Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid proxy not caching, and issue with https

    Scheduled Pinned Locked Moved
    Cache/Proxy
    2
    3
    532
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      keeely
      last edited by

      I'm quite new to pfSense but noticed a few issues with the Squid package.

      1. Importing CA I don't get any option to select it as a certificate in the squid cfg. It's accepted into the list of certificates on the device without error, and showing the right CN, but in the drop-down for 'CA' under man-in-the-middle filtering it's just not there. Any suggestions?

      PS: I did specify it to be a CA in openssl.cfg:

      [ v3_ca ]
basicConstraints = critical,CA:TRUE
keyUsage = critical,keyCertSign,cRLSign

      I don't think there's anything wrong with the cert, because I've used it with other http proxies. When I generate a CA there's an option to select that and everything looks fine.

      1. Port 3128 on the LAN IF appears open. I didn't add an explicit rule for it but can telnet to it fine. I setup the http_proxy env variable on my client and tried a wget. wget reported it was using the proxy, but there doesn't appear to be any caching going on. In the access table it reports TCP_MISS/200. Cache miss? The download speed is consistent with my internet connection. No speed up from repetitive wget operations. For info, the file I was attempting to get via http was:
        http://www.mirrorservice.org/sites/ftp.slackware.com/pub/slackware/slackware64-15.0/slackware64/kde/calligra-3.2.1-x86_64-15.txz

      I don't have a huge cache (1000MB) because I'm just experimenting, could that be too small? I did try clearing the cache before the operation.

      1. Port 3129 is not open on the LAN IF. Am I supposed to add a rule for it, or is that automatic? I've seen tutorials where people are adding rules, and ones where they are not. I'm guessing this is supposed to be dealt with by the package, since I didn't have to explicitly open 3128, but thought I should ask!

      Appreciate any help, and thanks for reading.

      K JonathanLeeJ 2 Replies Last reply Reply Quote 0
      • K
        keeely @keeely
        last edited by

        I tried to uninstall, and re-install squid, unchecking the box for 'keep settings/data' and it appears to ignore that setting. In other words, my attempt to go back to the original state prior to install has failed, and it seems that would require a complete reinstall of pfSense.

        1 Reply Last reply Reply Quote 0
        • JonathanLeeJ
          JonathanLee @keeely
          last edited by JonathanLee

          @keeely miss 200 is ok. It means that that has not been cached yet and now is. It's a miss. It's working as expected. I love Squid I have used it for years. Not many users attempt to configure it as it's a bit more advanced. Great Job. Not everything will show hit. Try a news website a couple times eventually it will show some hits for images scripts etc. Because I like this package so much I will no longer update PfSense because they state squid will be removed soon. You have to also make access control lists for port 3128.

          Make sure to upvote

          1 Reply Last reply Reply Quote 0
          • First post
            Last post