Pfsense and squid proxy certificate sha1 issue

azharkov

You can try manual install squid-3.5.3.
1. Go to the pfSense console/terminal either via SSH or on the box itself (keyboard and monitor are a must), press 8 on either the num keypad or above the QWERTY keyboard, and press enter.
2. type in fetch https://files.pfsense.org/packages/10/All/squid-3.5.3-i386.pbi or https://files.pfsense.org/packages/10/All/squid-3.5.3-amd64.pbi and press enter. The file will download to the /root directory (root/admin home folder)
3. Type in pbi_add –no-checksig -f squid-3.5.3-i386.pbi or  pbi_add –no-checksig -f  squid-3.5.3-amd64.pbi and it will copy its files and dependencies without problems.

agixdota

@azharkov:

You can try manual install squid-3.5.3.
1. Go to the pfSense console/terminal either via SSH or on the box itself (keyboard and monitor are a must), press 8 on either the num keypad or above the QWERTY keyboard, and press enter.
2. type in fetch https://files.pfsense.org/packages/10/All/squid-3.5.3-i386.pbi or https://files.pfsense.org/packages/10/All/squid-3.5.3-amd64.pbi and press enter. The file will download to the /root directory (root/admin home folder)
3. Type in pbi_add –no-checksig -f squid-3.5.3-i386.pbi or  pbi_add –no-checksig -f  squid-3.5.3-amd64.pbi and it will copy its files and dependencies without problems.

Thanks, I will try it  ;)

trinidadrancheria

Tried it, rebooted after to reload squid. Version showed right, but squid 3.5.3 would not start :(
Had to restore backup.

In the error log

php: rc.bootup: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was '/usr/local/etc/rc.d/squid.sh: /usr/pbi/squid-amd64/sbin/squid: not found'

3.4.10 was already installed and I ran pbi_add –no-checksig -f  squid-3.5.3-amd64.pbi 
to update it (it overwrote the bins etc.) then rebooted.

agixdota

@trinidadrancheria:

Tried it, rebooted after to reload squid. Version showed right, but squid 3.5.3 would not start :(
Had to restore backup.

In the error log

php: rc.bootup: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was '/usr/local/etc/rc.d/squid.sh: /usr/pbi/squid-amd64/sbin/squid: not found'

3.4.10 was already installed and I ran pbi_add –no-checksig -f  squid-3.5.3-amd64.pbi 
to update it (it overwrote the bins etc.) then rebooted.

You should create shortcut of link folder etc, lib, libexec, sbin and share, may can help you.

trinidadrancheria

We are using the FreeBSD appliances :P

How would I do that?

uncltom

Okay here is how I did it.

1. Install Squid 3.4 from the packages menu.
2. Backup the following files: (this keeps C-ICAP working)
/usr/pbi/squid-amd64/local/etc/clamd.conf.pfsense
/usr/pbi/squid-amd64/local/etc/freshclam.conf.pfsense
/usr/pbi/squid-amd64/local/etc/c-icap/c-icap.conf.pfsense
/usr/pbi/squid-amd64/local/etc/c-icap/c-icap.magic.pfsense
/usr/pbi/squid-amd64/local/etc/c-icap/squidclamav.conf.pfsense

I did cp clamd.conf.pfsense ~/ for each file which copied the pfsense files to my root folder.

3. Download the 3.5.3 package file and install it as mentioned above.
4. Create the following symbolic links
Change to the following folder: /usr/pbi/squid-amd64/

ln -s /usr/pbi/squid-amd64/local/etc .
ln -s /usr/pbi/squid-amd64/local/lib .
ln -s /usr/pbi/squid-amd64/local/libexec .
ln -s /usr/pbi/squid-amd64/local/share .
ln -s /usr/pbi/squid-amd64/bin sbin

This creates the shortcuts listed above.

5. Copy the files in step 2 back to where they belong.

You might be able to just restart the service but I restarted pfsense entirely just to make sure.

JStyleG7X

@uncltom:

Okay here is how I did it.

1. Install Squid 3.4 from the packages menu.
2. Backup the following files: (this keeps C-ICAP working)
/usr/pbi/squid-amd64/local/etc/clamd.conf.pfsense
/usr/pbi/squid-amd64/local/etc/freshclam.conf.pfsense
/usr/pbi/squid-amd64/local/etc/c-icap/c-icap.conf.pfsense
/usr/pbi/squid-amd64/local/etc/c-icap/c-icap.magic.pfsense
/usr/pbi/squid-amd64/local/etc/c-icap/squidclamav.conf.pfsense

I did cp clamd.conf.pfsense ~/ for each file which copied the pfsense files to my root folder.

3. Download the 3.5.3 package file and install it as mentioned above.
4. Create the following symbolic links
Change to the following folder: /usr/pbi/squid-amd64/

ln -s /usr/pbi/squid-amd64/local/etc .
ln -s /usr/pbi/squid-amd64/local/lib .
ln -s /usr/pbi/squid-amd64/local/libexec .
ln -s /usr/pbi/squid-amd64/local/share .
ln -s /usr/pbi/squid-amd64/bin sbin

This creates the shortcuts listed above.

You might be able to just restart the service but I restarted pfsense entirely just to make sure.

Hey just wanted to say thanks again for the ICAP fix, that really helped me out.  I can confirm this is tested and working with 2.2.6-RELEASE (amd64).  Besides the fact that wildcard certs are now working correctly it's also nice to see the green padlock in chrome now.  :)

In addition to your post I actually came across another set of instructions I thought I'd share for anyone running an x86 platform (hopefully not too many).

Source: http://hubpages.com/technology/Intercepting-HTTPS-Traffic-Using-the-Squid-Proxy-in-pfSense

Upgrading to Squid 3.5.3

The upgrade instructions are slightly different depending on whether you are running the 32-bit or 64-bit version of pfSense.

To determine which version you have open the pfSense dashboard and check the version section of the system information dashboard widget. If you see AMD64 then follow the 64-bit instructions. If you see i386, then use the 32-bit instructions.

The commands can be run through an SSH terminal, or the web based terminal (Diagnostics \ Command Prompt)

64-Bit (AMD64) Instructions

Download the PBI by running the command: fetch https://files.pfsense.org/packages/10/All/squid-3.5.3-amd64.pbi

Install the package by running: pbi_add –no-checksig -f squid-3.5.3-amd64.pbi

Run the commands below to create the correct directory structure

cd /usr/pbi/squid-amd64/
rm -rf /usr/pbi/squid-amd64/etc
ln -s /usr/pbi/squid-amd64/local/etc .
ln -s /usr/pbi/squid-amd64/local/lib .
ln -s /usr/pbi/squid-amd64/local/libexec .
ln -s /usr/pbi/squid-amd64/local/share .
ln -s /usr/pbi/squid-amd64/bin sbin

Reboot pfSense after running the above commands (Diagnostics \ Reboot).

32-Bit (i386) Instructions

Download the PBI by running the command: fetch https://files.pfsense.org/packages/10/All/squid-3.5.3-i386.pbi

Install the package by running: pbi_add –no-checksig -f squid-3.5.3-i386.pbi

Run the commands below to create the correct directory structure

cd /usr/pbi/squid-i386/
rm -rf /usr/pbi/squid-i386/etc
ln -s /usr/pbi/squid-i386/local/etc .
ln -s /usr/pbi/squid-i386/local/lib .
ln -s /usr/pbi/squid-i386/local/libexec .
ln -s /usr/pbi/squid-i386/local/share .
ln -s /usr/pbi/squid-i386/bin sbin

Reboot pfSense after running the above commands (Diagnostics \ Reboot).
Verifying the Installation of Squid 3.5.3

After rebooting pfSense start a new SSH session (or use the web terminal) to verify the updated package was correctly installed.

When you run the command below you should see version 3.5.3 listed in the output.

/usr/local/sbin/squid -v

agixdota

hey thx for info  ;D

andikovaci

I try bat have an isue!

pbi_add –no-checksig -f squid-3.5.3-amd64.pbi
pbi_add: Command not found.

jimp

@andikovaci:

I try bat have an isue!

pbi_add –no-checksig -f squid-3.5.3-amd64.pbi
pbi_add: Command not found.

pfSense 2.3 does not use PBIs, the information in this thread is for 2.2.x and perhaps 2.1.x. Your issue, whatever it may be, is unlikely to be related to this thread. Start a new thread stating your problem in detail and someone can attempt to help from there.