Squid, SquidGuard, Lightsquid status on 2.3

whitexp · Jan 21, 2016, 6:55 PM

error on lightsquid

Jan 21 16:31:22	php-fpm	28398	/rc.start_packages: [lightsquid] Error: Could not load default '/usr/local/etc/lightsquid/lightsquid.cfg.dist' configuration file.
Jan 21 16:31:22	php-fpm	28398	/rc.start_packages: [lightsquid] Error: Could not create '/usr/local/etc/lightsquid/lightsquid.cfg' configuration file.
Jan 21 16:31:22	php-fpm	28398	/rc.start_packages: [lightsquid] Removing old cronjobs...

jimp · Jan 21, 2016, 6:57 PM

Lightsquid is broken in many ways (see the earlier posts in the thread) – no hope of it working util we fix up nginx for CGI.

Pakken · Jan 22, 2016, 1:39 PM

Fired up a test vm with a clean 2.3 install, squid appears to be working as long as I disable clamav and c-icap.
I seriously lack time lately, after a (really) quick check it doesn't seem to build the .sock file and it probably misses something else.
I think you guys are well-aware of it but I'll be happy to provide more info as soon as I can if needed.

Thank you once again for the awesome job you keep doing.
See ya!

jimp · Jan 22, 2016, 3:57 PM

We've made no attempt to test or work on clamav or c-icap, just the base functions of the forward proxy currently.

seanelias · Jan 23, 2016, 3:59 PM

When ever i turn on Transparent HTTP Proxy i couldn't browse any website , but there is no problem if i use explicit proxy .

Any one have the same issue ???

brianc69 · Jan 24, 2016, 6:39 AM

I can't use transparent or adding it to my system direct. They both fail. Looks like a few of us having the problem but no cause or solution yet to my knowledge.

brianc69 · Feb 3, 2016, 6:14 PM

Clean install, restore configs, problem remains.

Valex · Feb 4, 2016, 9:52 AM

@jimp:

Lightsquid is broken in many ways (see the earlier posts in the thread) – no hope of it working util we fix up nginx for CGI.

@jimp:

We've made no attempt to test or work on clamav or c-icap, just the base functions of the forward proxy currently.

What does this mean? It's fixed in 2.3 final right?

rubinho · Feb 4, 2016, 1:24 PM

@seanelias:

When ever i turn on Transparent HTTP Proxy i couldn't browse any website , but there is no problem if i use explicit proxy .

Any one have the same issue ???

I can confirm that, the transparent proxy does not work

jimp · Feb 4, 2016, 1:36 PM

@Valex:

@jimp:

Lightsquid is broken in many ways (see the earlier posts in the thread) – no hope of it working util we fix up nginx for CGI.

@jimp:

We've made no attempt to test or work on clamav or c-icap, just the base functions of the forward proxy currently.

What does this mean? It's fixed in 2.3 final right?

The package version has no relation to 2.3 "final", it could be changed before or after release. Hopefully, before. It just means it isn't working or isn't tested now. The functions I stated we didn't work on may work fine, we just haven't tested them because they're not functions of squid we intend to "officially" support at this time.

Others are free to test and submit fixes as needed if they want, though.

UltramaticOrange · Feb 6, 2016, 3:57 AM

Reading threads from older versions of pfSense, it sounds like this is a known issue, but I wanted to report that I am also having issues with the transparent proxy and getting "ERR_EMPTY_RESPONSE" on Chrome. However, my observation has been that everything works fine when the DNS response is still hanging around from the last time I visited the page (read: squid was off). To me, this might suggest that Squid is either having a hard time talking to the dns server (isn't pointed a the local machine/general DNS settings), squid isn't giving dns enough time to respond (timeout setting too short), or there's some conflicting setting between squid and dns.

cmb · Feb 11, 2016, 10:15 AM

There's a workaround for the transparent proxy issue in https://redmine.pfsense.org/issues/5869

chgrp squid /dev/pf

Proper fix to come.

brianc69 · Feb 11, 2016, 1:49 PM

Work around confirmed working on my end! Squidguard also functioning now that squid is responding. Thank you!!!

Now I await the return of Lightsquid for reporting but for now the important part of content filtering has returned!

brianc69 · Feb 11, 2016, 1:48 PM

Also pleased to report that enabling antivirus is working too! I attempted to download the eicar.txt file and it was blocked with a virus warning as it should be!

Only thing left I notice is on the realtime log page.

Message
WARNING: Clamd was NOT notified: Can't connect to clamd through /var/run/clamav/clamd.sock: No such file or directory
Database updated (6435493 signatures) from db.us.clamav.net (IP: 194.8.197.22)

Everything else looks good to my knowledge.

brianc69 · Feb 11, 2016, 2:30 PM

Work around did not survive a reboot. Reapplied and things work again. Just an FYI.

jimp · Feb 11, 2016, 2:31 PM

That's expected, it's just a temp workaround.

jimp · Feb 11, 2016, 5:08 PM

New revision of the squid package is up now for testing. If you did the chgrp work around you need to change it back to 'proxy' or reboot before upgrading the package.

brianc69 · Feb 11, 2016, 5:54 PM

Rebooted, updated squid package. Seems to be ok. Content filtering and virus scanning are working.

rubinho · Feb 14, 2016, 6:09 PM

Thx for fixing this issue

Transparentproxy works fine now.

UltramaticOrange · Feb 25, 2016, 6:20 PM

I'm noticing that between the 12-24hr mark, DNS issues return. Timing has seemed relatively inconsistent and I haven't really narrowed down any possible causes just yet.

Here's what I've observed so far:
I restarted unbound, and the issue persisted.
I disabled squid and the issue went away.
I re-enabled squid and everything stayed good.

Next time, I'll check the squid logs and restart the service and report back.