Messages

Thanks for sharing your experience with squid and seg faults Pheriko.

I just tried squid on a third opnsense (Firmware 25.1.8_1-amd64) hand I get the same segmentation faults from squid when restarting squid from the webgui or using the squid command from shell like "squid -k parse".

So it is normal for opnsense (community and business) to have crashing processes with segmentation fault with squid.

On my systems the squid process still replies to http requests despite of the segmentation fault messages.

Maybe not a security problem, but feels strange to just ignore it.

Thanks,
Tom

Hi,

I just wanted to confirm the problem.

Today I installed the os-squid Plugin (1.2) on our OPNsense 25.4.1-amd64 and I get the same segmentation fault as Joel.

I had the plugin installed and configured a long time ago, but didn't use it for some time so I suspected problems with a old squid config. Sadly resetting the cache and plugin-config and removing and re-installing the plugin didn't resolve the problem.

The proxy service is still usable for http-requests and
service squid status shows:
squid is running as pid  xxxxx

But every squid-command results in a segmentation fault.
HTTPS-Requests don't seem work (maybe related to the segmentation faults)

Code Select Expand

root@OPNsense:~ # squid -k parse
2025/06/11 08:16:30| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
2025/06/11 08:16:30| Processing: http_port 10.1.1.254:3128
2025/06/11 08:16:30| Processing: acl ftp proto FTP
2025/06/11 08:16:30| Processing: http_access allow ftp
2025/06/11 08:16:30| Processing: acl localnet src 10.1.1.0/24 # Possible internal network (interfaces v4)
2025/06/11 08:16:30| Processing: acl localnet src fc00::/7       # RFC 4193 local private network range
2025/06/11 08:16:30| Processing: acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
2025/06/11 08:16:30| Processing: acl SSL_ports port 443 # https
2025/06/11 08:16:30| Processing: acl Safe_ports port 80 # http
2025/06/11 08:16:30| Processing: acl Safe_ports port 21 # ftp
2025/06/11 08:16:30| Processing: acl Safe_ports port 443 # https
2025/06/11 08:16:30| Processing: acl Safe_ports port 70 # gopher
2025/06/11 08:16:30| Processing: acl Safe_ports port 210 # wais
2025/06/11 08:16:30| Processing: acl Safe_ports port 1025-65535 # unregistered ports
2025/06/11 08:16:30| Processing: acl Safe_ports port 280 # http-mgmt
2025/06/11 08:16:30| Processing: acl Safe_ports port 488 # gss-http
2025/06/11 08:16:30| Processing: acl Safe_ports port 591 # filemaker
2025/06/11 08:16:30| Processing: acl Safe_ports port 777 # multiling http
2025/06/11 08:16:30| Processing: acl CONNECT method CONNECT
2025/06/11 08:16:30| Processing: icap_enable off
2025/06/11 08:16:30| Processing: include /usr/local/etc/squid/pre-auth/*.conf
2025/06/11 08:16:30| Processing Configuration File: /usr/local/etc/squid/pre-auth/40-snmp.conf (depth 1)
2025/06/11 08:16:30| Processing Configuration File: /usr/local/etc/squid/pre-auth/dummy.conf (depth 1)
2025/06/11 08:16:30| Processing Configuration File: /usr/local/etc/squid/pre-auth/parentproxy.conf (depth 1)
2025/06/11 08:16:30| Processing: http_access deny !Safe_ports
2025/06/11 08:16:30| Processing: http_access deny CONNECT !SSL_ports
2025/06/11 08:16:30| Processing: http_access allow localhost manager
2025/06/11 08:16:30| Processing: http_access deny manager
2025/06/11 08:16:30| Processing: http_access deny to_localhost
2025/06/11 08:16:30| Processing: include /usr/local/etc/squid/auth/*.conf
2025/06/11 08:16:30| Processing Configuration File: /usr/local/etc/squid/auth/dummy.conf (depth 1)
2025/06/11 08:16:30| Processing: http_access allow localnet
2025/06/11 08:16:30| Processing: http_access allow localhost
2025/06/11 08:16:30| Processing: http_access deny all
2025/06/11 08:16:30| Processing: include /usr/local/etc/squid/post-auth/*.conf
2025/06/11 08:16:30| Processing Configuration File: /usr/local/etc/squid/post-auth/dummy.conf (depth 1)
2025/06/11 08:16:30| Processing: cache_mem 256 MB
2025/06/11 08:16:30| Processing: coredump_dir /var/squid/cache
2025/06/11 08:16:30| Processing: refresh_pattern ^ftp:          1440    20%     10080
2025/06/11 08:16:30| Processing: refresh_pattern ^gopher:       1440    0%      1440
2025/06/11 08:16:30| Processing: refresh_pattern -i (/cgi-bin/|\?) 0    0%      0
2025/06/11 08:16:30| Processing: refresh_pattern .              0       20%     4320
2025/06/11 08:16:30| Processing: access_log stdio:/var/log/squid/access.log squid
2025/06/11 08:16:30| Processing: cache_store_log stdio:/var/log/squid/store.log
2025/06/11 08:16:30| Processing: via off
2025/06/11 08:16:30| Processing: logfile_rotate 0
2025/06/11 08:16:30| Processing: error_directory /usr/local/share/squid-langpack/en
2025/06/11 08:16:30| WARNING: HTTP requires the use of Via
2025/06/11 08:16:30| Requiring client certificates.
Segmentation fault
root@OPNsense:~ # service squid status
squid is running as pid 52104.

This forum has a lot of postings about this squid segmentation fault problem, but no solution other than resetting the config.
This seems not to work.

Any help is much appreciated.

Best regards,
Tom

I've got the same issue:
New generated peer-settings won't get saved in the wireguard peer list on the opnsense (but it shows no error message on the generator page).
I'm using OPNsense 24.1.6-amd64

The generation of a peer worked once (and was saved on the opnsense). Further peers generated by the peer generator are not saved.

Any hints?
Thanks,
Tom