OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: kyferez on November 07, 2017, 12:53:17 am

Title: [Resolved] Web Proxy will not start after upgrade
Post by: kyferez on November 07, 2017, 12:53:17 am

It was working fine, and after an upgrade it no longer starts. Nothing in the proxy logs.

However in shell, I found this:

Code: [Select]

root@OPNsense:/var/log # cat squid.syslog.log
Feb 28 11:28:57 OPNsense (squid-1): Bungled (null) line 3: sslproxy_cert_sign signTrusted all
Feb 28 11:29:04 OPNsense (squid-1):     Failed to verify one of the swap directories, Check cache.log   for details.  Run 'squid -z' to create swap directories         if needed, or if running Squid for the first time.
Feb 28 11:29:12 OPNsense (squid-1):     Failed to verify one of the swap directories, Check cache.log   for details.  Run 'squid -z' to create swap directories         if needed, or if running Squid for the first time.
Feb 28 11:29:19 OPNsense (squid-1):     Failed to verify one of the swap directories, Check cache.log   for details.  Run 'squid -z' to create swap directories         if needed, or if running Squid for the first time.
Feb 28 11:29:27 OPNsense (squid-1):     Failed to verify one of the swap directories, Check cache.log   for details.  Run 'squid -z' to create swap directories         if needed, or if running Squid for the first time.
Feb 28 11:29:38 OPNsense (squid-1):     Failed to verify one of the swap directories, Check cache.log   for details.  Run 'squid -z' to create swap directories         if needed, or if running Squid for the first time.
Mar  8 09:48:43 OPNsense (squid-1): Bungled (null) line 3: sslproxy_cert_sign signTrusted all
CLOG▒▒▒root@OPNsense:/var/log # cat cache.log
cat: cache.log: No such file or directory

And upon running squid -z I got this:

Code: [Select]

root@OPNsense:/var/log # squid -z
2017/11/06 18:50:40| ERROR: '.tg.local' is a subdomain of 'tg.local'
2017/11/06 18:50:40| ERROR: You need to remove '.tg.local' from the ACL named 'bump_nobumpsites'
FATAL: Bungled /usr/local/etc/squid/squid.conf line 27: acl bump_nobumpsites ssl::server_name "/usr/local/etc/squid/nobumpsites.acl"
Squid Cache (Version 3.5.27): Terminated abnormally.
CPU Usage: 0.015 seconds = 0.007 user + 0.007 sys
Maximum Resident Size: 46000 KB
Page faults with physical i/o: 0
root@OPNsense:/var/log #

Thanks!

Title: Re: Web Proxy will not start after upgrade
Post by: mimugmail on November 07, 2017, 05:21:11 am

And have you removed the domain from the ACL?

Title: Re: Web Proxy will not start after upgrade
Post by: kyferez on November 08, 2017, 03:01:27 am

Didn't get it was that error causing it to fail... Why not just ignore bad entries?

Anyway, I removed the site from the ACL and re-ran squid -z.

That totally locked up OPNsense. No console no gui.

A subsequent hard reset and the Proxy came up.

Title: Re: Web Proxy will not start after upgrade
Post by: franco on November 08, 2017, 05:50:14 pm

Quote from: kyferez on November 08, 2017, 03:01:27 am

Didn't get it was that error causing it to fail... Why not just ignore bad entries?

Good question for squid developers.  :)

Quote from: kyferez on November 08, 2017, 03:01:27 am

Anyway, I removed the site from the ACL and re-ran squid -z.

Don’t run commands that binaries not directly maintained by OPNsense tell you to run on a root shell. Use the builtin CLI commands or GUI to restart squid web proxy.

In fact don’t run root shell commands without consulting the forum or official docs. We are happy to answer questions but can’t guarantee what you are trying to do will do what you expect by a random line of commands. Also check the date stamps in posts on the forum, older commands may stop working or do different things on subsequent major releases.


Cheers,
Franco