Squid3-dev problems

pf12 · Dec 12, 2014, 9:37 PM

Hi, I'm running pfsense 2.1.5-RELEASE (i386) and installed the squid3-dev package (squid 3.3.10 pkg 2.2.8 ). This is the only squid package I've installed that doesn't seem to work no matter what I try. If I load a http site, it says the server can't be found, but https sites load fine. the squid2 and squid 3 packages worked in transparent mode, but squid3-dev doesn't. I mainly wanted this package because of the https filtering. Like the other squid versions that worked, I added my subnet to the ACL and have authentication turned off, and the proxy interface listening on the LAN and the transparent proxy interface on the LAN.

Are other configurations needed that I missed?

EDIT: If anyone even thinks of something small that might help please mention it. I'm still stumped. I don't get any errors when I run it from command line. Are there any other ways to trouble shoot what's happening?

EDIT 2: Just did a clean install of 64-bit pfsense because another forum suggested running 32-bit pfsense on a 64-bit enabled processor sometimes caused problems. Now running 2.1.5-RELEASE (amd64). Same problems, nothing has changed. Still looking for help.

marcelloc · Dec 15, 2014, 8:02 PM

I do only use squid3-dev with no issues.

what you get with squid -k parse or on cache.log?

pf12 · Dec 16, 2014, 5:40 PM

Thanks for replying! Here's the output for those commands:

squid -k parse:

2014/12/16 11:35:42| Startup: Initializing Authentication Schemes ...
2014/12/16 11:35:42| Startup: Initialized Authentication Scheme 'basic'
2014/12/16 11:35:42| Startup: Initialized Authentication Scheme 'digest'
2014/12/16 11:35:42| Startup: Initialized Authentication Scheme 'negotiate'
2014/12/16 11:35:42| Startup: Initialized Authentication Scheme 'ntlm'
2014/12/16 11:35:42| Startup: Initialized Authentication.
2014/12/16 11:35:42| Processing Configuration File: /usr/pbi/squid-amd64/etc/squid/squid.conf (depth 0)
2014/12/16 11:35:42| Processing: http_port 192.168.5.1:3128
2014/12/16 11:35:42| Processing: icp_port 0
2014/12/16 11:35:42| Processing: dns_v4_first off
2014/12/16 11:35:42| Processing: pid_filename /var/run/squid.pid
2014/12/16 11:35:42| Processing: cache_effective_user proxy
2014/12/16 11:35:42| Processing: cache_effective_group proxy
2014/12/16 11:35:42| Processing: error_default_language en-ca
2014/12/16 11:35:42| Processing: icon_directory /usr/pbi/squid-amd64/etc/squid/icons
2014/12/16 11:35:42| Processing: visible_hostname localhost
2014/12/16 11:35:42| Processing: cache_mgr admin@localhost
2014/12/16 11:35:42| Processing: access_log /var/squid/logs/access.log
2014/12/16 11:35:42| Processing: cache_log /var/squid/logs/cache.log
2014/12/16 11:35:42| Processing: cache_store_log none
2014/12/16 11:35:42| Processing: netdb_filename /var/squid/logs/netdb.state
2014/12/16 11:35:42| Processing: pinger_enable on
2014/12/16 11:35:42| Processing: pinger_program /usr/pbi/squid-amd64/libexec/squid/pinger
2014/12/16 11:35:42| Processing: logfile_rotate 14
2014/12/16 11:35:42| Processing: debug_options rotate=14
2014/12/16 11:35:42| Processing: shutdown_lifetime 3 seconds
2014/12/16 11:35:42| Processing: acl localnet src  192.168.5.0/24
2014/12/16 11:35:42| Processing: forwarded_for off
2014/12/16 11:35:42| Processing: via off
2014/12/16 11:35:42| Processing: uri_whitespace strip
2014/12/16 11:35:42| Processing: acl dynamic urlpath_regex cgi-bin \?
2014/12/16 11:35:42| Processing: cache deny dynamic
2014/12/16 11:35:42| Processing: cache_mem 8 MB
2014/12/16 11:35:42| Processing: maximum_object_size_in_memory 32 KB
2014/12/16 11:35:42| Processing: memory_replacement_policy heap GDSF
2014/12/16 11:35:42| Processing: cache_replacement_policy heap LFUDA
2014/12/16 11:35:42| Processing: cache_dir ufs /var/squid/cache 2000 16 256
2014/12/16 11:35:42| Processing: minimum_object_size 0 KB
2014/12/16 11:35:42| Processing: maximum_object_size 4 KB
2014/12/16 11:35:42| Processing: offline_mode off
2014/12/16 11:35:42| Processing: cache_swap_low 90
2014/12/16 11:35:42| Processing: cache_swap_high 95
2014/12/16 11:35:42| Processing: cache allow all
2014/12/16 11:35:42| Processing: acl allsrc src all
2014/12/16 11:35:42| Processing: acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 3127 1025-65535
2014/12/16 11:35:42| Processing: acl sslports port 443 563
2014/12/16 11:35:42| Processing: acl purge method PURGE
2014/12/16 11:35:42| Processing: acl connect method CONNECT
2014/12/16 11:35:42| Processing: acl HTTP proto HTTP
2014/12/16 11:35:42| Processing: acl HTTPS proto HTTPS
2014/12/16 11:35:42| Processing: acl allowed_subnets src 192.168.5.0/24
2014/12/16 11:35:42| Processing: http_access allow manager localhost
2014/12/16 11:35:42| Processing: http_access deny manager
2014/12/16 11:35:42| Processing: http_access allow purge localhost
2014/12/16 11:35:42| Processing: http_access deny purge
2014/12/16 11:35:42| Processing: http_access deny !safeports
2014/12/16 11:35:42| Processing: http_access deny CONNECT !sslports
2014/12/16 11:35:42| Processing: request_body_max_size 0 KB
2014/12/16 11:35:42| Processing: delay_pools 1
2014/12/16 11:35:42| Processing: delay_class 1 2
2014/12/16 11:35:42| Processing: delay_parameters 1 -1/-1 -1/-1
2014/12/16 11:35:42| Processing: delay_initial_bucket_level 100
2014/12/16 11:35:42| Processing: delay_access 1 allow allsrc
2014/12/16 11:35:42| Processing: http_access allow allowed_subnets
2014/12/16 11:35:42| Processing: http_access allow localnet
2014/12/16 11:35:42| Processing: http_access deny allsrc
2014/12/16 11:35:42| WARNING: HTTP requires the use of Via
2014/12/16 11:35:42| Initializing https proxy context

cat /var/squid/logs/cache.log

2014/12/16 11:40:13 kid1| Starting Squid Cache version 3.3.10 for amd64-portbld-freebsd8.3...
2014/12/16 11:40:13 kid1|  parse error while reading template file: /usr/pbi/squid-amd64/etc/squid/errors/en-ca/error-details.txt
2014/12/16 11:40:13 kid1| Unable to load default error language files. Reset to backups.
2014/12/16 11:40:13 kid1|  parse error while reading template file: /usr/pbi/squid-amd64/etc/squid/errors/templates/error-details.txt
2014/12/16 11:40:13 kid1| WARNING: failed to find or read error text file error-details.txt
2014/12/16 11:40:13 kid1| sendto FD 26: (1) Operation not permitted
2014/12/16 11:40:13 kid1| ipcCreate: CHILD: hello write test failed

EDIT: Formatting output to use code tags.

hyundrax · Dec 16, 2014, 5:58 PM

I have no Problem.. but nothing cache..

this my squid -k parse


2014/12/17 00:57:38| Startup: Initializing Authentication Schemes ...
2014/12/17 00:57:38| Startup: Initialized Authentication Scheme 'basic'
2014/12/17 00:57:38| Startup: Initialized Authentication Scheme 'digest'
2014/12/17 00:57:38| Startup: Initialized Authentication Scheme 'negotiate'
2014/12/17 00:57:38| Startup: Initialized Authentication Scheme 'ntlm'
2014/12/17 00:57:38| Startup: Initialized Authentication.
2014/12/17 00:57:38| Processing Configuration File: /usr/pbi/squid-amd64/etc/squid/squid.conf (depth 0)
2014/12/17 00:57:38| Processing: http_port 192.168.1.1:3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/pbi/squid-amd64/etc/squid/serverkey.pem capath=/usr/pbi/squid-amd64/share/certs/
2014/12/17 00:57:38| Processing: http_port 127.0.0.1:3128 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/pbi/squid-amd64/etc/squid/serverkey.pem capath=/usr/pbi/squid-amd64/share/certs/
2014/12/17 00:57:38| Starting Authentication on port 127.0.0.1:3128
2014/12/17 00:57:38| Disabling Authentication on port 127.0.0.1:3128 (interception enabled)
2014/12/17 00:57:38| Disabling IPv6 on port 127.0.0.1:3128 (interception enabled)
2014/12/17 00:57:38| Processing: https_port 127.0.0.1:3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/pbi/squid-amd64/etc/squid/serverkey.pem capath=/usr/pbi/squid-amd64/share/certs/
2014/12/17 00:57:38| Starting Authentication on port 127.0.0.1:3129
2014/12/17 00:57:38| Disabling Authentication on port 127.0.0.1:3129 (interception enabled)
2014/12/17 00:57:38| Disabling IPv6 on port 127.0.0.1:3129 (interception enabled)
2014/12/17 00:57:38| Processing: icp_port 0
2014/12/17 00:57:38| Processing: dns_v4_first on
2014/12/17 00:57:38| Processing: pid_filename /var/run/squid.pid
2014/12/17 00:57:38| Processing: cache_effective_user proxy
2014/12/17 00:57:38| Processing: cache_effective_group proxy
2014/12/17 00:57:38| Processing: error_default_language en
2014/12/17 00:57:38| Processing: icon_directory /usr/pbi/squid-amd64/etc/squid/icons
2014/12/17 00:57:38| Processing: visible_hostname localhost
2014/12/17 00:57:38| Processing: cache_mgr admin@localhost
2014/12/17 00:57:38| Processing: access_log /var/squid/logs/access.log
2014/12/17 00:57:38| Processing: cache_log /var/squid/logs/cache.log
2014/12/17 00:57:38| Processing: cache_store_log none
2014/12/17 00:57:38| Processing: netdb_filename /var/squid/logs/netdb.state
2014/12/17 00:57:38| Processing: pinger_enable on
2014/12/17 00:57:38| Processing: pinger_program /usr/pbi/squid-amd64/libexec/squid/pinger
2014/12/17 00:57:38| Processing: sslcrtd_program /usr/pbi/squid-amd64/libexec/squid/ssl_crtd -s /var/squid/lib/ssl_db -M 4MB -b 2048
2014/12/17 00:57:38| Processing: sslcrtd_children 5
2014/12/17 00:57:38| Processing: sslproxy_capath /usr/pbi/squid-amd64/share/certs/
2014/12/17 00:57:38| Processing: sslproxy_cert_error allow all
2014/12/17 00:57:38| Processing: sslproxy_flags DONT_VERIFY_PEER
2014/12/17 00:57:38| Processing: logfile_rotate 90
2014/12/17 00:57:38| Processing: debug_options rotate=90
2014/12/17 00:57:38| Processing: shutdown_lifetime 3 seconds
2014/12/17 00:57:38| Processing: acl localnet src  192.168.1.0/24
2014/12/17 00:57:38| Processing: uri_whitespace strip
2014/12/17 00:57:38| Processing: acl dynamic urlpath_regex cgi-bin \?
2014/12/17 00:57:38| Processing: cache deny dynamic
2014/12/17 00:57:38| Processing: cache_mem 256 MB
2014/12/17 00:57:38| Processing: maximum_object_size_in_memory 128 KB
2014/12/17 00:57:38| Processing: memory_replacement_policy lru
2014/12/17 00:57:38| Processing: cache_replacement_policy heap LFUDA
2014/12/17 00:57:38| Processing: cache_dir aufs /var/squid/cache 180000 16 256
2014/12/17 00:57:38| Processing: minimum_object_size 1 KB
2014/12/17 00:57:38| Processing: maximum_object_size 102400 KB
2014/12/17 00:57:38| Processing: offline_mode off
2014/12/17 00:57:38| Processing: cache_swap_low 90
2014/12/17 00:57:38| Processing: cache_swap_high 95
2014/12/17 00:57:38| Processing: cache allow all
2014/12/17 00:57:38| Processing: acl allsrc src all
2014/12/17 00:57:38| Processing: acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 81 3128 3127 1025-65535
2014/12/17 00:57:38| Processing: acl sslports port 443 563 81
2014/12/17 00:57:38| Processing: acl purge method PURGE
2014/12/17 00:57:38| Processing: acl connect method CONNECT
2014/12/17 00:57:38| Processing: acl HTTP proto HTTP
2014/12/17 00:57:38| Processing: acl HTTPS proto HTTPS
2014/12/17 00:57:38| Processing: acl allowed_subnets src 192.168.1.0/24
2014/12/17 00:57:38| Processing: http_access allow manager localhost
2014/12/17 00:57:38| Processing: http_access deny manager
2014/12/17 00:57:38| Processing: http_access allow purge localhost
2014/12/17 00:57:38| Processing: http_access deny purge
2014/12/17 00:57:38| Processing: http_access deny !safeports
2014/12/17 00:57:38| Processing: http_access deny CONNECT !sslports
2014/12/17 00:57:38| Processing: quick_abort_min 0 KB
2014/12/17 00:57:38| Processing: quick_abort_max 0 KB
2014/12/17 00:57:38| Processing: request_body_max_size 0 KB
2014/12/17 00:57:38| Processing: delay_pools 1
2014/12/17 00:57:38| Processing: delay_class 1 2
2014/12/17 00:57:38| Processing: delay_parameters 1 -1/-1 -1/-1
2014/12/17 00:57:38| Processing: delay_initial_bucket_level 100
2014/12/17 00:57:38| Processing: delay_access 1 allow allsrc
2014/12/17 00:57:38| Processing: always_direct allow all
2014/12/17 00:57:38| Processing: ssl_bump server-first all
2014/12/17 00:57:38| Processing: http_access allow allowed_subnets
2014/12/17 00:57:38| Processing: http_access allow localnet
2014/12/17 00:57:38| Processing: http_access deny allsrc
2014/12/17 00:57:38| Initializing https proxy context
2014/12/17 00:57:38| Initializing http_port 192.168.1.1:3128 SSL context
2014/12/17 00:57:38| Using certificate in /usr/pbi/squid-amd64/etc/squid/serverkey.pem
2014/12/17 00:57:38| Initializing http_port 127.0.0.1:3128 SSL context
2014/12/17 00:57:38| Using certificate in /usr/pbi/squid-amd64/etc/squid/serverkey.pem
2014/12/17 00:57:38| Initializing https_port 127.0.0.1:3129 SSL context
2014/12/17 00:57:38| Using certificate in /usr/pbi/squid-amd64/etc/squid/serverkey.pem

pf12 · Jan 4, 2015, 8:22 PM

Nearly a month later, I'm still having problems getting it to work. Any suggestions at all?

marcelloc · Jan 6, 2015, 1:15 AM

Read again cache.log. All you need to fix is there.