Squid will not start with SSL Enabled

[ErkDog]

So when I turn SSL on I get this:

Code Select Expand


Squid Cache (Version 3.5.28): Terminated abnormally.
CPU Usage: 0.092 seconds = 0.076 user + 0.015 sys
Maximum Resident Size: 351760 KB
Page faults with physical i/o: 0
(ssl_crtd): (ssl_crtd)Error when parsing -M options value(ssl_crtd): :
Error when parsing -M options valueError when parsing -M options value

(ssl_crtd): Error when parsing -M options value
(ssl_crtd): Error when parsing -M options value
2019/04/03 15:17:52 kid1| Set Current Directory to /var/squid/cache
2019/04/03 15:17:52 kid1| Starting Squid Cache version 3.5.28 for amd64-portbld-freebsd11.2...
2019/04/03 15:17:52 kid1| Service Name: squid
2019/04/03 15:17:52 kid1| Process ID 90107
2019/04/03 15:17:52 kid1| Process Roles: worker
2019/04/03 15:17:52 kid1| With 466362 file descriptors available
2019/04/03 15:17:52 kid1| Initializing IP Cache...
2019/04/03 15:17:52 kid1| DNS Socket created at [::], FD 6
2019/04/03 15:17:52 kid1| DNS Socket created at 0.0.0.0, FD 8
2019/04/03 15:17:52 kid1| Adding domain ecansol.loc from /etc/resolv.conf
2019/04/03 15:17:52 kid1| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2019/04/03 15:17:52 kid1| Adding nameserver 208.67.222.222 from /etc/resolv.conf
2019/04/03 15:17:52 kid1| Adding nameserver 208.67.220.220 from /etc/resolv.conf
2019/04/03 15:17:52 kid1| Adding nameserver 2620:0:ccc::2 from /etc/resolv.conf
2019/04/03 15:17:52 kid1| Adding nameserver 2620:0:ccd::2 from /etc/resolv.conf
2019/04/03 15:17:52 kid1| helperOpenServers: Starting 5/5 'ssl_crtd' processes
FATAL: Ipc::Mem::Segment::open failed to shm_open(/var/run/squid/ssl_session_cache.shm): (2) No such file or directory


Additional Info:

Versions   OPNsense 19.1.4-amd64
FreeBSD 11.2-RELEASE-p9-HBSD
OpenSSL 1.0.2r 26 Feb 2019

I've stopped squid, run squid -z reset ssl folders and rebuilt them trying to fix it, nothing works.

https://puu.sh/D9BnU/78ae45bf50.png

https://puu.sh/D9BoD/f70a30708e.png

Thanks,
Matt

[Jacob-]

I too have this issue with a new OPNsense installation.

OPNsense 19.1.7-amd64
FreeBSD 11.2-RELEASE-p9-HBSD
OpenSSL 1.0.2r 26 Feb 2019

Set Current Directory to                    /var/squid/cache
Page faults                                  with physical i/o: 0
Maximum Resident                          Size: 733648 KB
CPU Usage:                                  5.539 seconds = 5.391 user + 0.149 sys
Squid Cache                                  (Version 3.5.28): Terminated abnormally.
FATAL: Ipc::Mem::Segment::open   failed to shm_open(/var/run/squid/ssl_session_cache.shm): (2) No such file or directory

[Jacob-]

I was able to get it running by adding a CA then turning off "Enable Proxy" and then turning it back on.

[ErkDog]

Yeah I have a CA created and everything appears to be setup right, just won't work :(

[Jacob-]

Give this a try,

In General
disable proxy

In forward proxy
enable
ssl inspection
log sni information only
and check that a CA is selected.

Go back to general and enable proxy.
I also had to hit the start icon in the top right as well as it was complaining about an SSL directory that needs to be created.

Also, I added the Remote ACL prior to enabling.

[Jacob-]

I just tested with another instance and it would not work until I created an internal CA, I also created an internal Intermediate CA and that is what I'm using for SSL inspection.