OPNsense Forum
English Forums => Web Proxy Filtering and Caching => Topic started by: hv-tech on March 07, 2023, 04:55:33 pm
-
Hi Forum,
So I recently had to rebuild my Opnsense box, and redeployed the backed up config. Everything is find except the Squid proxy.. So proxy works unless I use SSLi. I did everything that anyone might think of, reinstall squid packages (from the GUI) redeploy the SSL Cert for SSLi, tried a different interface. Nothing works, anyone have any ideas?
Posted are the 'cache logs'.
2023-03-07T10:52:11 squid kid1| ERROR: failure while accepting a TLS connection on conn163 local=172.16.10.1:3128 remote=172.16.10.6:1180 FD 17 flags=1: 0x81cd39680*1
2023-03-07T10:52:11 squid kid1| ERROR: failure while accepting a TLS connection on conn162 local=172.16.10.1:3128 remote=172.16.10.6:1179 FD 13 flags=1: 0x81cd39680*1
2023-03-07T10:52:10 squid kid1| ERROR: failure while accepting a TLS connection on conn156 local=172.16.10.1:3128 remote=172.16.10.6:1178 FD 13 flags=1: 0x81cd39680*1
2023-03-07T10:52:10 squid kid1| ERROR: failure while accepting a TLS connection on conn150 local=172.16.10.1:3128 remote=172.16.10.6:1177 FD 13 flags=1: 0x81cd39680*1
2023-03-07T10:52:10 squid kid1| ERROR: failure while accepting a TLS connection on conn144 local=172.16.10.1:3128 remote=172.16.10.6:1176 FD 13 flags=1: 0x81cd39680*1
2023-03-07T10:52:09 squid kid1| ERROR: failure while accepting a TLS connection on conn138 local=172.16.10.1:3128 remote=172.16.10.6:1175 FD 13 flags=1: 0x81cd39680*1
2023-03-07T10:52:08 squid kid1| ERROR: failure while accepting a TLS connection on conn132 local=172.16.10.1:3128 remote=172.16.10.6:1174 FD 13 flags=1: 0x81cd39680*1
2023-03-07T10:52:08 squid kid1| ERROR: failure while accepting a TLS connection on conn126 local=172.16.10.1:3128 remote=172.16.10.6:1173 FD 17 flags=1: 0x81cd39680*1
2023-03-07T10:52:08 squid kid1| ERROR: failure while accepting a TLS connection on conn79 local=172.16.10.1:3128 remote=172.16.10.6:1164 FD 19 flags=1: 0x81cd39680*1
2023-03-07T10:52:08 squid kid1| ERROR: failure while accepting a TLS connection on conn120 local=172.16.10.1:3128 remote=172.16.10.6:1172 FD 13 flags=1: 0x81cd39680*1
listening port: 172.16.10.1:3128
2023-03-07T10:52:08 squid kid1| ERROR: failure while accepting a TLS connection on conn90 local=172.16.10.1:3128 remote=172.16.10.6:1171 FD 36 flags=1: 0x81cd3a940*1
2023-03-07T10:52:08 squid kid1| ERROR: failure while accepting a TLS connection on conn81 local=172.16.10.1:3128 remote=172.16.10.6:1166 FD 22 flags=1: 0x81cd3a940*1
2023-03-07T10:52:08 squid kid1| ERROR: failure while accepting a TLS connection on conn78 local=172.16.10.1:3128 remote=172.16.10.6:1163 FD 17 flags=1: 0x81cd3a940*1
2023-03-07T10:52:08 squid kid1| ERROR: failure while accepting a TLS connection on conn75 local=172.16.10.1:3128 remote=172.16.10.6:1160 FD 13 flags=1: 0x81cd3a4c0*1
-
Hi
3128 for tls? shouldn't it be 3129?
-
Your right it is, but it doesn't seem to want to hit that port.
-
Screenshot attached:
-
since it's lan address in error message (not loopback) I would say that the issue is in the clients proxy settings
-
I have another machine that I can test with, I'll give it a try.
-
Same problem on a different PC. Nothing has been changed on the end points. Just the reinstall of Opnsense.
-
so is it proxy set on clients or it worked in transparent mode?
How are the proxy settings set on the client?
-
Simple Windows manual proxy configuration.
-
аh, sorry, haven't looked under the squid hood for a long time. the message format may have been changed on squid 5.* migration..
try to make sure the client trusts the root certificate used by squid (helped on test vm)
-
Okay silly me, I reapplied the cert to the trust area and it works now. Must have added the wrong cert originally. Thanks for the help Fright, another head helped for this.
-
glad it works, thanks for the feedback! )