Install older version of Packages
-
@SteveITS Thanks for the reply.
I am currently running 23.05.1-RELEASE on both environments and have Snort, Tailscale and Wireguard.
Everything is working very well and I am pleased with pfSense. We are new to using it.
I don't really want to rollback the devices to an earlier version.
I guess I will keep working through the issues and hope they get addressed.
-
Yes, there is no way to install an older pfSense package, it would not match the running version.
For some things you might be able to compile a FreeBSD pkg yourself and install but Squid is not one those things! It's huge and complex, I'd expect endless issues.
What problem are you seeing?
Steve
-
Hi @stephenw10,
I had problem with the the Squid ERROR moessages and figured out how to copy the files from the templates folder when SSHed into the box.
This was before I found that someone else had the same problem in this post:
https://forum.netgate.com/topic/180262/23-05-squid-error-loading-file-9-usr-local-etc-squid-errors-en-err_zero_size_object-2-no-such-file-or-directory/8When that is fixed there is also a warning about DNS_v4_first regardless of the "Resolve DNS IPv4 First" setting being turned off on the main Squid config page.
ERROR: Directive 'dns_v4_first' is obsolete.These seem to be minor things.
The bigger problem I see is that the "Transparent HTTP Proxy" setting does not work. I had to point my windows client to the pfSense on that (same LAN subnet) to get it to work at all.
But the real problems are that I have ClamAV configured and I had "HTTPS/SSL Interception" set with a self signed Cert created with the Certificate Manager and put that in the Trusted Root CA of my Windows Test PC.
I had the ClamAV working when I tested with an EICAR file two weeks ago.
It shows in the logs.
But that is not working now and I keep seeing erratic behaviour.
In that thread I put a link to above, Pete-wright wrote "i have a system running 23.01 with the older squid pkg and it is working fine, but an identical config on a 23.05 system and squid is pretty much non-functional. it's pretty frustrating to be honest."
My installs (PC and Netgate 6100 MAX) are doing the same thing. They are new setups. The PC I started at the opensource version before getting a token and moving to the Netgate 23.01 stream and updated to 23.05 then on Friday 23.05.1.
The reason I had asked about older versions is I am thinking others who are updating their firewall and Squid, already had an older version of Squid working and they are doing upgrades and it is working.
But on a fresh install of pfSense and then Squid 0.4.46, something is not working correctly.
I am having odd behaviour and non-repeatable results.
If these other things like the ERROR message templates and the DNS setting are not working, I am wondering if there are other things wrong causing new installs to not work and masked by users doing upgrades.
I have tried to work through this slowly.
- Not worry about ClamAV just get Squid working, by turning ClamAV off
- Not worry about HTTPS just get HTTP working (Althought there are not many HTTP sites left out there to test with)
My interest is to be able to blacklist and whitelist sites, not really in the caching of content and then if we can do AV at our network border in addition to on our computers.
I am open to any suggestions or help to step through this piecemeal to try to determine where there might be a problem if it is not something in my settings.
I just remember there is a setting:
"Keep Settings/Data" which I unchecked, then removed the Squid Package, rebooted, reinstalled Squid Package and my settings were all there.I figured out how to deleted when SSH-ed in after uninstalling the package. On a reinstall of the Squid Package, my settings were then wiped as I wanted.
So that setting does not seem to work correctly either.
-
Also, this link from Netgate is what I followed to wipe the Squid settings:
https://docs.netgate.com/pfsense/en/latest/troubleshooting/squid.html
-
Hmm, OK, these were both fresh installs? I have test boxes here running Squid/Squidguard but I think they were all upgraded. It sounds like something was lost from the pkg...
-
@stephenw10 Yes fresh installs. Had not used pfSense before as an admin. I setup the PC which you helped me with the Activation Token after adding two dual network cards to previously. I was using the PC as a development environment while we were determining what Netgate model to buy.
So the PC came first and I have been using it to test things before doing them on the NEtgate 6100 MAX which was just delivered a week or two ago.
Both were at Release 23.05 before ever installing Squid for the first time. So the Squid install was new, not an upgrade.
-
Mmm, OK I see the language issues here. Digging...
-
@stephenw10 To reproduce the DNS log ERROR, I think if you have Squid Enabled, and the "Resolve DNS IPv4 First" unchecked on the main settings page.
Then on the AntiVirus tab, disable the Antivirus and Save.
I think that will trip the Error message in the Log.
It just did it for me.
RE-enabling the AV and saving does it too.
-
@stephenw10 HAve you had time to dig into this Squid issue any further?
Thanks.
-
Not yet. There is already a bug report open for the missing languages issue: https://redmine.pfsense.org/issues/14406
-
@stephenw10 Yes I saw that from the other tread. And you can just copy the files and get the ERROR messages to go away. I am more concerned that there is a potential bigger problem.
-
Yes, I understand. We need to know what caused that though, there's a good chance these things have the same root cause.
-
@stephenw10 OK, Thanks.
-
@Pete-wright and @JonathanLee you might want to follow this thread relative to your Squid conversation.
-
My Squid and Squidguard packages are working great as of now. Again I am running patches that are now part of this new version as well as the adapted error files.
Does any of this occur?
https://redmine.pfsense.org/issues/13984These patches on that Redime are now part of the new Squid and Squidguard versions. I am running SSL intercept and transparent at the same time and utilize custom options. Thank you Marcos for fixing all of those issues for us.
What are your error logs showing?
-
@JonathanLee In general, Squid and ClamAV are not working. I fixed those ERROR Templates just as you did, I had not ready your thread. I was also seeing the DNS first error even thought it is unchecked.
I am not running Squidguard which is a difference from your setup.
And these are clean installs. I did not have an earlier version of Squid installed.
I went from pfSense CE 2.7.0 to pfSense 23.01 then 23.05 on a PC and on a Netgate 6100 MAX from pfSense+ 223.01 to 23.05.
Squid 0.4.46 was a clean/new install.
Those patches should be incorpated as you mentioned since I only recently installed.
stephenw10 is looking into it.
-
@ericreiss I have seen the DNS first error for many years. It's a warning. IPv4 first is outdated or something. They just want you to have IPv6 now. Don't stress that one.
-
@JonathanLee Thanks Jonathan.
Sorry I did not repond sooner, I had short notice Thursday evening to drive down to our office (1.5 hour one way drive) for Friday to test our newly installed 100G symmetric Fiber installation and in stall the Netgate pfSense 6100 MAX.
The 6100 MAX worked like a champ. I had a little issue with a WIFI router I loaned them with DD-WRT firmware as I am trying to convince my boss about the benefits of using it of Lionksys' firmware.
When I returned home and checked it that night, I was able to Tailscale VPN and Wireguard VPN in to manage it.
Love the pfSense.
Then I had a busy weekend personal stuff.
Regarding the DNS v4 first issue, I liked Stephenw10's reply about the Template and DNS v4 first having possible root cause problems causing the other problems I was having.
Looking forward to seeing it working reliably be the other packages and pfSense have been great.
Thanks.
~Eric
-
-