PfSense 2.5 not squid start

calitzin

Good afternoon, someone who could help me, I'm testing version 2.5 of pfsense and in the squid part, I have two problems:
one.-
Jul 23, 2019 5:36:32 AM America / Mexico_City] PHP Warning: chown (): No such file or directory in /usr/local/pkg/squid.inc on line 104
[Jul 23, 2019 5:36:32 AM America / Mexico_City] PHP Warning: chgrp (): No such file or directory in /usr/local/pkg/squid.inc on line 105
[Jul 23, 2019 5:36:32 AM America / Mexico_City] PHP Warning: opendir (/ var / squid / lib / ssl_db): failed to open dir: No such file or directory in / usr / local / pkg / squid. inc on line 106
two.-
This only appears when I enable ssl / filtering, but if I disable it, you cannot filter https pages.

When pacerecer is an error in the code, how could I solve it or how to report it for follow-up.

agarcias52

This is my case. I found that the main problem is libcrypto.so.8 no found.
Here the mentioned solution in:
https://www.vuydak.com/threads/pfsense-2-5-squid-https-transparent-sorunu.123/
After translate, we need either do that:
Bash:
cp /usr/local/lib/libcrypto.so.9 /usr/local/lib/libcrypto.so.8

cp /usr/local/libexec/squid/security_file_certgen /usr/local/libexec/squid/ssl_crtd

or:

Bash:
ln /usr/local/lib/libcrypto.so.9 /usr/local/lib/libcrypto.so.8

ln /usr/local/libexec/squid/security_file_certgen /usr/local/libexec/squid/ssl_crtd

However, In my case, I can´t found libcrypto.so.8
If anyone can help us with, We will be grateful !

calitzin

As I told you, try the solution proposed in:
https://forum.netgate.com/topic/121316/answered-solved-libssl-so-8-not-found-i-can-t-update-from-2-34p1
but nevertheless it did not work, and try another possible one, if it were for the lack of the file as it was commented, so install freeBSD in a virtual machine, install the squid and openssl, and I could copy the missing file.
However it didn't work out, any ideas?

calitzin

If I test the configuration with
squid -k parse I get this error:
 ERROR: Directive 'sslproxy_capath' is obsolete.
2019/07/30 14: 48: 58 | sslproxy_capath: Remove this line. Use tls_outgoing_options capath = instead.
2019/07/30 14: 48: 58 | Processing: sslproxy_options NO_SSLv2, NO_SSLv3, SINGLE_DH_USE, SINGLE_ECDH_USE
2019/07/30 14: 48: 58 | ERROR: Directive 'sslproxy_options' is obsolete.
2019/07/30 14: 48: 58 | sslproxy_options: Remove this line. Use tls_outgoing_options options = instead.
2019/07/30 14: 48: 58 | BUG: Unknown TLS option NO_SSLv2
2019/07/30 14: 48: 58 | ERROR: Unknown TLS option SINGLE_DH_USE
2019/07/30 14: 48: 58 | ERROR: Unknown TLS option SINGLE_ECDH_USE
2019/07/30 14: 48: 58 | Processing: sslproxy_cipher EECDH + ECDSA + AESGCM: EECDH + aRSA + AESGCM: EECDH + ECDSA + SHA384: EECDH + ECDSA + SHA256: EECDH + aRSA + SHA384: EECDH + aRSA + SHA256: EECDH + aRSA + aRSA + aRSA + aRSA + aRSA + aRSA + aRSA + aRSA + aRSA + aRSA + aRSA + aRSA + aRSA + aRSA + aRSA + aRSA + EECRH + aRSA + EECR : HIGH:! RC4:! ANULL:! ENULL:! LOW:! 3DES:! MD5:! EXP:! PSK:! SRP:! DSS
2019/07/30 14: 48: 58 | ERROR: Directive 'sslproxy_cipher' is obsolete.
2019/07/30 14: 48: 58 | sslproxy_cipher: Remove this line. Use tls_outgoing_options cipher = instead.

Someone who has already configured these three parameters that could indicate that it is going

raho

Whenever enable SSL filtering in squid. Squid/squid guard service stops and doesn't start again in pfsense 2.5 (Development). Please suggest an easy solution to fix it.

Regards.

Re: PfSense 2.5 not squid start

JeGr

Why open a new thread just to point to an already existing topic? Makes no sense without adding any details to the case.

periko

Any news went the squid MITM issue will be fix, the problem in my case 12/06/2019 is this:

FATAL: The /usr/local/libexec/squid/ssl_crtd -s /var/squid/lib/ssl_db -M 4MB -b 2048 helpers are crashing too rapidly, need help!

No checking the log I found that this folder or file doesn't exist in the system:

/var/squid/lib/ssl_db

And finally, this program won't exist either:

/usr/local/libexec/squid/ssl_crtd

find / -name ssl_crtd -print ==> nothing found.

This it must be something related to compilation options.

Well hope the maintainer(s) soon could fix this issue, thanks for your great help guys!!!

jorge_ale23

Hi all! Finally I could find a solution to this problem. I do not recommend using it in production at all and surely there is a better way to fix this.
1- Download attached files.
2 - Download WinSCP and connect to pfSense by ssh.
3 - Copy libcrypto.so.8 to /usr/lib
4 - Copy libssl.so.8 to /usr/lib
5 - Copy ssl_crtd to /usr/local/libexec/squid/
5 - Copy squid.inc in /usr/local/pkg
5 - Reboot pfSense

For those interested, the error was due to a change in squid 4 in the ssl_crtd executable that was replaced by security_file_certgen, which is the file I am sharing with the name changed to ssl_crtd, this should really be solved by modifying in depth squid.inc. libcrypto.so.8 and libssl.so.8 are libraries needed to run security_file_certgen. If someone wants to read more I leave a couple of links.

https://www.systutorials.com/docs/linux/man/8-ssl_crtd/
https://www.mankier.com/8/security_file_certgen

FILES: https://1drv.ms/u/s!AmdqTK4gIf5X7QJ3FZMXer-Rm-CV?e=VccoI5

NOTE: I got the libcrypto.so.8 and lib.ssl.so.8 files from pfsense 2.4, squid.inc was modified by me (line 1143)
tested in 0.4.44_9.

greetings to all from Argentina.

Jorge Alejandro Cazón.

ENC

This post is deleted!

ENC

This post is deleted!