Squid random disconnects random webpages
-
Perhaps not enough?
-
I have increeased besides I am currently using just 1 pc for testing purposes... and I still received error err_ssl_protocol_error, any ideas? :(
-
currently testing with just squid... squidguard is currently disabled, still getting SSL errors
-
@la6er said in Squid random disconnects random webpages:
err_ssl_protocol_error
Post the squid access.log details from the time that the error happens. You may need to increase the default level of logging via the debug_options directive.
-
this are the logs I received when a wp fails
1542122446.776 0 10.16.20.191 TAG_NONE/409 3938 CONNECT twitter.com:443 - HIER_NONE/- text/html
1542122446.946 11 10.16.20.191 TAG_NONE/200 0 CONNECT 104.244.42.65:443 - HIER_NONE/- -
1542122446.947 0 10.16.20.191 TAG_NONE/409 3938 CONNECT twitter.com:443 - HIER_NONE/- text/html
1542122446.960 9 10.16.20.191 TAG_NONE/200 0 CONNECT 104.244.42.65:443 - HIER_NONE/- - -
currently the main issue looks to be sites related to google, but sometimes if I wait just a few minutes without doing anything they work after I refresh
-
A 409 is a conflict. Strange. I don't have a definitive answer for you but start by Googling 'squid 409 conflict err_ssl_protocol_error'
-
I have, I disabled 2 different things on my browsers, and so far looks stable, but it means I have to do that on over a 1000 pcs
-
Does the problem occur when the proxy is running in explicit mode? I've always hated transparent mode for the issues it has always caused me. Explicit + WPAD has worked for me for years now.
-
I indeed have it configured using transparent mode, everytime I tried using WPAD it does not let me download the files on the browser so I asummed it is not working properly in that way
-
The wpad.dat and proxy.pac files must reside on an HTTP server, not HTTPS. They must have correct contents. Clients on your network must be able to resolve wpad.your.domain.
-
what if my computer does not have any domain? I have set the files on another pfsense solution with the following script
function FindProxyForURL(url,host)
{
return "PROXY 10.30.251.61:3128";
}they are located on usr/local/www/ but if I set autodetect proxy it does not work, if I set manually http://10.30.251.59/proxy.pac (which is the ip of my http pfsense) on my browser it does not work, however if i set manually the proxy conf on the browser it works perfectly, I have set a host override on my dns resolver, and I am also using static ips on my clients
-
WPAD relies on DNS having an entry for wpad on the default domain. I believe you can use a workgroup in place of a domain if you're using Windows clients. I haven't tried it but if you truly have no domain nor workgroup, you could still create an A record for wpad on your DNS and point it to pfSense LAN IP.
-
lets asume that is working properly.... my browser behavior will be... ask for the file, go to 10.30.251.59/proxy.pac and then overwrite it's own configuration with the proxy info I have set, correct? in this case 10.30.251.61:3128... in order to test if this is working I need to go to http://10.30.251.59/proxy.pac on my browser and a file should start downloading, correct? if that is the case I am not able to acomplish it, for some reason I am no able to download the file
-
Yes to all. What error do you get when you try to download the wpad file?
-
this is the error
-
I have static IPs on my clients...
is this script correct?
function FindProxyForURL(url,host)
{
return "PROXY 10.30.251.61:3128";
} -
Perhaps you should figure out why your web server at 10.30.251.59 isn't responding.
Yes, your wpad.dat is correct, but it will force the proxy even for local connections. I use:
function FindProxyForURL(url,host) { // If the requested website is hosted within the internal network, send direct. if (isPlainHostName(host) || shExpMatch(host, "*.local") || isInNet(dnsResolve(host), "10.0.0.0", "255.0.0.0") || isInNet(dnsResolve(host), "172.16.0.0", "255.240.0.0") || isInNet(dnsResolve(host), "192.168.0.0", "255.255.0.0") || isInNet(dnsResolve(host), "127.0.0.0", "255.255.255.0")) return "DIRECT"; // Else use the proxy return "PROXY 10.10.4.1:3128"; } -
Thanks for all your help, I created a second instance of the nginx using this guide https://nguvu.org/pfsense/pfSense-2.3-WPAD-PAC-proxy-configuration-guide/
Everything related to nagivations seems to be working perfectly fine now...
but I have another tiny issue, when using the proxy mi clients are not able to use nat rules set on the firewall... as soon as I stop the squid they work perfectly, any ideas about this?
-
Not off the top of my head with no detail about your config.
Try posting a new topic for that issue.
