"
Alright I've summited a report in the "feedback" forum, I hope that was the correct way of doing this?
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#1
Zenarmor (Sensei) / Re: Zenarmor and Squid proxy inline not working - again
December 21, 2023, 05:41:33 PM #2
Zenarmor (Sensei) / Re: Zenarmor and Squid proxy inline not working - again
December 21, 2023, 05:23:50 PM
Sure thing, I'll have it submitted in the next 10 mins.
#3
Zenarmor (Sensei) / Zenarmor and Squid proxy inline not working - again
December 21, 2023, 05:08:26 PM
Hi All,
I've posted about this in the past, and the issue/bug got resolved in a different release (1.13), but the application category / 'App Control' isn't being blocked when using Squid proxy, which stopped working a few releases ago..
I use Squid proxy for my network, but if it just passes through Zenarmor without Zenarmor being able to block, this makes using Zenarmor kinda useless unless... I believe this is the same bug spotted and resolved in release 1.13 unless something changed in the latest release which requires me to use my Squid proxy differently?
Regards!
I've posted about this in the past, and the issue/bug got resolved in a different release (1.13), but the application category / 'App Control' isn't being blocked when using Squid proxy, which stopped working a few releases ago..
I use Squid proxy for my network, but if it just passes through Zenarmor without Zenarmor being able to block, this makes using Zenarmor kinda useless unless... I believe this is the same bug spotted and resolved in release 1.13 unless something changed in the latest release which requires me to use my Squid proxy differently?
Regards!
#4
Zenarmor (Sensei) / Installing older Zenarmor releases
December 06, 2023, 06:35:58 PM
Hi all,
I was wondering if there is a way to point to an older version of Zenarmor. Waiting months for a bug fix gets old and I rather roll back to a version that works with the feature I am waiting for a fix... any help would be great thanks!
I was wondering if there is a way to point to an older version of Zenarmor. Waiting months for a bug fix gets old and I rather roll back to a version that works with the feature I am waiting for a fix... any help would be great thanks!
#5
Web Proxy Filtering and Caching / Re: Problems with Squid Proxy SSLi after reinstall - config from backup
March 07, 2023, 09:30:06 PM
Okay silly me, I reapplied the cert to the trust area and it works now. Must have added the wrong cert originally. Thanks for the help Fright, another head helped for this.
#6
Web Proxy Filtering and Caching / Re: Problems with Squid Proxy SSLi after reinstall - config from backup
March 07, 2023, 06:51:30 PM
Simple Windows manual proxy configuration.
#7
Web Proxy Filtering and Caching / Re: Problems with Squid Proxy SSLi after reinstall - config from backup
March 07, 2023, 06:43:01 PM
Same problem on a different PC. Nothing has been changed on the end points. Just the reinstall of Opnsense.
#8
Web Proxy Filtering and Caching / Re: Problems with Squid Proxy SSLi after reinstall - config from backup
March 07, 2023, 06:38:33 PM
I have another machine that I can test with, I'll give it a try.
#9
Web Proxy Filtering and Caching / Re: Problems with Squid Proxy SSLi after reinstall - config from backup
March 07, 2023, 05:56:40 PM
Screenshot attached:
#10
Web Proxy Filtering and Caching / Re: Problems with Squid Proxy SSLi after reinstall - config from backup
March 07, 2023, 05:55:47 PM
Your right it is, but it doesn't seem to want to hit that port.
#11
Web Proxy Filtering and Caching / Problems with Squid Proxy SSLi after reinstall - config from backup
March 07, 2023, 04:55:33 PM
Hi Forum,
So I recently had to rebuild my Opnsense box, and redeployed the backed up config. Everything is find except the Squid proxy.. So proxy works unless I use SSLi. I did everything that anyone might think of, reinstall squid packages (from the GUI) redeploy the SSL Cert for SSLi, tried a different interface. Nothing works, anyone have any ideas?
Posted are the 'cache logs'.
2023-03-07T10:52:11 squid kid1| ERROR: failure while accepting a TLS connection on conn163 local=172.16.10.1:3128 remote=172.16.10.6:1180 FD 17 flags=1: 0x81cd39680*1
2023-03-07T10:52:11 squid kid1| ERROR: failure while accepting a TLS connection on conn162 local=172.16.10.1:3128 remote=172.16.10.6:1179 FD 13 flags=1: 0x81cd39680*1
2023-03-07T10:52:10 squid kid1| ERROR: failure while accepting a TLS connection on conn156 local=172.16.10.1:3128 remote=172.16.10.6:1178 FD 13 flags=1: 0x81cd39680*1
2023-03-07T10:52:10 squid kid1| ERROR: failure while accepting a TLS connection on conn150 local=172.16.10.1:3128 remote=172.16.10.6:1177 FD 13 flags=1: 0x81cd39680*1
2023-03-07T10:52:10 squid kid1| ERROR: failure while accepting a TLS connection on conn144 local=172.16.10.1:3128 remote=172.16.10.6:1176 FD 13 flags=1: 0x81cd39680*1
2023-03-07T10:52:09 squid kid1| ERROR: failure while accepting a TLS connection on conn138 local=172.16.10.1:3128 remote=172.16.10.6:1175 FD 13 flags=1: 0x81cd39680*1
2023-03-07T10:52:08 squid kid1| ERROR: failure while accepting a TLS connection on conn132 local=172.16.10.1:3128 remote=172.16.10.6:1174 FD 13 flags=1: 0x81cd39680*1
2023-03-07T10:52:08 squid kid1| ERROR: failure while accepting a TLS connection on conn126 local=172.16.10.1:3128 remote=172.16.10.6:1173 FD 17 flags=1: 0x81cd39680*1
2023-03-07T10:52:08 squid kid1| ERROR: failure while accepting a TLS connection on conn79 local=172.16.10.1:3128 remote=172.16.10.6:1164 FD 19 flags=1: 0x81cd39680*1
2023-03-07T10:52:08 squid kid1| ERROR: failure while accepting a TLS connection on conn120 local=172.16.10.1:3128 remote=172.16.10.6:1172 FD 13 flags=1: 0x81cd39680*1
listening port: 172.16.10.1:3128
2023-03-07T10:52:08 squid kid1| ERROR: failure while accepting a TLS connection on conn90 local=172.16.10.1:3128 remote=172.16.10.6:1171 FD 36 flags=1: 0x81cd3a940*1
2023-03-07T10:52:08 squid kid1| ERROR: failure while accepting a TLS connection on conn81 local=172.16.10.1:3128 remote=172.16.10.6:1166 FD 22 flags=1: 0x81cd3a940*1
2023-03-07T10:52:08 squid kid1| ERROR: failure while accepting a TLS connection on conn78 local=172.16.10.1:3128 remote=172.16.10.6:1163 FD 17 flags=1: 0x81cd3a940*1
2023-03-07T10:52:08 squid kid1| ERROR: failure while accepting a TLS connection on conn75 local=172.16.10.1:3128 remote=172.16.10.6:1160 FD 13 flags=1: 0x81cd3a4c0*1
So I recently had to rebuild my Opnsense box, and redeployed the backed up config. Everything is find except the Squid proxy.. So proxy works unless I use SSLi. I did everything that anyone might think of, reinstall squid packages (from the GUI) redeploy the SSL Cert for SSLi, tried a different interface. Nothing works, anyone have any ideas?
Posted are the 'cache logs'.
2023-03-07T10:52:11 squid kid1| ERROR: failure while accepting a TLS connection on conn163 local=172.16.10.1:3128 remote=172.16.10.6:1180 FD 17 flags=1: 0x81cd39680*1
2023-03-07T10:52:11 squid kid1| ERROR: failure while accepting a TLS connection on conn162 local=172.16.10.1:3128 remote=172.16.10.6:1179 FD 13 flags=1: 0x81cd39680*1
2023-03-07T10:52:10 squid kid1| ERROR: failure while accepting a TLS connection on conn156 local=172.16.10.1:3128 remote=172.16.10.6:1178 FD 13 flags=1: 0x81cd39680*1
2023-03-07T10:52:10 squid kid1| ERROR: failure while accepting a TLS connection on conn150 local=172.16.10.1:3128 remote=172.16.10.6:1177 FD 13 flags=1: 0x81cd39680*1
2023-03-07T10:52:10 squid kid1| ERROR: failure while accepting a TLS connection on conn144 local=172.16.10.1:3128 remote=172.16.10.6:1176 FD 13 flags=1: 0x81cd39680*1
2023-03-07T10:52:09 squid kid1| ERROR: failure while accepting a TLS connection on conn138 local=172.16.10.1:3128 remote=172.16.10.6:1175 FD 13 flags=1: 0x81cd39680*1
2023-03-07T10:52:08 squid kid1| ERROR: failure while accepting a TLS connection on conn132 local=172.16.10.1:3128 remote=172.16.10.6:1174 FD 13 flags=1: 0x81cd39680*1
2023-03-07T10:52:08 squid kid1| ERROR: failure while accepting a TLS connection on conn126 local=172.16.10.1:3128 remote=172.16.10.6:1173 FD 17 flags=1: 0x81cd39680*1
2023-03-07T10:52:08 squid kid1| ERROR: failure while accepting a TLS connection on conn79 local=172.16.10.1:3128 remote=172.16.10.6:1164 FD 19 flags=1: 0x81cd39680*1
2023-03-07T10:52:08 squid kid1| ERROR: failure while accepting a TLS connection on conn120 local=172.16.10.1:3128 remote=172.16.10.6:1172 FD 13 flags=1: 0x81cd39680*1
listening port: 172.16.10.1:3128
2023-03-07T10:52:08 squid kid1| ERROR: failure while accepting a TLS connection on conn90 local=172.16.10.1:3128 remote=172.16.10.6:1171 FD 36 flags=1: 0x81cd3a940*1
2023-03-07T10:52:08 squid kid1| ERROR: failure while accepting a TLS connection on conn81 local=172.16.10.1:3128 remote=172.16.10.6:1166 FD 22 flags=1: 0x81cd3a940*1
2023-03-07T10:52:08 squid kid1| ERROR: failure while accepting a TLS connection on conn78 local=172.16.10.1:3128 remote=172.16.10.6:1163 FD 17 flags=1: 0x81cd3a940*1
2023-03-07T10:52:08 squid kid1| ERROR: failure while accepting a TLS connection on conn75 local=172.16.10.1:3128 remote=172.16.10.6:1160 FD 13 flags=1: 0x81cd3a4c0*1
#12
Zenarmor (Sensei) / Re: Using Zenarmor and Squid proxy inline
February 17, 2023, 10:56:34 PM
Hey SY,
Any update on this? Any bug found in the logs I sent?
Any update on this? Any bug found in the logs I sent?
#13
Zenarmor (Sensei) / Re: Using Zenarmor and Squid proxy inline
January 26, 2023, 05:39:44 PM
Logs sent under "Proxy doesn't blocked on App Control."
#14
Zenarmor (Sensei) / Re: Using Zenarmor and Squid proxy inline
January 24, 2023, 08:30:43 PM
Correct, applications are not blocked when proxy is active.
#15
Zenarmor (Sensei) / Re: Using Zenarmor and Squid proxy inline
January 23, 2023, 07:50:53 PM
So I attached a screenshot, the last logs were without proxy enabled, as you can see the logs on top are with Web controls enable since without it enabled and App controls enabled only just goes right pass the filter/control.
I would say no its not shown or processed correctly with proxy enabled. So application categories don't seem to work with proxy currently. I wonder if this is something that could be fixed?
I would say no its not shown or processed correctly with proxy enabled. So application categories don't seem to work with proxy currently. I wonder if this is something that could be fixed?
