PfSense 2.5 not squid start



  • Good afternoon, someone who could help me, I'm testing version 2.5 of pfsense and in the squid part, I have two problems:
    one.-
    Jul 23, 2019 5:36:32 AM America / Mexico_City] PHP Warning: chown (): No such file or directory in /usr/local/pkg/squid.inc on line 104
    [Jul 23, 2019 5:36:32 AM America / Mexico_City] PHP Warning: chgrp (): No such file or directory in /usr/local/pkg/squid.inc on line 105
    [Jul 23, 2019 5:36:32 AM America / Mexico_City] PHP Warning: opendir (/ var / squid / lib / ssl_db): failed to open dir: No such file or directory in / usr / local / pkg / squid. inc on line 106
    two.-
    This only appears when I enable ssl / filtering, but if I disable it, you cannot filter https pages.

    When pacerecer is an error in the code, how could I solve it or how to report it for follow-up.



  • This is my case. I found that the main problem is libcrypto.so.8 no found.
    Here the mentioned solution in:
    https://www.vuydak.com/threads/pfsense-2-5-squid-https-transparent-sorunu.123/
    After translate, we need either do that:
    Bash:
    cp /usr/local/lib/libcrypto.so.9 /usr/local/lib/libcrypto.so.8

    cp /usr/local/libexec/squid/security_file_certgen /usr/local/libexec/squid/ssl_crtd

    or:

    Bash:
    ln /usr/local/lib/libcrypto.so.9 /usr/local/lib/libcrypto.so.8

    ln /usr/local/libexec/squid/security_file_certgen /usr/local/libexec/squid/ssl_crtd

    However, In my case, I can´t found libcrypto.so.8
    If anyone can help us with, We will be grateful !



  • As I told you, try the solution proposed in:
    https://forum.netgate.com/topic/121316/answered-solved-libssl-so-8-not-found-i-can-t-update-from-2-34p1
    but nevertheless it did not work, and try another possible one, if it were for the lack of the file as it was commented, so install freeBSD in a virtual machine, install the squid and openssl, and I could copy the missing file.
    However it didn't work out, any ideas?



  • If I test the configuration with
    squid -k parse I get this error:
     ERROR: Directive 'sslproxy_capath' is obsolete.
    2019/07/30 14: 48: 58 | sslproxy_capath: Remove this line. Use tls_outgoing_options capath = instead.
    2019/07/30 14: 48: 58 | Processing: sslproxy_options NO_SSLv2, NO_SSLv3, SINGLE_DH_USE, SINGLE_ECDH_USE
    2019/07/30 14: 48: 58 | ERROR: Directive 'sslproxy_options' is obsolete.
    2019/07/30 14: 48: 58 | sslproxy_options: Remove this line. Use tls_outgoing_options options = instead.
    2019/07/30 14: 48: 58 | BUG: Unknown TLS option NO_SSLv2
    2019/07/30 14: 48: 58 | ERROR: Unknown TLS option SINGLE_DH_USE
    2019/07/30 14: 48: 58 | ERROR: Unknown TLS option SINGLE_ECDH_USE
    2019/07/30 14: 48: 58 | Processing: sslproxy_cipher EECDH + ECDSA + AESGCM: EECDH + aRSA + AESGCM: EECDH + ECDSA + SHA384: EECDH + ECDSA + SHA256: EECDH + aRSA + SHA384: EECDH + aRSA + SHA256: EECDH + aRSA + aRSA + aRSA + aRSA + aRSA + aRSA + aRSA + aRSA + aRSA + aRSA + aRSA + aRSA + aRSA + aRSA + aRSA + aRSA + EECRH + aRSA + EECR : HIGH:! RC4:! ANULL:! ENULL:! LOW:! 3DES:! MD5:! EXP:! PSK:! SRP:! DSS
    2019/07/30 14: 48: 58 | ERROR: Directive 'sslproxy_cipher' is obsolete.
    2019/07/30 14: 48: 58 | sslproxy_cipher: Remove this line. Use tls_outgoing_options cipher = instead.

    Someone who has already configured these three parameters that could indicate that it is going



  • Whenever enable SSL filtering in squid. Squid/squid guard service stops and doesn't start again in pfsense 2.5 (Development). Please suggest an easy solution to fix it.

    Regards.

    Re: PfSense 2.5 not squid start


  • LAYER 8 Moderator

    Why open a new thread just to point to an already existing topic? Makes no sense without adding any details to the case.



  • Any news went the squid MITM issue will be fix, the problem in my case 12/06/2019 is this:

    FATAL: The /usr/local/libexec/squid/ssl_crtd -s /var/squid/lib/ssl_db -M 4MB -b 2048 helpers are crashing too rapidly, need help!
    

    No checking the log I found that this folder or file doesn't exist in the system:

    /var/squid/lib/ssl_db
    

    And finally, this program won't exist either:

    /usr/local/libexec/squid/ssl_crtd
    
    find / -name ssl_crtd -print ==> nothing found.
    

    This it must be something related to compilation options.

    Well hope the maintainer(s) soon could fix this issue, thanks for your great help guys!!!



  • Hi all! Finally I could find a solution to this problem. I do not recommend using it in production at all and surely there is a better way to fix this.
    1- Download attached files.
    2 - Download WinSCP and connect to pfSense by ssh.
    3 - Copy libcrypto.so.8 to /usr/lib
    4 - Copy libssl.so.8 to /usr/lib
    5 - Copy ssl_crtd to /usr/local/libexec/squid/
    5 - Copy squid.inc in /usr/local/pkg
    5 - Reboot pfSense

    For those interested, the error was due to a change in squid 4 in the ssl_crtd executable that was replaced by security_file_certgen, which is the file I am sharing with the name changed to ssl_crtd, this should really be solved by modifying in depth squid.inc. libcrypto.so.8 and libssl.so.8 are libraries needed to run security_file_certgen. If someone wants to read more I leave a couple of links.

    https://www.systutorials.com/docs/linux/man/8-ssl_crtd/
    https://www.mankier.com/8/security_file_certgen

    FILES: https://1drv.ms/u/s!AmdqTK4gIf5X7QJ3FZMXer-Rm-CV?e=VccoI5

    NOTE: I got the libcrypto.so.8 and lib.ssl.so.8 files from pfsense 2.4, squid.inc was modified by me (line 1143)
    tested in 0.4.44_9.

    greetings to all from Argentina.

    Jorge Alejandro Cazón.



  • This post is deleted!


  • This post is deleted!

Log in to reply