OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 17.1 Legacy Series »
  • Proxy won't start
« previous next »
  • Print
Pages: [1]

Author Topic: Proxy won't start  (Read 6663 times)

emilio.b

  • Newbie
  • *
  • Posts: 20
  • Karma: 1
    • View Profile
Proxy won't start
« on: May 11, 2017, 10:44:21 am »
Hello all
just setup the proxy on a 17.1.5 following exactly the howto.

When i try to start the service, that simply doesn't start.

Any idea?

TIA

OPNsense 17.1.5-amd64
FreeBSD 11.0-RELEASE-p8
Logged

fabian

  • Hero Member
  • *****
  • Posts: 2768
  • Karma: 199
  • OPNsense Contributor (Language, VPN, Proxy, etc.)
    • View Profile
    • Personal Homepage
Re: Proxy won't start
« Reply #1 on: May 11, 2017, 11:09:25 am »
Please run squid -k parse on the shell and post the output - there may be an error in the generated config (Bug). Or it is simply not correctly displayed.
Logged

emilio.b

  • Newbie
  • *
  • Posts: 20
  • Karma: 1
    • View Profile
Re: Proxy won't start
« Reply #2 on: May 11, 2017, 04:26:18 pm »
Hello,
here's the output of the command:

root@opnsense:~ # squid -k parse
2017/05/11 16:10:14| Startup: Initializing Authentication Schemes ...
2017/05/11 16:10:14| Startup: Initialized Authentication Scheme 'basic'
2017/05/11 16:10:14| Startup: Initialized Authentication Scheme 'digest'
2017/05/11 16:10:14| Startup: Initialized Authentication Scheme 'negotiate'
2017/05/11 16:10:14| Startup: Initialized Authentication Scheme 'ntlm'
2017/05/11 16:10:14| Startup: Initialized Authentication.
2017/05/11 16:10:14| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
2017/05/11 16:10:14| Processing: http_port 127.0.0.1:3128 intercept
2017/05/11 16:10:14| Starting Authentication on port 127.0.0.1:3128
2017/05/11 16:10:14| Disabling Authentication on port 127.0.0.1:3128 (interception enabled)
2017/05/11 16:10:14| Processing: http_port [::1]:3128 intercept
2017/05/11 16:10:14| Starting Authentication on port [::1]:3128
2017/05/11 16:10:14| Disabling Authentication on port [::1]:3128 (interception enabled)
2017/05/11 16:10:14| Processing: http_port 192.168.1.200:3128
2017/05/11 16:10:14| Processing: acl ftp proto FTP
2017/05/11 16:10:14| Processing: http_access allow ftp
2017/05/11 16:10:14| Processing: acl localnet src 192.168.1.0/24 # Possible internal network
2017/05/11 16:10:14| Processing: acl localnet src fc00::/7       # RFC 4193 local private network range
2017/05/11 16:10:14| Processing: acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
2017/05/11 16:10:14| Processing: acl subnets src 192.168.1.0/24
2017/05/11 16:10:14| Processing: acl remoteblacklist_UT1 dstdomain "/usr/local/etc/squid/acl/UT1"
2017/05/11 16:10:18| Processing: acl remoteblacklist_Shalla dstdomain "/usr/local/etc/squid/acl/Shalla"
2017/05/11 16:10:23| Processing: acl Safe_ports port 80 # http
2017/05/11 16:10:23| Processing: acl Safe_ports port 21 # ftp
2017/05/11 16:10:23| Processing: acl Safe_ports port 443 # https
2017/05/11 16:10:23| Processing: acl Safe_ports port 1025-65535 # unregistered ports
2017/05/11 16:10:23| Processing: acl CONNECT method CONNECT
2017/05/11 16:10:23| Processing: icap_enable off
2017/05/11 16:10:23| Processing: include /usr/local/etc/squid/pre-auth/*.conf
2017/05/11 16:10:23| Processing Configuration File: /usr/local/etc/squid/pre-auth/dummy.conf (depth 1)
2017/05/11 16:10:23| Processing: http_access deny remoteblacklist_UT1
2017/05/11 16:10:23| Processing: http_access deny remoteblacklist_Shalla
2017/05/11 16:10:23| Processing: http_access deny !Safe_ports
2017/05/11 16:10:23| Processing: http_access deny CONNECT !SSL_ports
2017/05/11 16:10:23| ACL not found: SSL_ports
FATAL: Bungled /usr/local/etc/squid/squid.conf line 77: http_access deny CONNECT !SSL_ports
Squid Cache (Version 3.5.24): Terminated abnormally.
CPU Usage: 9.670 seconds = 9.529 user + 0.142 sys
Maximum Resident Size: 743248 KB
Page faults with physical i/o: 2
root@opnsense:~ #

it seems that if no SSL port is present in the Access control list>Allowed SSL ports, squid doesn't start.
After set up a simple 443:https in the field and applied the config, squid was happy.

Forget me if is my mistake...

Thank you!
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 17.1 Legacy Series »
  • Proxy won't start
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2