PfSense 2.5 not squid start
Good afternoon, someone who could help me, I'm testing version 2.5 of pfsense and in the squid part, I have two problems:
Jul 23, 2019 5:36:32 AM America / Mexico_City] PHP Warning: chown (): No such file or directory in /usr/local/pkg/squid.inc on line 104
[Jul 23, 2019 5:36:32 AM America / Mexico_City] PHP Warning: chgrp (): No such file or directory in /usr/local/pkg/squid.inc on line 105
[Jul 23, 2019 5:36:32 AM America / Mexico_City] PHP Warning: opendir (/ var / squid / lib / ssl_db): failed to open dir: No such file or directory in / usr / local / pkg / squid. inc on line 106
This only appears when I enable ssl / filtering, but if I disable it, you cannot filter https pages.
When pacerecer is an error in the code, how could I solve it or how to report it for follow-up.
This is my case. I found that the main problem is libcrypto.so.8 no found.
Here the mentioned solution in:
After translate, we need either do that:
cp /usr/local/lib/libcrypto.so.9 /usr/local/lib/libcrypto.so.8
cp /usr/local/libexec/squid/security_file_certgen /usr/local/libexec/squid/ssl_crtd
ln /usr/local/lib/libcrypto.so.9 /usr/local/lib/libcrypto.so.8
ln /usr/local/libexec/squid/security_file_certgen /usr/local/libexec/squid/ssl_crtd
However, In my case, I can´t found libcrypto.so.8
If anyone can help us with, We will be grateful !
As I told you, try the solution proposed in:
but nevertheless it did not work, and try another possible one, if it were for the lack of the file as it was commented, so install freeBSD in a virtual machine, install the squid and openssl, and I could copy the missing file.
However it didn't work out, any ideas?
If I test the configuration with
squid -k parse I get this error:
ERROR: Directive 'sslproxy_capath' is obsolete.
2019/07/30 14: 48: 58 | sslproxy_capath: Remove this line. Use tls_outgoing_options capath = instead.
2019/07/30 14: 48: 58 | Processing: sslproxy_options NO_SSLv2, NO_SSLv3, SINGLE_DH_USE, SINGLE_ECDH_USE
2019/07/30 14: 48: 58 | ERROR: Directive 'sslproxy_options' is obsolete.
2019/07/30 14: 48: 58 | sslproxy_options: Remove this line. Use tls_outgoing_options options = instead.
2019/07/30 14: 48: 58 | BUG: Unknown TLS option NO_SSLv2
2019/07/30 14: 48: 58 | ERROR: Unknown TLS option SINGLE_DH_USE
2019/07/30 14: 48: 58 | ERROR: Unknown TLS option SINGLE_ECDH_USE
2019/07/30 14: 48: 58 | Processing: sslproxy_cipher EECDH + ECDSA + AESGCM: EECDH + aRSA + AESGCM: EECDH + ECDSA + SHA384: EECDH + ECDSA + SHA256: EECDH + aRSA + SHA384: EECDH + aRSA + SHA256: EECDH + aRSA + aRSA + aRSA + aRSA + aRSA + aRSA + aRSA + aRSA + aRSA + aRSA + aRSA + aRSA + aRSA + aRSA + aRSA + aRSA + EECRH + aRSA + EECR : HIGH:! RC4:! ANULL:! ENULL:! LOW:! 3DES:! MD5:! EXP:! PSK:! SRP:! DSS
2019/07/30 14: 48: 58 | ERROR: Directive 'sslproxy_cipher' is obsolete.
2019/07/30 14: 48: 58 | sslproxy_cipher: Remove this line. Use tls_outgoing_options cipher = instead.
Someone who has already configured these three parameters that could indicate that it is going
Whenever enable SSL filtering in squid. Squid/squid guard service stops and doesn't start again in pfsense 2.5 (Development). Please suggest an easy solution to fix it.
Why open a new thread just to point to an already existing topic? Makes no sense without adding any details to the case.
periko last edited by periko
Any news went the squid MITM issue will be fix, the problem in my case 12/06/2019 is this:
FATAL: The /usr/local/libexec/squid/ssl_crtd -s /var/squid/lib/ssl_db -M 4MB -b 2048 helpers are crashing too rapidly, need help!
No checking the log I found that this folder or file doesn't exist in the system:
And finally, this program won't exist either:
find / -name ssl_crtd -print ==> nothing found.
This it must be something related to compilation options.
Well hope the maintainer(s) soon could fix this issue, thanks for your great help guys!!!
Hi all! Finally I could find a solution to this problem. I do not recommend using it in production at all and surely there is a better way to fix this.
1- Download attached files.
2 - Download WinSCP and connect to pfSense by ssh.
3 - Copy libcrypto.so.8 to /usr/lib
4 - Copy libssl.so.8 to /usr/lib
5 - Copy ssl_crtd to /usr/local/libexec/squid/
5 - Copy squid.inc in /usr/local/pkg
5 - Reboot pfSense
For those interested, the error was due to a change in squid 4 in the ssl_crtd executable that was replaced by security_file_certgen, which is the file I am sharing with the name changed to ssl_crtd, this should really be solved by modifying in depth squid.inc. libcrypto.so.8 and libssl.so.8 are libraries needed to run security_file_certgen. If someone wants to read more I leave a couple of links.
NOTE: I got the libcrypto.so.8 and lib.ssl.so.8 files from pfsense 2.4, squid.inc was modified by me (line 1143)
tested in 0.4.44_9.
greetings to all from Argentina.
Jorge Alejandro Cazón.
This post is deleted!
This post is deleted!