Slow https connections with Squid

hsmann

Hello to everybody in this forum !

We are using pfsense 1.2 with squid  2.6.21_11 and squidguard 1.2.0_1-2.

Https-Connections (eg. online-banking) via squid-proxy are very slow, sometimes timeouts occur.
We are not using the transparent option, no "sticky connections", no load balancing.

Without proxy (direct connection via router) https works fast.

We testet with Firefox and IE6/7. Both were slow with proxy.
Our users reported this problem 3 days ago, before it worked over a year without any problem and without any changes in the configuration.

I searched the web and the forum but couldn't find anything helpful.

Any ideas? Should I upgrade to 1.2.2 ?

Thx in advance

danswartz

I would go straight to 1.2.3.  RC3 has a ton of bugfixes and has been very stable (I am running it in production.)

hsmann

Any other suggestions?

grage95

try it :

/boot/loader.conf

kern.ipc.maxsockbufs="2097152"
kern.ipc.msgmnb="8192"
kern.ipc.msgssz="64"
kern.ipc.msgtql="2048"
kern.ipc.shmseg="16"
kern.ipc.somaxconn="32768"
kern.ipc.nmbclusters="131072"
kern.ipc.maxsockets="65536"

kern.maxfiles="262144"
kern.maxfilesperproc="65536"
net.inet.tcp.tcbhashsize="4096"

/etc/sysctl.conf

net.inet.ip.fastforwarding=1
net.inet.ip.portrange.last=65535
net.inet.ip.portrange.first=1024
net.inet.icmp.icmplim=0
net.inet.icmp.icmplim_output=0
net.inet.tcp.msl=3000
net.inet.tcp.hostcache.expire=1
net.inet.tcp.inflight.enable=0
net.inet.tcp.sendspace=65535
net.inet.tcp.recvspace=65535
kern.ipc.maxsockbufs=2097152
kern.ipc.maxsockets=65536
kern.ipc.somaxconn=32768
kern.ipc.nmbclusters=131072
kern.maxfiles=262144
kern.maxfilesperproc=65536
net.inet.tcp.delayed_ack=0
net.inet.udp.recvspace=65535
net.inet.udp.maxdgram=57344
net.local.stream.recvspace=65535
net.local.stream.sendspace=65535
kern.dirdelay=6
kern.metadelay=5
kern.filedelay=7

reboot server

_igor_

Be careful!!!!!!

the first file is /boot/loader.conf, the second file is NOT /etc/loader.conf, should be /etc/sysctl.conf!

hsmann

Thank you very much for your help.

Meanwhile I tried 1.2.3 RC3 and it works fine (up to now)!
I updated the squid/squidguard packages too.

In the past, every two weeks or so squid was hanging and had to be restarted,
so now I hope that this problem will be solved too.

grage95

@_igor_:

Be careful!!!!!!

the first file is /boot/loader.conf, the second file is NOT /etc/loader.conf, should be /etc/sysctl.conf!

yes correct,

sorry wrong typo