Squid causing isues connecting to secured sites



  • Hi
    I'm having issues with squid causing the following browser error randomly when visiting secured sites.
    I'm unsure on how to upload the configured settings of this package but if anybody could point me in the right direction that would be much appreciated.

    0_1529836931664_Error.JPG

    Kind Regards
    Dave



  • Has there been any update on this? I'm experiencing the same issue.



  • I had same problem
    I unchecked DNSSEC in DNS Resolver...result : better than befor and SSL_PROTOCOL a little show
    This problem for me more in google.com...github.com..( large site)



  • Ive had to switch squid off as I couldn't resolve the issue.
    Is it possible to pay support on an adhoc basis to help?

    Regards
    Dave



  • @m0n0wall You can do this step..maybe your problem solve:

    1. Unchecked DNSSEC in DNS Resolver
    2. In MITM use :
    • Splice all
    • Intermediate
    • Ssl certificate deamon children : 32
    • Just select Accept remote server certificate with error
    • In certificate Adapt unselect all


  • I made the changes suggested by reza3sw and things seem to be working with Squid. Been fighting with this a while and also disabled Squid until I saw this post. I was originally using the DNS Forwarder instead of Resolver but went ahead and switched over to DNS Resolver and disabled DNSSEC. So far so good. My Chromecast works again whereas it had stopped working before.



  • These changes are working perfectly. Now the only problem I have is an underpowered SG-3100 trying to lower a high volume network!



  • Curious CnSpf, how many devices are running in your network? We have about 100 IP clients using a Protecli box with a Celeron 2GHz (4 cores) with 4 GB RAM and and we don't have any issues.



  • If any of you are using squidguard with squid in a large user environment, you will likely have to modify the url_rewrite_children directive or you will encounter delays and other unwanted artifacts while using the web.

    http://www.squid-cache.org/Doc/config/url_rewrite_children/



  • It's for a small school. A few hundred students, not all online at once though. I'm going to test the rewrite in the morning and will post an update. The support on this forum is phenomenal!



  • Had a problem again with SquidGuard again today trying to hit amazon web services. aws.amazon.com. SSL error. Disabled Squid and was able to hit the site.

    Did a little research online and changed the following:

    Services-->Squid Proxy Server: General
    changed SSL Certificate Deamon Children to 100.

    Keep in mind, the research online I have done on this about Squid says it's highest value can be no more than 32. However, when I change it to 100 pfsense (Squid) never tells me that value is not valid. My guess is it could still be 32 even though it says 100. Not sure though.

    Also changed the following in Services-->Squid Proxy Server: General-->Show Advanced Options

    In Integrations I replaced:

    url_rewrite_children 16 startup=8 idle=4 concurrency=0 with
    url_rewrite_children 100 startup=10 idle=10 concurrency=0

    Guess it's just a wait and see game now.

    I will say this. I have my home home network VLANed for Guest Wireless and I implemented Squid a while back and had to turn it off cause the ole Fortnite wouldn't work for the kid's laptop. I turned Squid and Squidguard back on this morning before leaving with all the changes in this post, and whattda ya know, Fortnite worked when I tested it. So we're definitely on to something here.


Log in to reply