OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: emilio.b on May 11, 2017, 10:44:21 am

Title: Proxy won't start
Post by: emilio.b on May 11, 2017, 10:44:21 am

Hello all
just setup the proxy on a 17.1.5 following exactly the howto.

When i try to start the service, that simply doesn't start.

Any idea?

TIA

OPNsense 17.1.5-amd64
FreeBSD 11.0-RELEASE-p8

Title: Re: Proxy won't start
Post by: fabian on May 11, 2017, 11:09:25 am

Please run squid -k parse on the shell and post the output - there may be an error in the generated config (Bug). Or it is simply not correctly displayed.

Title: Re: Proxy won't start
Post by: emilio.b on May 11, 2017, 04:26:18 pm

Hello,
here's the output of the command:

root@opnsense:~ # squid -k parse
2017/05/11 16:10:14| Startup: Initializing Authentication Schemes ...
2017/05/11 16:10:14| Startup: Initialized Authentication Scheme 'basic'
2017/05/11 16:10:14| Startup: Initialized Authentication Scheme 'digest'
2017/05/11 16:10:14| Startup: Initialized Authentication Scheme 'negotiate'
2017/05/11 16:10:14| Startup: Initialized Authentication Scheme 'ntlm'
2017/05/11 16:10:14| Startup: Initialized Authentication.
2017/05/11 16:10:14| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
2017/05/11 16:10:14| Processing: http_port 127.0.0.1:3128 intercept
2017/05/11 16:10:14| Starting Authentication on port 127.0.0.1:3128
2017/05/11 16:10:14| Disabling Authentication on port 127.0.0.1:3128 (interception enabled)
2017/05/11 16:10:14| Processing: http_port [::1]:3128 intercept
2017/05/11 16:10:14| Starting Authentication on port [::1]:3128
2017/05/11 16:10:14| Disabling Authentication on port [::1]:3128 (interception enabled)
2017/05/11 16:10:14| Processing: http_port 192.168.1.200:3128
2017/05/11 16:10:14| Processing: acl ftp proto FTP
2017/05/11 16:10:14| Processing: http_access allow ftp
2017/05/11 16:10:14| Processing: acl localnet src 192.168.1.0/24 # Possible internal network
2017/05/11 16:10:14| Processing: acl localnet src fc00::/7       # RFC 4193 local private network range
2017/05/11 16:10:14| Processing: acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
2017/05/11 16:10:14| Processing: acl subnets src 192.168.1.0/24
2017/05/11 16:10:14| Processing: acl remoteblacklist_UT1 dstdomain "/usr/local/etc/squid/acl/UT1"
2017/05/11 16:10:18| Processing: acl remoteblacklist_Shalla dstdomain "/usr/local/etc/squid/acl/Shalla"
2017/05/11 16:10:23| Processing: acl Safe_ports port 80 # http
2017/05/11 16:10:23| Processing: acl Safe_ports port 21 # ftp
2017/05/11 16:10:23| Processing: acl Safe_ports port 443 # https
2017/05/11 16:10:23| Processing: acl Safe_ports port 1025-65535 # unregistered ports
2017/05/11 16:10:23| Processing: acl CONNECT method CONNECT
2017/05/11 16:10:23| Processing: icap_enable off
2017/05/11 16:10:23| Processing: include /usr/local/etc/squid/pre-auth/*.conf
2017/05/11 16:10:23| Processing Configuration File: /usr/local/etc/squid/pre-auth/dummy.conf (depth 1)
2017/05/11 16:10:23| Processing: http_access deny remoteblacklist_UT1
2017/05/11 16:10:23| Processing: http_access deny remoteblacklist_Shalla
2017/05/11 16:10:23| Processing: http_access deny !Safe_ports
2017/05/11 16:10:23| Processing: http_access deny CONNECT !SSL_ports
2017/05/11 16:10:23| ACL not found: SSL_ports
FATAL: Bungled /usr/local/etc/squid/squid.conf line 77: http_access deny CONNECT !SSL_ports
Squid Cache (Version 3.5.24): Terminated abnormally.
CPU Usage: 9.670 seconds = 9.529 user + 0.142 sys
Maximum Resident Size: 743248 KB
Page faults with physical i/o: 2
root@opnsense:~ #

it seems that if no SSL port is present in the Access control list>Allowed SSL ports, squid doesn't start.
After set up a simple 443:https in the field and applied the config, squid was happy.

Forget me if is my mistake...

Thank you!