Squid 3.3.4 package for pfsense with ssl filtering
-
You need to configure ssl filtering port only on transparent mode.
On normal proxy configuration, traffic(http and https) goes fine on default squid port.
Ok, I got the explicit squid proxy to pass https with no problem now. If I want to test the transparent https proxy then I just enable it with the CA cert I have? The default port is 3129 but clients won't be sending on that port. Do I need to change that to 443 then? Or should I NAT redirect it instead?
Also have some DG questions but I'll put then in the other thread.
-
If I want to test the transparent https proxy then I just enable it with the CA cert I have?
Just enable it on LAN for example. Squid package will create rules to transparent proxy connections from 443 to localhost 3129.
do not select loopback on squid config while using transparent mode. -
Is it possible to run squid as explicit on one interface (like loopback or LAN) and also run it as transparent on a different interface like a guest net at the same time?
-
Is it possible to run squid as explicit on one interface (like loopback or LAN) and also run it as transparent on a different interface like a guest net at the same time?
On squid3-dev yes ;D
Remember to do not use loopback on any configuration while using transparent mode.
-
/libexec/ld-elf.so.1: /usr/lib/librt.so.1: unsupported file layout
on 2.0.3, use pkg_add and pkg_delete to get squid 3.3.5
i386
pkg_add -r http://e-sac.siteseguro.ws/packages/8/All/squid-3.3.5.tbzamd64
pkg_add -r http://e-sac.siteseguro.ws/packages/amd64/8/All/squid-3.3.5.tbzHmm… that's what I did. It complained about perl and openssl (I think) so I deleted them and let the pkg_add -r install the versions it wanted. After that it was successfull, however squid -v won't run with the error above.
When I do that, it complains that perl is the wrong version.
-
When I do that, it complains that perl is the wrong version.
check all dependent libs from the beginning of this topic. The manual update works fine if applied on with same architecture as operating system.
-
I got this when I start Squid (that stops immediatly)
Jun 6 19:56:59 squid: No valid signing SSL certificate configured for https_port 127.0.0.1:443
Jun 6 19:57:04 php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was '2013/06/06 19:56:59| ERROR: Directive 'ignore_expect_100' is obsolete. FATAL: No valid signing SSL certificate configured for https_port 127.0.0.1:443 Squid Cache (Version 3.3.5): Terminated abnormally. CPU Usage: 0.013 seconds = 0.000 user + 0.013 sys Maximum Resident Size: 34816 KB Page faults with physical i/o: 0'
Jun 6 19:57:06 squid: No valid signing SSL certificate configured for https_port 127.0.0.1:443 -
I got this when I start Squid (that stops immediatly)
What config are you using? reverse proxy? normal proxy? did you configured a valid CA for squid?
While using transparent proxy, do not select loopback interface.
-
I have removed 3.3.4
I followed your commands line for 3.3.5. But no squid … after reinstallation, I'll see if I still have the error message.
Thanks for your help
-
I followed your commands line for 3.3.5. But no squid … after reinstallation, I'll see if I still have the error message.
fill ssl fields (port, etc) and save config.
check if all libs are there with squid -v
-
I don't understand
squid -v give me a lot of file.but no squid in menu or packages :-X
-
I don't understand
squid -v give me a lot of file.but no squid in menu or packages :-X
The upgrade process from 3.3.4 to 3.3.5 is only on console. You do not need to remove squid3-dev package on gui.
-
Damned
How do I reinstall the console ?
Thanks
-
On one of the Pfsense 2.1RC0 … I nailed the SSL Certificat culprit.
The service is UP with this in the log:php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was '2013/06/07 08:02:02| ERROR: Directive 'ignore_expect_100' is obsolete. squid: No running copy'
-
How do I reinstall
theon console ?Reinstall package squid3-dev via gui.
Go to console/ssh, remove with pkg_delete squid-3.3.4 and install using pkg_add squid-3.3.5.
ERROR: Directive 'ignore_expect_100' is obsolete. squid: No running copy'
I've pushed a fix with no version bump. a package reinstall should fix it.
If you what to just manual update it, run these two fetch cmd on console
fetch -o /usr/local/pkg/squid_reverse.inc https://raw.github.com/pfsense/pfsense-packages/8ba97bb7780495943c2d50547514d5b388d06329/config/squid3/33/squid_reverse.inc fetch -o /usr/local/pkg/squid_reverse_general.xml https://raw.github.com/pfsense/pfsense-packages/8ba97bb7780495943c2d50547514d5b388d06329/config/squid3/33/squid_reverse_general.xml
-
Aouch
with pkg_add
pkg_add: can't stat package file 'squid-3.3.5'
:-\
-
pkg_add: can't stat package file 'squid-3.3.5'
white url are you using to fetch squid 3.3.5?
-
sorry I don't understand
I think I have no specific url
-
sorry I don't understand
On console/ssh use pkg_delete to remove squid-3.3.4 and pkg_add to get squid 3.3.5
i386 systems
pkg_add -r http://e-sac.siteseguro.ws/packages/8/All/squid-3.3.5.tbzamd64 systems
pkg_add -r http://e-sac.siteseguro.ws/packages/amd64/8/All/squid-3.3.5.tbz -
OK
I installed it … but nothing in the GUI packages ...
Did I do something wrong ?