Squid 6.5 !! Nov 6th
-
I am once again lost in the awesome mountain of power that is big tech. To have such tools ripped away under the context of vulnerabilities, is counterintuitive to end user based cybersecurity.
-
Hello,
For anyone interested, I compiled the Squid update for version 6.5 (pfSense 2.7.1) as per the release of the Squid project and made it available here:
https://pkg.pf2ad.com/pfsense/2.7.1/amd64/All/squid-6.5.pkg
How am I going to maintain the pf2ad project (https://pf2ad.com) and for customers who use it want to continue. I will maintain the update and repository for Squid and Squidguard (updating any version/changes).
In the installation script I have already prepared the check and update for the latest version of Squid.
Regards,
Luiz Costa
-
@lg1980 I am so happy bro!!! This is amazing. Epic, epicness. Take that spyware!!!! Booyeahhhhh
Thank you
-
Luiz,
I just got home last night from the holiday to see this..
I can't thank you enough!
i am in no way shape or form a firewall/security guru, however in my limited experience i absolute think pfsense is beyond incredible, and it's the independent devs such as bbcan (pfblockerng) and yourself that make this firewall so much better than the be companies ever could..
i'd rather donate to devs such as yourself and bbcan and anyone else who takes time out to contribute because they're devoted to the cause and love their craft than the folks at the big companies who sub-out the work to some sweat-shop halfway full of crappy programmers halfway around the globe all in the name of saving money..
Thanks again!
-
One question?
again, i'm a novice so..how do we install the version of squid you compiled? i don't have any AD integration for my setup, so i'm only looking to update my installation to the latest.
Also, what is the order of updating/installation between squid and pfsense? i'm currently on pfsense 2.7CE. do i update squid to 6.5 first and then pfsense to 2.7.1?
Thanks!!
-
@jc1976 said in Squid 6.5 !! Nov 6th:
One question?
again, i'm a novice so..how do we install the version of squid you compiled? i don't have any AD integration for my setup, so i'm only looking to update my installation to the latest.
Also, what is the order of updating/installation between squid and pfsense? i'm currently on pfsense 2.7CE. do i update squid to 6.5 first and then pfsense to 2.7.1?
Thanks!!
I made a little snippet to automate this:
https://gitlab.labexposed.com/-/snippets/14
1 - Update all pfsense and all packages, including squid
2 - Just run the command: "fetch -q -o - https://gitlab.labexposed.com/-/snippets/14/raw/main/update-squid.sh | sh"Basically it will add the pf2ad repository and update squid, using this repository
I hope it helps !
Welcome !
Luiz Costa
-
i copied and pasted the command you gave me after ssh'ing
"fetch -q -o - https://gitlab.labexposed.com/-/snippets/14/raw/main/update-squid.sh | sh"
(without quotes) into my pfsense box as root and it gave me the following error:
ld-elf.so.1: Shared object "libssl.so.30" not found, required by "pkg"
ld-elf.so.1: Shared object "libssl.so.30" not found, required by "pkg"the packages i have installed are as follows:
i'm still on 2.7.0 (stable).
Thanks!!
-
@jc1976
Try this I had the same issuehttps://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html#upgrade-not-offered-library-errors
-
cool, thanks! i'll try it when i get home.
should i bother uninstalling the old squid first?
what will it take to get this package put into the regular package manager? Luiz makes this look pretty effortless, why are the devs fighting the update?
-
@jc1976 I don't know. I still have that lib error when I check for updates but I can check package updates now on commnd line. This command fixed my package issues.
pkg-static install -f -y pkg -
what about for a fresh install? meaning, the whole firewall was reinstalled and now on version 2.7.1 stable and i want to do a fresh install of squid. run the same command to install the package Luiz created?
thanks!
-
@jc1976 I have PfSense plus, if I did a reinstall it would lose Snort. That does not work in version 23.09 for my arm processor. With the updates I am locked out of the GUI. I opened a TAC support to get 23.05.01 firmware, but I realized it wouldn't fix the Snort package that has the core dump issues... Now it's like my Airport extreme it no longer gets updates. But the 23.05.01 version is perfect everything works. I love this version.
-
i had to do a fresh install of pfsense at work so we're on 2.7.1ce.
i take it that the squid installer first listed by Luiz is just an update? i ran the command that he had given us but nothing happened.
i'm a bit confused; if we can't install squid from the package manager because it's incompatible with 2.7.1 then how do we update it with the script?
-
@jc1976 said in Squid 6.5 !! Nov 6th:
i'm still on 2.7.0 (stable).
It's because of that. The binary I compiled is for version 2.7.1(already with the new OpenSSL version)
You have to update your pfsense first
thanks
-
@jc1976 said in Squid 6.5 !! Nov 6th:
what about for a fresh install? meaning, the whole firewall was reinstalled and now on version 2.7.1 stable and i want to do a fresh install of squid. run the same command to install the package Luiz created?
thanks!
Yes ! If you are running version 2.7.1 of pfsense and already have Squid installed, just run the command I sent to update the Squid package.
-
@JonathanLee said in Squid 6.5 !! Nov 6th:
@jc1976 I have PfSense plus, if I did a reinstall it would lose Snort. That does not work in version 23.09 for my arm processor. With the updates I am locked out of the GUI. I opened a TAC support to get 23.05.01 firmware, but I realized it wouldn't fix the Snort package that has the core dump issues... Now it's like my Airport extreme it no longer gets updates. But the 23.05.01 version is perfect everything works. I love this version.
In the plus version I have no idea how this is going.
-
@jc1976 said in Squid 6.5 !! Nov 6th:
i had to do a fresh install of pfsense at work so we're on 2.7.1ce.
i take it that the squid installer first listed by Luiz is just an update? i ran the command that he had given us but nothing happened.
i'm a bit confused; if we can't install squid from the package manager because it's incompatible with 2.7.1 then how do we update it with the script?
Did you normally install Squid? it natively, in the pfsense repository it will be in version 6.3
The script I made updates the package to version 6.5 (the latest available). you will do this last.
I will calmly prepare a repository with all the packages in the Squid family (Squid, Squidguard, Lightsquid...), they are the ones that should lose native support in the next version.
From this point on, we will have to install Squid from scratch in this new repository (with dependencies, etc.)
Thx
Luiz Costa
-
FYI: Squid will be removed in the next major version:
Netgate now considers the add-on package for Squid, and the related add-on packages for Lightsquid and SquidGuard, to be 'deprecated.' We have determined that while these add-on packages will work in version 23.09 of pfSense Plus software and version 2.7.1 of pfSense CE software, the next major release of each product will no longer support their use, and they will be removed from the list of available add-on packages.
Souce: https://www.netgate.com/blog/deprecation-of-squid-add-on-package-for-pfsense-software
-
Yes we know that. That is why many users can't upgrade anymore, and won't upgrade.
I purchased a Netgate SG 2100 MAX with Proxy and Snort support, as it was advertised as such. Not a firewall that cuts out core features, and expects to function the same way after I spent years configuring it.
It works, I don't need to be told it doesn't.
Finding a solution in the open source community is what the forum is all about.When I actually purchased the official Netgate firewall it was actually advertised as a system that has web caching proxy and IPS/IDS. That's why I got it over a Cisco because I could learn about use of Squid.
I am sorry for a rash reaction to this, I am just frustrated.
-
after installing pfsense 2.7.1 at work, i have NOT installed squid because i misread the whole 'squid is being deprecated' bit as saying it wouldn't work with 2.7.1. if it'll work then i'll install it. sorry for the confusion. I have to be careful with what i do as our entire company was ransomed and while we bring the company back online, my little pfsense firewall is what is currently keeping this place afloat. :)
so you're saying to go ahead with the squid install from the package manager and from there run your script. ok! i'll give it a shot.
I will keep you posted as to how it all worked out.
Thank you again for all your contributions
