| Processing: delay_class 1 2
      2014/03/27 12:47:01| Processing: delay_parameters 1 -1/-1 -1/-1
      2014/03/27 12:47:01| Processing: delay_initial_bucket_level 100
      2014/03/27 12:47:01| Processing: delay_access 1 allow allsrc
      2014/03/27 12:47:01| Processing: http_access allow allowed_subnets
      2014/03/27 12:47:01| Processing: http_access allow localnet
      2014/03/27 12:47:01| Processing: http_access deny allsrc
      2014/03/27 12:47:01| Initializing https proxy context
      
      
      1 Reply Last reply Reply Quote 0
      • belleraB
        bellera
        last edited by

        Did you first installed the "orphan" libraries needed by squid3-devel?

        https://forum.pfsense.org/index.php?topic=66633.msg371602#msg371602

        Did you create your own Certificate Authority (CA) with pfSense? And configured for the transparent SSL interception?

        I documented all the steps at Spanish section. Yo can use the Google Translator. Unfortunately the translation for this forum it seems to work only using Chrome browser, https://forum.pfsense.org/index.php?topic=73007.msg402349#msg402349

        1 Reply Last reply Reply Quote 0
        • G
          getut
          last edited by

          @bellera:

          Did you first installed the "orphan" libraries needed by squid3-devel?

          https://forum.pfsense.org/index.php?topic=66633.msg371602#msg371602

          Yes, squid3-dev wouldn't even start before getting those libraries off your link.

          @bellera:

          Did you create your own Certificate Authority (CA) with pfSense? And configured for the transparent SSL interception?

          Yes I have a CA created, but it is not even working with just non-SSL proxying.

          1 Reply Last reply Reply Quote 0
          • belleraB
            bellera
            last edited by

            Could you post your cache.log?

            1 Reply Last reply Reply Quote 0
            • G
              getut
              last edited by

              Simply knowing cache.log is the next place I should be looking was a huge help. I'm posting it here but this also give me something to work on myself until you or someone can post back.

              This is a startup sequence in cache.log. In this startup only transparent http is enable. Transparent SSL is disabled. I'll first work on getting it working for one then the other.

              2014/03/28 07:20:34 kid1| Starting Squid Cache version 3.3.10 for i386-portbld-freebsd8.3...
              2014/03/28 07:20:34 kid1| Process ID 57894
              2014/03/28 07:20:34 kid1| Process Roles: worker
              2014/03/28 07:20:34 kid1| With 11095 file descriptors available
              2014/03/28 07:20:34 kid1| Initializing IP Cache...
              2014/03/28 07:20:34 kid1| DNS Socket created at [::], FD 12
              2014/03/28 07:20:34 kid1| DNS Socket created at 0.0.0.0, FD 14
              2014/03/28 07:20:34 kid1| Adding domain ngkacu.com from /etc/resolv.conf
              2014/03/28 07:20:34 kid1| Adding nameserver 127.0.0.1 from /etc/resolv.conf
              2014/03/28 07:20:34 kid1| Adding nameserver 172.22.4.5 from /etc/resolv.conf
              2014/03/28 07:20:34 kid1| Adding nameserver 172.22.4.3 from /etc/resolv.conf
              2014/03/28 07:20:34 kid1| WARNING! invalid error detail name: X509_V_ERR_DIFFERENT_CRL_SCOPE
              2014/03/28 07:20:34 kid1|  parse error while reading template file: /usr/pbi/squid-i386/etc/squid/errors/en/error-details.txt
              2014/03/28 07:20:34 kid1| Unable to load default error language files. Reset to backups.
              2014/03/28 07:20:34 kid1| WARNING! invalid error detail name: X509_V_ERR_DIFFERENT_CRL_SCOPE
              2014/03/28 07:20:34 kid1|  parse error while reading template file: /usr/pbi/squid-i386/etc/squid/errors/templates/error-details.txt
              2014/03/28 07:20:34 kid1| WARNING: failed to find or read error text file error-details.txt
              2014/03/28 07:20:34 kid1| WARNING! invalid error detail name: X509_V_ERR_DIFFERENT_CRL_SCOPE
              2014/03/28 07:20:34 kid1| WARNING! invalid error detail name: X509_V_ERR_DIFFERENT_CRL_SCOPE
              2014/03/28 07:20:34 kid1| Logfile: opening log /var/squid/logs/access.log
              2014/03/28 07:20:34 kid1| WARNING: log parameters now start with a module name. Use 'stdio:/var/squid/logs/access.log'
              2014/03/28 07:20:34 kid1| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
              2014/03/28 07:20:34 kid1| Store logging disabled
              2014/03/28 07:20:34 kid1| Swap maxSize 0 + 8192 KB, estimated 630 objects
              2014/03/28 07:20:34 kid1| Target number of buckets: 31
              2014/03/28 07:20:34 kid1| Using 8192 Store buckets
              2014/03/28 07:20:34 kid1| Max Mem  size: 8192 KB
              2014/03/28 07:20:34 kid1| Max Swap size: 0 KB
              2014/03/28 07:20:34 kid1| Using Least Load store dir selection
              2014/03/28 07:20:34 kid1| Current Directory is /usr/local/www
              2014/03/28 07:20:34 kid1| Loaded Icons.
              2014/03/28 07:20:34 kid1| HTCP Disabled.
              2014/03/28 07:20:34 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
              2014/03/28 07:20:34 kid1| sendto FD 23: (1) Operation not permitted
              2014/03/28 07:20:34 kid1| ipcCreate: CHILD: hello write test failed
              
              1 Reply Last reply Reply Quote 0
              • belleraB
                bellera
                last edited by

                Did you disable the IPv6 support?

                squid3-devel needs IPv6 support activated. I doesn't matter if you use IPv6 or not.

                1 Reply Last reply Reply Quote 0
                • G
                  getut
                  last edited by

                  @bellera:

                  Did you disable the IPv6 support?

                  squid3-devel needs IPv6 support activated. I doesn't matter if you use IPv6 or not.

                  I had found a post that mentioned that and tried it…. usage testing only and it did not change anything and turned it back off again. I did not pull any logs or know about the cache.log at that time, so I just turned IPv6 back on (SLAAC mode) and started squid again. Here is the new cache.log.

                  2014/03/28 10:47:50 kid1| Starting Squid Cache version 3.3.10 for i386-portbld-freebsd8.3...
                  2014/03/28 10:47:50 kid1| Process ID 73273
                  2014/03/28 10:47:50 kid1| Process Roles: worker
                  2014/03/28 10:47:50 kid1| With 11095 file descriptors available
                  2014/03/28 10:47:50 kid1| Initializing IP Cache...
                  2014/03/28 10:47:50 kid1| DNS Socket created at [::], FD 12
                  2014/03/28 10:47:50 kid1| DNS Socket created at 0.0.0.0, FD 14
                  2014/03/28 10:47:50 kid1| Adding domain ngkacu.com from /etc/resolv.conf
                  2014/03/28 10:47:50 kid1| Adding nameserver 127.0.0.1 from /etc/resolv.conf
                  2014/03/28 10:47:50 kid1| Adding nameserver 172.22.4.5 from /etc/resolv.conf
                  2014/03/28 10:47:50 kid1| Adding nameserver 172.22.4.3 from /etc/resolv.conf
                  2014/03/28 10:47:50 kid1| WARNING! invalid error detail name: X509_V_ERR_DIFFERENT_CRL_SCOPE
                  2014/03/28 10:47:50 kid1|  parse error while reading template file: /usr/pbi/squid-i386/etc/squid/errors/en/error-details.txt
                  2014/03/28 10:47:50 kid1| Unable to load default error language files. Reset to backups.
                  2014/03/28 10:47:50 kid1| WARNING! invalid error detail name: X509_V_ERR_DIFFERENT_CRL_SCOPE
                  2014/03/28 10:47:50 kid1|  parse error while reading template file: /usr/pbi/squid-i386/etc/squid/errors/templates/error-details.txt
                  2014/03/28 10:47:50 kid1| WARNING: failed to find or read error text file error-details.txt
                  2014/03/28 10:47:50 kid1| WARNING! invalid error detail name: X509_V_ERR_DIFFERENT_CRL_SCOPE
                  2014/03/28 10:47:50 kid1| WARNING! invalid error detail name: X509_V_ERR_DIFFERENT_CRL_SCOPE
                  2014/03/28 10:47:50 kid1| Logfile: opening log /var/squid/logs/access.log
                  2014/03/28 10:47:50 kid1| WARNING: log parameters now start with a module name. Use 'stdio:/var/squid/logs/access.log'
                  2014/03/28 10:47:50 kid1| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
                  2014/03/28 10:47:50 kid1| Store logging disabled
                  2014/03/28 10:47:50 kid1| Swap maxSize 0 + 8192 KB, estimated 630 objects
                  2014/03/28 10:47:50 kid1| Target number of buckets: 31
                  2014/03/28 10:47:50 kid1| Using 8192 Store buckets
                  2014/03/28 10:47:50 kid1| Max Mem  size: 8192 KB
                  2014/03/28 10:47:50 kid1| Max Swap size: 0 KB
                  2014/03/28 10:47:50 kid1| Using Least Load store dir selection
                  2014/03/28 10:47:50 kid1| Current Directory is /usr/local/www
                  2014/03/28 10:47:50 kid1| Loaded Icons.
                  2014/03/28 10:47:50 kid1| HTCP Disabled.
                  2014/03/28 10:47:50 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
                  2014/03/28 10:47:50 kid1| sendto FD 23: (1) Operation not permitted
                  2014/03/28 10:47:50 kid1| ipcCreate: CHILD: hello write test failed
                  
                  1 Reply Last reply Reply Quote 0
                  • F
                    finalcut
                    last edited by

                    from the terminal

                    /usr/local/sbin/squid -v.

                    if it give you back  this result

                    /libexec/ld-elf.so.1: Shared object "libheimntlm.so.10" not found, required by "squid"

                    you should run this commands from terminal

                    fetch -o /usr/local/lib/libasn1.so.10 http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libasn1.so.10
                    fetch -o /usr/local/lib/libgssapi.so.10 http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libgssapi.so.10
                    fetch -o /usr/local/lib/libheimntlm.so.10 http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libheimntlm.so.10
                    fetch -o /usr/local/lib/libhx509.so.10 http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libhx509.so.10
                    fetch -o /usr/local/lib/libkrb5.so.10 http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libkrb5.so.10
                    fetch -o /usr/local/lib/libroken.so.10 http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libroken.so.10

                    then from authentication tab
                    enable local logging
                    save 
                    from user tab
                    create new user  “user1” with password “P@ssw0rd”.

                    restart service

                    1 Reply Last reply Reply Quote 0
                    • marcellocM
                      marcelloc
                      last edited by

                      What you get with
                      netstat -an | grep 3128

                      Treinamentos de Elite: http://sys-squad.com

                      Help a community developer! ;D

                      1 Reply Last reply Reply Quote 0
                      • belleraB
                        bellera
                        last edited by

                        WARNING: no_suid: setuid(0): (1) Operation not permitted seems to be only a WARNING and doesn't affect normal squid3-devel operation.

                        Documented at http://forum.pfsense.org/index.php?topic=74310.0 (in Spanish)

                        http://translate.google.com/translate?sl=es&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Fforum.pfsense.org%2Findex.php%3Ftopic%3D74310.0&act=url with Chrome give as an "acceptable" translation.

                        1 Reply Last reply Reply Quote 0
                        • T
                          trendchiller
                          last edited by

                          I‘ trying squid 3.3.10 under pfSense 2.0.3 and i’m getting  errors in the logs.
                          Squid won’t work at all… so it does not really seem cosmetic…

                          2014/06/10 11:02:43 kid1| WARNING: failed to find or read error text file error-details.txt
                          2014/06/10 11:02:43 kid1| sendto FD 36: (1) Operation not permitted
                          2014/06/10 11:02:43 kid1| ipcCreate: CHILD: hello write test failed
                          2014/06/10 11:03:06 kid1| Starting Squid Cache version 3.3.10 for i386-portbld-freebsd8.3...
                          2014/06/10 11:03:06 kid1|  parse error while reading template file: /usr/pbi/squid-i386/etc/squid/errors/de/error-details.txt
                          2014/06/10 11:03:06 kid1| Unable to load default error language files. Reset to backups.
                          2014/06/10 11:03:06 kid1|  parse error while reading template file: /usr/pbi/squid-i386/etc/squid/errors/templates/error-details.txt
                          2014/06/10 11:03:06 kid1| WARNING: failed to find or read error text file error-details.txt
                          2014/06/10 11:03:06 kid1| sendto FD 31: (1) Operation not permitted
                          2014/06/10 11:03:06 kid1| ipcCreate: CHILD: hello write test failed
                          2014/06/10 11:04:03 kid1| Starting Squid Cache version 3.3.10 for i386-portbld-freebsd8.3...
                          2014/06/10 11:04:03 kid1|  parse error while reading template file: /usr/pbi/squid-i386/etc/squid/errors/de/error-details.txt
                          2014/06/10 11:04:03 kid1| Unable to load default error language files. Reset to backups.
                          2014/06/10 11:04:03 kid1|  parse error while reading template file: /usr/pbi/squid-i386/etc/squid/errors/templates/error-details.txt
                          2014/06/10 11:04:03 kid1| WARNING: failed to find or read error text file error-details.txt
                          2014/06/10 11:04:03 kid1| sendto FD 40: (1) Operation not permitted
                          2014/06/10 11:04:03 kid1| ipcCreate: CHILD: hello write test failed

                          1 Reply Last reply Reply Quote 0
                          • J
                            jitguy
                            last edited by

                            Exactly what I'm getting under 2.1.3 64-bit…

                            1 Reply Last reply Reply Quote 0
                            • T
                              trendchiller
                              last edited by

                              i'm running 64-bit, too…

                              1 Reply Last reply Reply Quote 0
                              • S
                                spyshagg
                                last edited by

                                @bellera:

                                Did you disable the IPv6 support?

                                squid3-devel needs IPv6 support activated. I doesn't matter if you use IPv6 or not.

                                Hello

                                I ran into this issue today. Disabled IPV6 support in Advanced -> Networking and squid3-dev + squidgard stopped filtering traffic (no internet on clients).

                                I have since re-enabled the option but it still does not work. Will restart the machine when possible.

                                any thoughts on why its still not working after re-enablind the option?

                                thanks

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.