Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Slow https connections with Squid

    pfSense Packages
    4
    7
    6444
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hsmann last edited by

      Hello to everybody in this forum !

      We are using pfsense 1.2 with squid  2.6.21_11 and squidguard 1.2.0_1-2.

      Https-Connections (eg. online-banking) via squid-proxy are very slow, sometimes timeouts occur.
      We are not using the transparent option, no "sticky connections", no load balancing.

      Without proxy (direct connection via router) https works fast.

      We testet with Firefox and IE6/7. Both were slow with proxy.
      Our users reported this problem 3 days ago, before it worked over a year without any problem and without any changes in the configuration.

      I searched the web and the forum but couldn't find anything helpful.

      Any ideas? Should I upgrade to 1.2.2 ?

      Thx in advance

      1 Reply Last reply Reply Quote 0
      • D
        danswartz last edited by

        I would go straight to 1.2.3.  RC3 has a ton of bugfixes and has been very stable (I am running it in production.)

        1 Reply Last reply Reply Quote 0
        • H
          hsmann last edited by

          Any other suggestions?

          1 Reply Last reply Reply Quote 0
          • G
            grage95 last edited by

            try it :

            /boot/loader.conf

            kern.ipc.maxsockbufs="2097152"
            kern.ipc.msgmnb="8192"
            kern.ipc.msgssz="64"
            kern.ipc.msgtql="2048"
            kern.ipc.shmseg="16"
            kern.ipc.somaxconn="32768"
            kern.ipc.nmbclusters="131072"
            kern.ipc.maxsockets="65536"

            kern.maxfiles="262144"
            kern.maxfilesperproc="65536"
            net.inet.tcp.tcbhashsize="4096"

            /etc/sysctl.conf

            net.inet.ip.fastforwarding=1
            net.inet.ip.portrange.last=65535
            net.inet.ip.portrange.first=1024
            net.inet.icmp.icmplim=0
            net.inet.icmp.icmplim_output=0
            net.inet.tcp.msl=3000
            net.inet.tcp.hostcache.expire=1
            net.inet.tcp.inflight.enable=0
            net.inet.tcp.sendspace=65535
            net.inet.tcp.recvspace=65535
            kern.ipc.maxsockbufs=2097152
            kern.ipc.maxsockets=65536
            kern.ipc.somaxconn=32768
            kern.ipc.nmbclusters=131072
            kern.maxfiles=262144
            kern.maxfilesperproc=65536
            net.inet.tcp.delayed_ack=0
            net.inet.udp.recvspace=65535
            net.inet.udp.maxdgram=57344
            net.local.stream.recvspace=65535
            net.local.stream.sendspace=65535
            kern.dirdelay=6
            kern.metadelay=5
            kern.filedelay=7

            reboot server

            1 Reply Last reply Reply Quote 0
            • _
              _igor_ last edited by

              Be careful!!!!!!

              the first file is /boot/loader.conf, the second file is NOT /etc/loader.conf, should be /etc/sysctl.conf!

              1 Reply Last reply Reply Quote 0
              • H
                hsmann last edited by

                Thank you very much for your help.

                Meanwhile I tried 1.2.3 RC3 and it works fine (up to now)!
                I updated the squid/squidguard packages too.

                In the past, every two weeks or so squid was hanging and had to be restarted,
                so now I hope that this problem will be solved too.

                1 Reply Last reply Reply Quote 0
                • G
                  grage95 last edited by

                  @_igor_:

                  Be careful!!!!!!

                  the first file is /boot/loader.conf, the second file is NOT /etc/loader.conf, should be /etc/sysctl.conf!

                  yes correct,

                  sorry wrong typo

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post

                  Products

                  • Platform Overview
                  • TNSR
                  • pfSense
                  • Appliances

                  Services

                  • Training
                  • Professional Services

                  Support

                  • Subscription Plans
                  • Contact Support
                  • Product Lifecycle
                  • Documentation

                  News

                  • Media Coverage
                  • Press
                  • Events

                  Resources

                  • Blog
                  • FAQ
                  • Find a Partner
                  • Resource Library
                  • Security Information

                  Company

                  • About Us
                  • Careers
                  • Partners
                  • Contact Us
                  • Legal
                  Our Mission

                  We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                  Subscribe to our Newsletter

                  Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                  © 2021 Rubicon Communications, LLC | Privacy Policy