Squid3 - New GUI with sync, normal and reverse proxy

marcelloc

Hi all,

I've merged squid-rever and squid3 in only one package for pfsense 2.0 with reverse options in a brand new service-> reverse proxy menu as well XMLRPC sync options.

Before package install/reinstall/upgrade, backup you config(just in case) especially reverse proxy config.

I've tested 02 days without issues.  :)

att,
Marcello Coutinho

Donny

Hello, I have some question. The screenshot above are reference to use for Web Server. For environment network without web server, Can I use its for regular normal with Sarg, Squid proxy and Dansguardian?
(at Reverse Proxy server: General > General tab) I am a little bit confused.

Thank u

marcelloc

For normal proxy use proxy server menu. Reverse proxy is just to publish your web servers to internet.

Matthias

Crashes if I try to access either the Services > Proxy Server or Services > Reverse Proxy with this error:

Warning: dir(/usr/local/etc/squid/errors/): failed to open dir: No such file or directory in /etc/inc/pfsense-utils.inc on line 432 Fatal error: Call to a member function read() on a non-object in /etc/inc/pfsense-utils.inc on line 433

marcelloc

What pfsense version are you using?

Pfsense util calls are the same from squid2

Matthias

2.1-DEVELOPMENT (i386)
built on Fri Apr 13 21:32:08 EDT 2012
FreeBSD 8.3-RELEASE

marcelloc

@Matthias:

2.1-DEVELOPMENT (i386)
built on Fri Apr 13 21:32:08 EDT 2012
FreeBSD 8.3-RELEASE

I've tested right now with

2.1-DEVELOPMENT (amd64)
built on Fri Apr 13 16:24:04 EDT 2012
FreeBSD 8.3-RELEASE

with no issues.

Squid 3 do not have pfsense 2.1 pbi packages yet, so you need to manual install squid3.

i386
pkg_add -rf http://files.pfsense.org/packages/8/All/squid-3.1.19.tbz

amd64
pkg_add -rf http://files.pfsense.org/packages/amd64/8/All/squid-3.1.19.tbz

Matthias

Seems to be working so far.

Nachtfalke

hi marcelloc,

nice to see that there is now just only one package and not two like it was with squid2 and squid-reverse.
If I am not completely wrong - you made some changes on the GUI (re-order some options), right ? But you didn't add any relevant new options?

Another question is:

I am using squid2 at the moment with squidguard and many custom options.
If I update to squid3 - should I pay attention on the custom options ? In the new GUI there are two text boxes - one for custom options - and another one for squidguard / havp options. Will they be "imported" correctly when updating?

PS: Not really related to this topic - but will there be a dansguardian version which uses squid3 or better not forces any version of squid ?

Thank you for the very hard work - on all the many different packages :-)

Donny

Hello all, I just clean install pfSense (i386) and also I have installed Squid3 and Dansguardian. After that I reboot pfsense system. I got some warning on pfSense console like this:

Waring: Invalid argument supplied for foreach() in /usr/local/pkg/squid_reverse.inc on line 103
Waring: Invalid argument supplied for foreach() in /usr/local/pkg/squid_reverse.inc on line 146

There is some bug in Squid3 (squid_reverse.inc) on the line 103 and 146.
Again for Dansguardian does not appear on services menu (Services > …....),after I installed. I have to reinstall it and then appear on the services menu.

Also Squid and Perl have two version installed. Uninstall and reinstall, it is the same.

Any idea.

harish

me too having this issue

Waring: Invalid argument supplied for foreach() in /usr/local/pkg/squid_reverse.inc on line 103
Waring: Invalid argument supplied for foreach() in /usr/local/pkg/squid_reverse.inc on line 146

and squidguard service does not startup in my case

marcelloc

@Nachtfalke:

nice to see that there is now just only one package and not two like it was with squid2 and squid-reverse.
If I am not completely wrong - you made some changes on the GUI (re-order some options), right ? But you didn't add any relevant new options?

There are new options just on reverse menu. Instead of text config, squid-reverse has config screens for peers and mappings.

@Nachtfalke:

I am using squid2 at the moment with squidguard and many custom options.
If I update to squid3 - should I pay attention on the custom options ?In the new GUI there are two text boxes - one for custom options - and another one for squidguard / havp options. Will they be "imported" correctly when updating?

They will stay all on Integration field.
After squid3 install, you can move your options from integration field to custom fields using a better viewing one per line option.
example:
integration field:```
auth_param ntlm program /usr/lib/squid/ntlm_auth --helper-protocol=squid-2.5-ntlmssp;auth_param basic program /usr/lib/squid/ntlm_auth --helper-protocol=squid-2.5-basic;auth_param basic children 5;auth_param basic realm Squid;proxy-caching web server;auth_param basic credentialsttl 2 hours

can be moved to:

#ntlm auth
auth_param ntlm program /usr/lib/squid/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param basic program /usr/lib/squid/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

on custom field

@Nachtfalke:

> PS: Not really related to this topic - but will there be a dansguardian version which uses squid3 or better not forces any version of squid ?

You can use this if you remeber to install squid3 after dansguardian or squidguard.

marcelloc

@harish:

Waring: Invalid argument supplied for foreach() in /usr/local/pkg/squid_reverse.inc on line 103
Waring: Invalid argument supplied for foreach() in /usr/local/pkg/squid_reverse.inc on line 146

and squidguard service does not startup in my case

I'll check it today.

~~Try to apply squidguard config again and then re-apply squid config.

To workaround squid-reverse error, just select a interface on in and fill up host fqdn. It will not enable reverse proxy but will create xml config that stops inc errors at line 103 and 146.~~

I've included some checks on squid-reverse.inc file. I'm just doing some tests before publishing this patch.

Thanks for your feedback.

marcelloc

@Donny:

Also Squid and Perl have two version installed. Uninstall and reinstall, it is the same.

Squidguard as well dansguardian force squid2 install.

To avoid squid3 overwrite, install squid3 package after squidguard or dansguardian.

marcelloc

I've just pushed squid_reverse.inc fix.

Upgrade to squid3 pkg v 2.0.1 and see if it fixes inc errors.

Nachtfalke

I installed squid2 package
after that squidguard
and then squid3

when click on "save" on squidguard page this line appears in squid3 integration box:

çb­ç-¦º ­©¿ºÊÿ–‡—öâŸû*º'F¹ªÝsû¬¯ùhq©z×?²«¢tkš­ßìªèæ«uÊ'~·Š·œ¶ŠÛÊ–¬²‰ëyØ«yË\†)]­é÷

Tikimotel

To "temporary" circumvent the integration gibberish, manually edit the custom options.
Integrations

(empty the edit box)

Custom
Options

quick_abort_pct 70
range_offset_limit 0
redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf
redirector_bypass on
redirect_children 8

(press save)

Squid should restart and activate 8 squidquard redirectors (temporary fix, because changing any setting in the proxy filter menu's will result in gibberish again)
Might also change at midnight because of squidguard crontab stuff.

Nachtfalke

@Tikimotel:

This helped and squidguard started (service). Couldn't test more.

redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf
redirector_bypass on
redirect_children 8

Donny

@marcelloc:

I've just pushed squid_reverse.inc fix.

Upgrade to squid3 pkg v 2.0.1 and see if it fixes inc errors.

SOLVED!, The Squid3 pkg v 2.0.1 has fixed this Waring: Invalid argument supplied for foreach() in /usr/local/pkg/squid_reverse.inc on line 103 and 146.

Next step I just want to be sure, I will try to clean install pfSense again in my testing machine, after that  > First install: Dansguardian > Second install: Squid 3.

I will inform you later, Thank u Marcelloc.

marcelloc

@Nachtfalke:

I installed squid2 package
after that squidguard
and then squid3

when click on "save" on squidguard page this line appears in squid3 integration box:

çb­ç-¦º ­©¿ºÊÿ–‡—öâŸû*º'F¹ªÝsû¬¯ùhq©z×?²«¢tkš­ßìªèæ«uÊ'~·Š·œ¶ŠÛÊ–¬²‰ëyØ«yË\†)]­é÷

Check if I forgot to remove base64 info from custom_option on squid.XML

Custom_option should not have it but custom_option_squid3 should have.

You do not need squid2 package before squidguard.

I'm not at home right now so I could check this only tonight.