OPNsense Forum

English Forums => Web Proxy Filtering and Caching => Topic started by: hv-tech on March 07, 2023, 04:55:33 pm

Title: Problems with Squid Proxy SSLi after reinstall - config from backup
Post by: hv-tech on March 07, 2023, 04:55:33 pm

Hi Forum,

So I recently had to rebuild my Opnsense box, and redeployed the backed up config. Everything is find except the Squid proxy.. So proxy works unless I use SSLi. I did everything that anyone might think of, reinstall squid packages (from the GUI) redeploy the SSL Cert for SSLi, tried a different interface. Nothing works, anyone have any ideas?


Posted are the 'cache logs'.
2023-03-07T10:52:11       squid   kid1| ERROR: failure while accepting a TLS connection on conn163 local=172.16.10.1:3128 remote=172.16.10.6:1180 FD 17 flags=1: 0x81cd39680*1   
2023-03-07T10:52:11       squid   kid1| ERROR: failure while accepting a TLS connection on conn162 local=172.16.10.1:3128 remote=172.16.10.6:1179 FD 13 flags=1: 0x81cd39680*1   
2023-03-07T10:52:10       squid   kid1| ERROR: failure while accepting a TLS connection on conn156 local=172.16.10.1:3128 remote=172.16.10.6:1178 FD 13 flags=1: 0x81cd39680*1   
2023-03-07T10:52:10       squid   kid1| ERROR: failure while accepting a TLS connection on conn150 local=172.16.10.1:3128 remote=172.16.10.6:1177 FD 13 flags=1: 0x81cd39680*1   
2023-03-07T10:52:10       squid   kid1| ERROR: failure while accepting a TLS connection on conn144 local=172.16.10.1:3128 remote=172.16.10.6:1176 FD 13 flags=1: 0x81cd39680*1   
2023-03-07T10:52:09       squid   kid1| ERROR: failure while accepting a TLS connection on conn138 local=172.16.10.1:3128 remote=172.16.10.6:1175 FD 13 flags=1: 0x81cd39680*1   
2023-03-07T10:52:08       squid   kid1| ERROR: failure while accepting a TLS connection on conn132 local=172.16.10.1:3128 remote=172.16.10.6:1174 FD 13 flags=1: 0x81cd39680*1   
2023-03-07T10:52:08       squid   kid1| ERROR: failure while accepting a TLS connection on conn126 local=172.16.10.1:3128 remote=172.16.10.6:1173 FD 17 flags=1: 0x81cd39680*1   
2023-03-07T10:52:08       squid   kid1| ERROR: failure while accepting a TLS connection on conn79 local=172.16.10.1:3128 remote=172.16.10.6:1164 FD 19 flags=1: 0x81cd39680*1   
2023-03-07T10:52:08       squid   kid1| ERROR: failure while accepting a TLS connection on conn120 local=172.16.10.1:3128 remote=172.16.10.6:1172 FD 13 flags=1: 0x81cd39680*1   
            listening port: 172.16.10.1:3128   
2023-03-07T10:52:08       squid   kid1| ERROR: failure while accepting a TLS connection on conn90 local=172.16.10.1:3128 remote=172.16.10.6:1171 FD 36 flags=1: 0x81cd3a940*1   
2023-03-07T10:52:08       squid   kid1| ERROR: failure while accepting a TLS connection on conn81 local=172.16.10.1:3128 remote=172.16.10.6:1166 FD 22 flags=1: 0x81cd3a940*1   
2023-03-07T10:52:08       squid   kid1| ERROR: failure while accepting a TLS connection on conn78 local=172.16.10.1:3128 remote=172.16.10.6:1163 FD 17 flags=1: 0x81cd3a940*1   
2023-03-07T10:52:08       squid   kid1| ERROR: failure while accepting a TLS connection on conn75 local=172.16.10.1:3128 remote=172.16.10.6:1160 FD 13 flags=1: 0x81cd3a4c0*1

Title: Re: Problems with Squid Proxy SSLi after reinstall - config from backup
Post by: Fright on March 07, 2023, 05:48:31 pm

Hi
3128 for tls? shouldn't it be 3129?

Title: Re: Problems with Squid Proxy SSLi after reinstall - config from backup
Post by: hv-tech on March 07, 2023, 05:55:47 pm

Your right it is, but it doesn't seem to want to hit that port.

Title: Re: Problems with Squid Proxy SSLi after reinstall - config from backup
Post by: hv-tech on March 07, 2023, 05:56:40 pm

Screenshot attached:

Title: Re: Problems with Squid Proxy SSLi after reinstall - config from backup
Post by: Fright on March 07, 2023, 06:09:07 pm

since it's lan address in error message (not loopback) I would say that the issue is in the clients proxy settings

Title: Re: Problems with Squid Proxy SSLi after reinstall - config from backup
Post by: hv-tech on March 07, 2023, 06:38:33 pm

I have another machine that I can test with, I'll give it a try.

Title: Re: Problems with Squid Proxy SSLi after reinstall - config from backup
Post by: hv-tech on March 07, 2023, 06:43:01 pm

Same problem on a different PC. Nothing has been changed on the end points. Just the reinstall of Opnsense.

Title: Re: Problems with Squid Proxy SSLi after reinstall - config from backup
Post by: Fright on March 07, 2023, 06:47:38 pm

so is it proxy set on clients or it worked in transparent mode?
How are the proxy settings set on the client?

Title: Re: Problems with Squid Proxy SSLi after reinstall - config from backup
Post by: hv-tech on March 07, 2023, 06:51:30 pm

Simple Windows manual proxy configuration.

Title: Re: Problems with Squid Proxy SSLi after reinstall - config from backup
Post by: Fright on March 07, 2023, 08:39:20 pm

аh, sorry, haven't looked under the squid hood for a long time. the message format may have been changed on squid 5.* migration..
try to make sure the client trusts the root certificate used by squid (helped on test vm)

Title: Re: Problems with Squid Proxy SSLi after reinstall - config from backup
Post by: hv-tech on March 07, 2023, 09:30:06 pm

Okay silly me, I reapplied the cert to the trust area and it works now. Must have added the wrong cert originally. Thanks for the help Fright, another head helped for this.

Title: Re: Problems with Squid Proxy SSLi after reinstall - config from backup
Post by: Fright on March 07, 2023, 09:40:47 pm

glad it works, thanks for the feedback! )