3. Slow https connections with Squid

Slow https connections with Squid

  • H

    Hello to everybody in this forum !

    We are using pfsense 1.2 with squid  2.6.21_11 and squidguard 1.2.0_1-2.

    Https-Connections (eg. online-banking) via squid-proxy are very slow, sometimes timeouts occur.
    We are not using the transparent option, no "sticky connections", no load balancing.

    Without proxy (direct connection via router) https works fast.

    We testet with Firefox and IE6/7. Both were slow with proxy.
    Our users reported this problem 3 days ago, before it worked over a year without any problem and without any changes in the configuration.

    I searched the web and the forum but couldn't find anything helpful.

    Any ideas? Should I upgrade to 1.2.2 ?

    Thx in advance

    0
  • D

    I would go straight to 1.2.3.  RC3 has a ton of bugfixes and has been very stable (I am running it in production.)

    0
  • H

    Any other suggestions?

    0
  • G

    try it :

    /boot/loader.conf

    kern.ipc.maxsockbufs="2097152"
    kern.ipc.msgmnb="8192"
    kern.ipc.msgssz="64"
    kern.ipc.msgtql="2048"
    kern.ipc.shmseg="16"
    kern.ipc.somaxconn="32768"
    kern.ipc.nmbclusters="131072"
    kern.ipc.maxsockets="65536"

    kern.maxfiles="262144"
    kern.maxfilesperproc="65536"
    net.inet.tcp.tcbhashsize="4096"

    /etc/sysctl.conf

    net.inet.ip.fastforwarding=1
    net.inet.ip.portrange.last=65535
    net.inet.ip.portrange.first=1024
    net.inet.icmp.icmplim=0
    net.inet.icmp.icmplim_output=0
    net.inet.tcp.msl=3000
    net.inet.tcp.hostcache.expire=1
    net.inet.tcp.inflight.enable=0
    net.inet.tcp.sendspace=65535
    net.inet.tcp.recvspace=65535
    kern.ipc.maxsockbufs=2097152
    kern.ipc.maxsockets=65536
    kern.ipc.somaxconn=32768
    kern.ipc.nmbclusters=131072
    kern.maxfiles=262144
    kern.maxfilesperproc=65536
    net.inet.tcp.delayed_ack=0
    net.inet.udp.recvspace=65535
    net.inet.udp.maxdgram=57344
    net.local.stream.recvspace=65535
    net.local.stream.sendspace=65535
    kern.dirdelay=6
    kern.metadelay=5
    kern.filedelay=7

    reboot server

    0
  • _

    Be careful!!!!!!

    the first file is /boot/loader.conf, the second file is NOT /etc/loader.conf, should be /etc/sysctl.conf!

    0
  • H

    Thank you very much for your help.

    Meanwhile I tried 1.2.3 RC3 and it works fine (up to now)!
    I updated the squid/squidguard packages too.

    In the past, every two weeks or so squid was hanging and had to be restarted,
    so now I hope that this problem will be solved too.

    0
  • G

    @_igor_:

    Be careful!!!!!!

    the first file is /boot/loader.conf, the second file is NOT /etc/loader.conf, should be /etc/sysctl.conf!

    yes correct,

    sorry wrong typo

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy