Messages

1

Chinese - 中文 / Re: opnsense使用透明代理并分流

« on: November 25, 2023, 12:28:12 pm »

请各位注意，这种方法有个致命的问题，如果tun2socks不能在网络服务启动之前启动，那么网络服务启动时会找不到这个接口，导致接口重新分配，并且断网
所以没做好开机自启的，使用中千万不要重启

可以试试这个教程（有参考楼主的部分内容，且有做引用）：https://blog.ohmykreee.top/article/setup-tun2socks-in-opnsense/

目前这篇教程有以下几个问题：

• IPv6 部分还未完善，等我有了 IPv6 环境/有高人帮忙完善再添加
• rc.d文件部分因为是请教 ChatGPT 写出来的，默认将所有日志输出丢弃，虽然插件文件里有注册日志到 WebGUI，如果有人想尝试可以试试修改那个部分

2

23.7 Legacy Series / Squid 6.5 keeps crashing when Parent Proxy is on

« on: November 21, 2023, 04:21:59 am »

Hi all,

I recently updated OPNsense to 23.7.8_1, and found that Squid kept crashing when Parent Proxy is on. After I turned of the Parent Proxy, Squid stopped crashing.

I have set up Transparent proxy, SSL inspection, Log SNI information only, Access Control List/Allowed Subnets, Parent Proxy(pointing to a local http proxy server). This config was working on old version of Squid(5.9).

Here is the logs(Cache Log) when Parent Proxy is on before crash:

Code: [Select]

2023-11-21T11:04:44 squid | Removing PID file (/var/run/squid/squid.pid)
2023-11-21T11:04:44 squid kid1| FATAL: assertion failed: peer_digest.cc:399: "fetch->pd && receivedData.data"
2023-11-21T11:04:43 squid pinger| ICMPv6 socket opened
2023-11-21T11:04:43 squid pinger| ICMP socket opened.
2023-11-21T11:04:43 squid pinger| Initialising ICMP pinger ...
  listening port: 192.168.3.1:3128
2023-11-21T11:04:43 squid kid1| Accepting SSL bumped HTTP Socket connections at conn21 local=192.168.3.1:3128 remote=[::] FD 26 flags=9
  listening port: [::1]:3129
2023-11-21T11:04:43 squid kid1| Accepting NAT intercepted SSL bumped HTTPS Socket connections at conn19 local=[::1]:3129 remote=[::] FD 25 flags=41
  listening port: 127.0.0.1:3129
2023-11-21T11:04:43 squid kid1| Accepting NAT intercepted SSL bumped HTTPS Socket connections at conn17 local=127.0.0.1:3129 remote=[::] FD 24 flags=41
  listening port: [::1]:3128
2023-11-21T11:04:43 squid kid1| Accepting NAT intercepted SSL bumped HTTP Socket connections at conn15 local=[::1]:3128 remote=[::] FD 23 flags=41
  listening port: 127.0.0.1:3128
2023-11-21T11:04:43 squid kid1| Accepting NAT intercepted SSL bumped HTTP Socket connections at conn13 local=127.0.0.1:3128 remote=[::] FD 22 flags=41
2023-11-21T11:04:43 squid kid1| Adaptation support is off.
2023-11-21T11:04:43 squid kid1| Squid plugin modules loaded: 0
2023-11-21T11:04:43 squid kid1| Configuring Parent 192.168.3.10
2023-11-21T11:04:43 squid kid1| Pinger socket opened on FD 28
2023-11-21T11:04:43 squid kid1| HTCP Disabled.
2023-11-21T11:04:43 squid kid1| HTCP Disabled.
2023-11-21T11:04:43 squid kid1| Finished loading MIME types and icons.
2023-11-21T11:04:43 squid kid1| Set Current Directory to /var/squid/cache
2023-11-21T11:04:43 squid kid1| Using Least Load store dir selection
2023-11-21T11:04:43 squid kid1| Max Swap size: 0 KB
2023-11-21T11:04:43 squid kid1| Max Mem size: 262144 KB
2023-11-21T11:04:43 squid kid1| Using 8192 Store buckets
2023-11-21T11:04:43 squid kid1| Target number of buckets: 1008
2023-11-21T11:04:43 squid kid1| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2023-11-21T11:04:43 squid kid1| Logfile: opening log stdio:/var/log/squid/store.log
2023-11-21T11:04:43 squid kid1| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2023-11-21T11:04:43 squid kid1| Logfile: opening log stdio:/var/log/squid/access.log
2023-11-21T11:04:43 squid kid1| ERROR: loading file '/usr/local/etc/squid/errors/local/error-details.txt': (2) No such file or directory
2023-11-21T11:04:43 squid kid1| helperOpenServers: Starting 5/5 'security_file_certgen' processes
2023-11-21T11:04:43 squid kid1| Adding domain gate.example.com from /etc/resolv.conf
2023-11-21T11:04:43 squid kid1| Adding nameserver 192.168.3.1 from /etc/resolv.conf
2023-11-21T11:04:43 squid kid1| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2023-11-21T11:04:43 squid kid1| Adding domain gate.example.com from /etc/resolv.conf
2023-11-21T11:04:43 squid kid1| DNS IPv4 socket created at 0.0.0.0, FD 9
2023-11-21T11:04:43 squid kid1| DNS IPv6 socket created at [::], FD 8
2023-11-21T11:04:43 squid kid1| Initializing IP Cache...
2023-11-21T11:04:43 squid kid1| With 116883 file descriptors available
2023-11-21T11:04:43 squid kid1| Process Roles: worker
2023-11-21T11:04:43 squid kid1| Process ID 22219
2023-11-21T11:04:43 squid kid1| Service Name: squid
2023-11-21T11:04:43 squid kid1| Starting Squid Cache version 6.5 for amd64-portbld-freebsd13.2...
2023-11-21T11:04:43 squid kid1| Set Current Directory to /var/squid/cache
2023-11-21T11:04:43 squid kid1| Processing Configuration File: /usr/local/etc/squid/post-auth/dummy.conf (depth 1)
2023-11-21T11:04:43 squid kid1| Processing Configuration File: /usr/local/etc/squid/auth/dummy.conf (depth 1)
2023-11-21T11:04:43 squid kid1| Processing Configuration File: /usr/local/etc/squid/pre-auth/parentproxy.conf (depth 1)
2023-11-21T11:04:43 squid kid1| Processing Configuration File: /usr/local/etc/squid/pre-auth/dummy.conf (depth 1)
2023-11-21T11:04:43 squid kid1| Processing Configuration File: /usr/local/etc/squid/pre-auth/40-snmp.conf (depth 1)
2023-11-21T11:04:43 squid kid1| WARNING: empty ACL: acl bump_nobumpsites ssl::server_name "/usr/local/etc/squid/nobumpsites.acl"
2023-11-21T11:04:43 squid kid1| Disabling Authentication on port [::1]:3129 (interception enabled)
2023-11-21T11:04:43 squid kid1| Starting Authentication on port [::1]:3129
2023-11-21T11:04:43 squid kid1| Disabling Authentication on port 127.0.0.1:3129 (interception enabled)
2023-11-21T11:04:43 squid kid1| Starting Authentication on port 127.0.0.1:3129
2023-11-21T11:04:43 squid kid1| Disabling Authentication on port [::1]:3128 (interception enabled)
2023-11-21T11:04:43 squid kid1| Starting Authentication on port [::1]:3128
2023-11-21T11:04:43 squid kid1| Disabling Authentication on port 127.0.0.1:3128 (interception enabled)
2023-11-21T11:04:43 squid kid1| Starting Authentication on port 127.0.0.1:3128
2023-11-21T11:04:43 squid kid1| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0)

Thanks in advance.