Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Apparent package conflicts: Squid/SquidGuard vs. OpenVPN

    Scheduled Pinned Locked Moved pfSense Packages
    2 Posts 1 Posters 3.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X
      Xyzzy
      last edited by

      Problem:  Configuring OpenVPN causes issues with Squid/SquidGuard.

      Hardware:  Netgate Hamakua (with hard drive, not CF card)
      Version: pfSense 1.2.3 RELEASE, embedded kernel
      Installed packages:
        Cron 0.2
        OpenVPN-Enhancements 1.2
        Patch rc to leave filter-dirty 0.1
        Squid 2.7.9-3
        SquidGuard 1.3-2

      As background, I have had occasional problems updating the blacklist (from shalla.de) and subsequently reconfiguring SquidGuard in which the filters were not working.  Reboot usually fixed.  Over the last couple of months I have reinstalled the Squid and SquidGuard packages and in the process may have changed to the current version…I check occasionally and if an installed package has a newer version, I get the latest.  Long way of saying I'm not sure how long the issues have been present or what change may have precipitated them.

      A few days ago, for unrelated reasons, I did a clean install (including disk format) from the ISO for 1.2.3 release.  I used a recent backup to configure and installed the packages listed above, and downloaded and configured the current shallla.de blacklist.  I was experiencing a number of issues:  Filter not working, passing any web sites; Filter blocking ALL web sites; (in both cases, GUI settings appeared correct); pfSense entering the reinstall all packages script when going to home page (Status---->System); pfSense logon window instead of any and all web sites; inconsistent results (mix of these symptoms) upon reboot.

      I believe I have isolated much if not all of the problem to an apparent conflict with OpenVPN by doing the following, and can reproduce the symptoms:

      • backup w/o packages and restore from that backup
      • install cron, Squid, SquidGuard, patch rc to leave filter-dirty, OpenVPN enhancements
      • configure squid as transparent proxy
      • install shalla blacklist and configure SquidGuard
      • start Squidguard

      At this point, web surfing works as desired; BL'd sites are blocked and others are visible.

      Reboot.  Still normal.

      • Configure OpenVPN using PKI and TLS/Auth.

      At this point, ALL web sites are blocked by the proxy.  Reboot has no effect.

      • Stop SquidGuard (shows stopped in config page and service status page).

      All web sites still blocked.

      • Uncheck transparent proxy and save.

      Normal surfing possible, but (obviously) no filtering.

      Searched the forum and found several similar issues (that's why the "Patch rc to leave filter-dirty" pkg is there) but none mentioning OpenVPN as a possible conflict.  Some of the startup timing issues seem to be present; here's a log extract in the conflicted state (proxy and filter on, all sites blocked):

      Oct  3 14:47:23 pfsense-fw kernel: em2: link state changed to UP
      Oct  3 14:47:31 pfsense-fw php: : SQUID is installed but not started.  Not installing "nat" rules.
      Oct  3 14:47:31 pfsense-fw php: : SQUID is installed but not started.  Not installing "filter" rules.
      .
      .
      .
      Oct  3 14:47:34 pfsense-fw dnsmasq[810]: read /etc/hosts - 17 addresses
      Oct  3 14:47:38 pfsense-fw php: : SQUID is installed but not started.  Not installing "nat" rules.
      Oct  3 14:47:38 pfsense-fw php: : SQUID is installed but not started.  Not installing "filter" rules.
      Oct  3 14:47:39 pfsense-fw php: : Creating rrd update script
      Oct  3 14:47:39 pfsense-fw dhcpd: Internet Systems Consortium DHCP Server V3.0.7
      Oct  3 14:47:39 pfsense-fw dhcpd: Copyright 2004-2008 Internet Systems Consortium.
      Oct  3 14:47:39 pfsense-fw dhcpd: All rights reserved.
      Oct  3 14:47:39 pfsense-fw dhcpd: For info, please visit http://www.isc.org/sw/dhcp/
      Oct  3 14:47:41 pfsense-fw php: : Resyncing configuration for all packages.
      Oct  3 14:47:50 pfsense-fw php: : Starting Squid
      Oct  3 14:47:50 pfsense-fw squid[1400]: Squid Parent: child process 1403 started
      Oct  3 14:47:55 pfsense-fw dnsmasq[810]: reading /var/dhcpd/var/db/dhcpd.leases
      Oct  3 14:47:57 pfsense-fw php: : Reloading Squid for configuration sync
      Oct  3 14:48:27 pfsense-fw last message repeated 5 times
      Oct  3 14:48:28 pfsense-fw kernel: pid 1403 (squid), uid 62: exited on signal 6
      Oct  3 14:48:28 pfsense-fw squid[1403]: The url_rewriter helpers are crashing too rapidly, need help!
      Oct  3 14:48:28 pfsense-fw squid[1400]: Squid Parent: child process 1403 exited due to signal 6
      Oct  3 14:48:31 pfsense-fw squid[1400]: Squid Parent: child process 1924 started
      Oct  3 14:48:33 pfsense-fw php: /sajax/index.sajax.php: [DEBUG] Lock recursion detected.
      Oct  3 14:48:46 pfsense-fw php: : Reloading Squid for configuration sync
      Oct  3 14:48:47 pfsense-fw php: : The OpenVPN-Enhancements package is missing required dependencies and must be reinstalled.
      Oct  3 14:48:47 pfsense-fw last message repeated 4 times
      Oct  3 14:48:47 pfsense-fw php: : Could not locate /usr/local/pkg/ovpnenhance.inc.
      Oct  3 14:48:47 pfsense-fw php: : Beginning package installation for OpenVPN-Enhancements.
      Oct  3 14:48:51 pfsense-fw check_reload_status: check_reload_status is starting
      Oct  3 14:48:51 pfsense-fw check_reload_status: rc.newwanip starting
      Oct  3 14:48:52 pfsense-fw php: : Informational: rc.newwanip is starting fxp0.
      Oct  3 14:48:52 pfsense-fw php: : rc.newwanip working with (IP address: 192.168.1.2) (interface: wan) (interface real: fxp0).
      Oct  3 14:48:52 pfsense-fw check_reload_status: reloading filter
      

      Next, I restored from a backup made before configuring OpenVPN.  Web surfing, with filtering, as expected.
      System log:

      Oct  3 15:33:53 pfsense-fw php: : SQUID is installed but not started.  Not installing "nat" rules.
      Oct  3 15:33:53 pfsense-fw php: : SQUID is installed but not started.  Not installing "filter" rules.
      .
      .
      .
      Oct  3 15:33:56 pfsense-fw dnsmasq[772]: read /etc/hosts - 17 addresses
      Oct  3 15:34:00 pfsense-fw php: : SQUID is installed but not started.  Not installing "nat" rules.
      Oct  3 15:34:00 pfsense-fw php: : SQUID is installed but not started.  Not installing "filter" rules.
      Oct  3 15:34:01 pfsense-fw php: : Creating rrd update script
      Oct  3 15:34:01 pfsense-fw dhcpd: Internet Systems Consortium DHCP Server V3.0.7
      Oct  3 15:34:01 pfsense-fw dhcpd: Copyright 2004-2008 Internet Systems Consortium.
      Oct  3 15:34:01 pfsense-fw dhcpd: All rights reserved.
      Oct  3 15:34:01 pfsense-fw dhcpd: For info, please visit http://www.isc.org/sw/dhcp/
      Oct  3 15:34:02 pfsense-fw php: : Resyncing configuration for all packages.
      Oct  3 15:34:02 pfsense-fw php: : The Cron package is missing required dependencies and must be reinstalled.
      Oct  3 15:34:02 pfsense-fw php: : The Cron package is missing required dependencies and must be reinstalled.
      Oct  3 15:34:10 pfsense-fw php: : Starting Squid
      Oct  3 15:34:10 pfsense-fw squid[1320]: Squid Parent: child process 1323 started
      Oct  3 15:34:11 pfsense-fw squid[1323]: The url_rewriter helpers are crashing too rapidly, need help!
      Oct  3 15:34:11 pfsense-fw kernel: pid 1323 (squid), uid 62: exited on signal 6
      Oct  3 15:34:11 pfsense-fw squid[1320]: Squid Parent: child process 1323 exited due to signal 6
      Oct  3 15:34:13 pfsense-fw dnsmasq[772]: reading /var/dhcpd/var/db/dhcpd.leases
      Oct  3 15:34:14 pfsense-fw squid[1320]: Squid Parent: child process 1396 started
      Oct  3 15:34:28 pfsense-fw php: : Reloading Squid for configuration sync
      Oct  3 15:34:29 pfsense-fw check_reload_status: check_reload_status is starting
      Oct  3 15:34:29 pfsense-fw check_reload_status: rc.newwanip starting
      Oct  3 15:34:30 pfsense-fw php: : Informational: rc.newwanip is starting fxp0.
      Oct  3 15:34:30 pfsense-fw php: : rc.newwanip working with (IP address: 192.168.1.2) (interface: wan) (interface real: fxp0).
      Oct  3 15:34:30 pfsense-fw check_reload_status: reloading filter
      

      Only difference I picked out is that with OpenVPN configured, it indicates that OpenVPN-Enancements is missing dependencies; when OpenVPN is not configured, same error with respect to cron.

      Finally, in both cases there are 3 instances of SquidGuard running; I don't know if this is normal, related, or unrelated:

      # ps -auxww | grep squid
      root    1400  0.0  0.2  5436  2152  ??  Is    2:47PM   0:00.00 /usr/local/sbin/squid -D
      proxy   1924  0.0  0.7 13628  6696  ??  I     2:48PM   0:00.16 (squid) -D (squid)
      proxy   2078  0.0  0.5 52072  5332  ??  I     2:48PM   0:00.13 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.conf (squidGuard)
      proxy   2079  0.0  0.5 52072  5332  ??  I     2:48PM   0:00.13 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.conf (squidGuard)
      proxy   2080  0.0  0.5 52072  5332  ??  I     2:48PM   0:00.13 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.conf (squidGuard)
      # 
      

      Regret the long post but wanted to be complete.  If this post should be in the OpenVPN forum, please move it.  Grateful for any help.

      1 Reply Last reply Reply Quote 0
      • X
        Xyzzy
        last edited by

        PS to the above:  After restoring the backup w/o OpenVPN, and doing some surfing, clicking on Status–->System ran the PHP reinstall all packages script.  ???

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.