Upgrade to pfsense 2.2 ->Installation of squidGuard-squid3 FAILED(for me Solved)



  • Hi ,
    get this error in upgraded pfsense 2.2

    Downloading https://files.pfsense.org/packages/10/All/squidguard-squid3-1.4_4-i386.pbi …  (extracting)
    ERROR: No digital signature! If you are SURE you trust this PBI, re-install with --no-checksig option.
    of squidguard-squid3-1.4_4-i386 failed!

    Update**
    Under:System-Advance-Miscellaneous: check Do NOT check package signature

    tried again and  worked,
    But i was not able to get it up and running( tried all folder settings and klick save everysingle time on squid3 and squidguard)

    Then i saved pfsense w/o package info , restore with this file, installed all packages manualy and made a new config .
    Finaly it solved may problems.
    (exept i-cap, clamav but this is new stuff... )


    Regards
    Max



  • yep same problem here.

    Edit:

    Found a work around for meow that appears to work.

    Thanks to PiBa-NL on the #pfsense IRC channel.

    <piba-nl>ah ok.. whell that can be fixed with a setting
    <piba-nl>System: Advanced: Miscellaneous : at the bottom:  'Do NOT check package signature'</piba-nl></piba-nl>

    edit:

    squidguard doesn't even start.



  • i've got the same problem on two pfsense migration 2.1.5 -> 2.2



  • Update from 2.1.5 to 2.2

    Had installed on 2.15 packages

    squid3
    squidGuard-squid3

    upgrading to 2.2 in services i get

    squid
    squidgurad
    i-cap
    clamd

    non of them could start

    Uninstall packages squid3 and squidguard-squid3

    Reinstall them and squid is working ok but squidguard(after checking the option not to check for sign packages), although after several restarts seems as running service, does not filter at all. Looking at squidgurad.conf has no options comparing from the one in 2.1.5.

    Clamd does not start at all.

    Followed advices of apost I found on the forum(can't find it now)for changing some options in i-cap.cong through squid gui , does not help at all.

    Bottom line: Tottaly messed the squid-squidguard infrastracture in 2.2

    Can someone give directions, step-by step how to make squid3 and squidguard operational in 2.2?

    Or at least can someone confirm that squidguard is not working in 2.2 yet?

    P.S.

    found a locked topic which seems relevant…

    https://forum.pfsense.org/index.php?topic=86701.0



  • Squid3 is working fine on 2.2.

    Check and save each config tab from left to right on squid3 package.

    If there is any missing config, gui should warn you.

    I've tested squidguard once on my labs and it was working.
    You know that squidguard on squid3 runs by demand, so after saving it will show as stopped until squid receives traffic.



  • I know its working on demand,actually it worked this way…

    My question is,after upgrading to 2.2 do we have to reinstall squid 3 and squidguard or they should work right "out of the box"?

    Are these packages suppose to keep their settings?
    Will newely i-cap,clamd should work immediatelly aftrr the upgrade?

    Thnks



  • @xtrgeo:

    My question is,after upgrading to 2.2 do we have to reinstall squid 3 and squidguard or they should work right "out of the box"?

    No, just check config gui tabs just like I've posted before..

    @xtrgeo:

    Will newely i-cap,clamd should work immediatelly aftrr the upgrade?

    You may need to visit antivirus tab to be sure all options are fine for 2.2.

    Check paths on antivirus tab fields, all tests I did on 2.2 were with a clean install.



  • Οκ,thanks for the informations.

    If anyone has successfully managed to update from 2.1.5 to 2.2 WITH squid3 and squidguard-squid3 installed and packages worked after update,please let us know here because I see many complains on the update procedure foe these packages…



  • @marcelloc:

    Squid3 is working fine on 2.2.

    Check and save each config tab from left to right on squid3 package.

    After setting the option in Advanced to not check SIGs on PBIs, got squidguard installed.

    I can verify that stepping through tabs on squid and squidguard configs and saving each going along, it now works as it did in 2.1.5.

    Thanks marcelloc!

    @xtrgeo:

    If anyone has successfully managed to update from 2.1.5 to 2.2 WITH squid3 and squidguard-squid3 installed and packages worked after update,please let us know here because I see many complains on the update procedure foe these packages…

    No. Settings were still there for squiguard, but had to disable check PBI SIGs to get the package installed. But upgrade did not install squidguard on it's own.



  • @FurryFennec:

    @marcelloc:

    Squid3 is working fine on 2.2.

    Check and save each config tab from left to right on squid3 package.

    After setting the option in Advanced to not check SIGs on PBIs, got squidguard installed.

    I can verify that stepping through tabs on squid and squidguard configs and saving each going along, it now works as it did in 2.1.5.

    Thanks marcelloc!

    @xtrgeo:

    If anyone has successfully managed to update from 2.1.5 to 2.2 WITH squid3 and squidguard-squid3 installed and packages worked after update,please let us know here because I see many complains on the update procedure foe these packages…

    No. Settings were still there for squiguard, but had to disable check PBI SIGs to get the package installed. But upgrade did not install squidguard on it's own.

    Did you have squidguard installed on 2.1.5 and just upgraded? After upgraded you only had to reinstall squidguard or something else also?



  • @xtrgeo:

    Did you have squidguard installed on 2.1.5 and just upgraded? After upgraded you only had to reinstall squidguard or something else also?

    In my case i had squidguard installed on 2.1.5 and after upgrading to pfsense 2.2 squidguard seems to be not installed and it is impossible to install it.



  • Hello,

    I have upgraded from 2.1.5 to 2.2 and first I uninstall all the package; after reinstall I have this problems:

    LightSquid - not working

    Proxy Squid: Realtime stat (sqstat) help
    
    Squid RealTime stat 1.20 for the proxy server (unknown) (192.168.1.1:3128)
    SqStat error
    
    Error (1): Cannot get data. Server answered: HTTP/1.1 403 Forbidden
    

    of course log looks like:

    php-fpm[11421]: /pkg_edit.php: The command 'ln -s /usr/local/bin/perl /usr/bin/perl' returned exit code '1', the output was 'ln: /usr/bin/perl: File exists'
    

    probably cause in: /usr/bin perl looks broken at Squid installation - No idea how to fix it, reinstall pkg did not help.
    Any idea how to manual remote reinstall perl ?

    and more:

    I appreciate any help.
    I have no access to console at this box so I have to do it remote if possible.

    thank you



  • If you need squid itself out of pbi dir, you can install via pkg

    Please, test it out of production environment.

    pkg install perl5
    


  • @marcelloc:

    If you need squid itself out of pbi dir, you can install via pkg

    Please, test it out of production environment.

    pkg install perl5
    

    +1 I've open a bug report for this a week or so ago.. but manually installing per5 does the trick.

    Dont expect sqstat to work if you have ipv6 enabled. The code is very code and doesn't conform to IPv6, only IPv4 addresses. I've noticed this a couple of years ago when I started to used Squid3 (which supports IPv6, just not in the WebGUI).



  • Thank you for help, my problem was that I tried to do that remote not from pfSense console keyboard and I had no chance because I can't confirm installation when prompt from www.

    Any way after I bring that pfSense box to my desk and hooked to monitor and keyboard and installed perl I was still unable to use LightSquid because of some other errors.

    In the end all was messed and squid did not worked any more; I reinstall a clean 2.2 from CD but after full 2.2 config restore I saved before at first boot pfSense 2.2 freeze.  ::)

    I reinstalled new 2.1.5 with latest 2.1.5 config saved and all it is working now.

    No more 2.2 upgrading - testing for the moment I already lost 48h of my life with this new version… I have to sleep now. 8)



  • I installed 2.1.5 again because of the problems are not solved

    :(



  • i have solved problem see this topic :

    https://forum.pfsense.org/index.php?topic=87379.0



  • I solved it too, check out the fix by snapshots.
    http://www.moh10ly.com/blog/pfsense/package-installation-issue



  • Hi aityahiaidir and moh10ly,

    You both did this the hard way.

    Under System/Advanced under the Miscellaneous tab you'll find the attached. Just hit the checkbox and try the install again.

    Steve

    ![Screen Shot 2015-01-25 at 20.41.43.png](/public/imported_attachments/1/Screen Shot 2015-01-25 at 20.41.43.png)
    ![Screen Shot 2015-01-25 at 20.41.43.png_thumb](/public/imported_attachments/1/Screen Shot 2015-01-25 at 20.41.43.png_thumb)



  • The squid squidguard install problem also happened on my server and here's what I did to resolve the issue:

    1. Went to System | Advanced | Miscellaneous and scrolled down to the end of the page and ticked
    Do NOT check package signature
    Enable this option to allow pfSense to install any package without checking its signature.

    2. Reinstall Squid3, then squidguard-squid3

    3. Re-downloaded blacklists from my previous source.

    4. Saved and applied configuration

    5. Squid and Squidguard is back to working condition.

    I'm still checking what happened to the Captive Portal as it does not seem to work now…

    Just sharing...



  • You mean captive portal itself or squid  package integration with captive?



  • No, Captive Portal is a separate issue with the 2.2 upgrade.

    It seems that it no longer works on my setup.



  • I finally managed to make squidguard an squid 3 to work after the upgrade.

    So, for those having problem when upgrading from 2.1.5 to 2.2 with squid3 and squidguard3 installed:

    1. After the updtae finishes, squid and squidguard does not start.

    2. Uninstall both packages (don't worry,settings are not lost)

    3. Reinstall squid3 and squidguard

    4. If clamd service looks disable, try to run on command promt  freshclam

    5 .This should update clam database and enable the service. It might need some minutes for the service to appear as running.

    6. If you are behind a proxy you have to manually edit the file /usr/pbi/squid-amd64/local/etc/freshclam.conf and write there your proxy ip and port

    7. After all that you have to update the blacklist database of squidguard in case of having one

    8. Finally follow the instructions of marcello and go through every tab from left to right in both squid and squidguard, by pressing save to each.

    9. Take care of the paths in antivirus tab in squid! In file squidclamav.conf and c-icap.conf

    That's how it worked for me!

    As for lightsquid, it work with the directions of this post  https://forum.pfsense.org/index.php?topic=86584.msg474777#msg474777

    But the problem with sqstat remains…



  • @Steve:

    Hi aityahiaidir and moh10ly,

    You both did this the hard way.

    Under System/Advanced under the Miscellaneous tab you'll find the attached. Just hit the checkbox and try the install again.

    Steve

    thanks for the tip, it's good knowledge



  • Thnx 4 the instructions. I will try it out this week and will leave my results here.

    cu soon



  • Hi,

    tested with second pfsense using squidGuard-devel worked without check "Do NOT check package signature "

    regards

    Max



  • You don't even have to uninstall.  During my tests over the weekend, Squid3 refused to start consistently until I reinstalled the entire package using the small PKG button.  After reinstall, everything was working.  A reinstall appears to do a remove and then an install, so you're just saving a few clicks.



    1. This thread helped me. Thanks.


  • Hi,

    i found out why squid3 could not start after upgrade to pfsense 2.2. because of the old package
    HAVP (wil not be installed any more)

    *) squid3 has the "Custom Settings->Integrations" field where the old HAVP config is still there.

    Solution: remove all entries ->Save ( if you want SquidGuard dont forget to reapply it via tab proxy filter & don't forget to save)



  • If all of the above suggestions fail !!  - My final solution..

    After reinstalling both Squid3 and SquidGuard with certificate checking turned off, resaving every config tab for both packages, reloading blacklist DB, checking all settings had transferred over in the upgrade from 2.1.5 -> 2.2.  Still SquidGuard service would not start.  No filtering was occurring.

    The solution was on the Squid General Settings tab.  I needed to reselect the LAN option in the proxy interface drop down list.  LAN was already at the top of the list and appeared to be selected.  Clicking on it to turn blue and then doing the same with the Transparent Proxy Interface selection, then clicking save.  SquidGuard started filtering and the service stayed on. So although most other settings carried over during the upgrade, one or both of the interface selections in the drop down lists did not.

    That was obscure.  May others not waste as many hours as I did trying to find that!



  • This is the part where I ask how much of that you NEED?



  • @hackersoft:

    The squid squidguard install problem also happened on my server and here's what I did to resolve the issue:

    1. Went to System | Advanced | Miscellaneous and scrolled down to the end of the page and ticked
    Do NOT check package signature
    Enable this option to allow pfSense to install any package without checking its signature.

    2. Reinstall Squid3, then squidguard-squid3

    3. Re-downloaded blacklists from my previous source.

    4. Saved and applied configuration

    5. Squid and Squidguard is back to working condition.

    I'm still checking what happened to the Captive Portal as it does not seem to work now…

    Just sharing...

    Regarding the Captive Portal issues.  I was able to solve it by opening ports 8000 to 8004 in firewall rules.

    Hope it can also help someone.

    The other issue I found now is that sarg stopped working. Anyone got this solved already?

    Thanks!



  • Have you restart the firewall.