Pfsense, squid, squidGuard, Dansguardian and CDNs?

ppmax · Oct 18, 2014, 1:48 AM

Hi

I've got pfsense running with squid, squidGuard, and Dansguardian running and everything works great, except when I try to update my software (I'm on OS X and OS updates are handled through the App Store). What happens is that the download starts and then eventually peters out around 870MB, and then restarts…I can never get past this unless I disable the all firewall rules (pfctl -d) and temporarily disable my the NAT forwarding rules for squid and dansguardian.

I've monitored my dansguardian access.log, squid log, and squidGuard and can't figure out what is blocking or resetting these large downloads (~5GB).

I've tried adding a whole bunch of domains (akamaitechnologies.com, appimg.com, apple.com, etc) to the dansguardian exceptions lists, but no dice. I don't have any other rules that might affect this.

Right now I'm thinking this has something to do with the squid cache, but I can't figure out how to troubleshoot this more.

Any advice or tips?

thx
PP

aGeekhere · Oct 18, 2014, 11:03 PM

I have a similar problem, running squidGuard-squid3 and squid3-dev with transparent proxy (SSL filtering) and I can not get windows updates get 80072F8F error.

aGeekhere · Oct 20, 2014, 3:10 AM

solved https://forum.pfsense.org/index.php?topic=73640.45

ppmax · Oct 25, 2014, 12:05 AM

Hi aGeekHere-

I read your last post in that thread…so this is not solved for you?

Also, you said your problem is similar to mine....do your downloads start but never finish? Or do you get that error right away?

My issues seem to be related to the CDN switching me to another server after a portion of the payload is downloaded...at least that is my theory.

thx
PP

aGeekhere · Oct 25, 2014, 9:26 AM

With SSL filtering on, Windows update and adobe updates will not connect. With SSL filtering off it does connect and downloads.
If you turn off SSL filtering does yours download?

ppmax · Oct 25, 2014, 7:24 PM

Hm…sounds like our issues are slightly different...Im definitely getting a connection; For example I'll get a sustained 60Mb/s and then all of a sudden (after 850MB) the connection peeters out and then will restart...peg my throughput, then stop...then start again.

Isn't there some setting to allow URL's in URL's?

I wish I could track down what log to look at; I've checked Dansguardian logs, squid logs, squidGuard logs...nothing that I can see. I need to figure out a way to insert a tap between my cable modem and pfsense so I can run Wireshark...

thx
PP