Re: [squid-users] squid 3.5 ssl-bump intercept TCP_DENIED/200 on bridge mode

2017-06-11 Thread Amos Jeffries 

On 09/06/17 16:05, Jason Chiu wrote:

test case 2:
-
but I want use transparent mode (intercept with PF rdr).
intercept mode add the following acl rule :

acl bumpedPorts myportname 3129
http_access allow CONNECT bumpedPorts
.
https_port 3129 intercept ssl-bump cert=/usr/local/squid/ssl_cert/myCA.pem
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB

access.log no appear TCP_DENIED/200 0 CONNECT 127.0.0.1:3129
but client web browser has been waiting and no response.


Ah, sorry I should have remembered this earlier:


TL;DR:  Add --with-nat-devpf to your build options for FreeBSD.

Amos

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] telegram app on android

2017-06-11 Thread snable snable 
hi

i get these error messages and telegram cant connect:

squid 4.0.20
bumping only specific sites


1497184119.235  1 192.168.1.200 NONE_ABORTED/200 0 CONNECT 149.154.167.
51:443 - HIER_NONE/- -
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] telegram app on android

2017-06-11 Thread Yuri 
http://wiki.squid-cache.org/ConfigExamples/Chat/Telegram


11.06.2017 18:31, snable snable пишет:
> hi 
>
> i get these error messages and telegram cant connect:
>
> squid 4.0.20
> bumping only specific sites
>
>
> 1497184119.235  1 192.168.1.200 NONE_ABORTED/200 0 CONNECT
> 149.154.167.
> 51:443 - HIER_NONE/- -
>
>
>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users



signature.asc
Description: OpenPGP digital signature
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] telegram app on android

2017-06-11 Thread Yuri 
Do not thank :)


11.06.2017 18:33, Yuri пишет:
>
> http://wiki.squid-cache.org/ConfigExamples/Chat/Telegram
>
>
> 11.06.2017 18:31, snable snable пишет:
>> hi 
>>
>> i get these error messages and telegram cant connect:
>>
>> squid 4.0.20
>> bumping only specific sites
>>
>>
>> 1497184119.235  1 192.168.1.200 NONE_ABORTED/200 0 CONNECT
>> 149.154.167.
>> 51:443 - HIER_NONE/- -
>>
>>
>>
>> ___
>> squid-users mailing list
>> squid-users@lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>



signature.asc
Description: OpenPGP digital signature
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squid 3.5 ssl-bump intercept TCP_DENIED/200 on bridge mode

2017-06-11 Thread Jason Chiu 
I reconfigured  add " --with-nat-devpf " (squid-3.5.24 on FreeBSD 9.1)

This issue *has been resolved*
thanks to Amos Jeffries

The follow is my squid version and configure.

Squid Cache: Version 3.5.24-20170331-r14150
Service Name: squid
configure options:  '--prefix=/usr/local/squid' '--sysconfdir=/etc/squid'
'--localstatedir=/var/squid' '--datadir=/usr/share/squid'
'--enable-icap-client' '--enable-ssl' '--with-pthreads'
'--enable-pf-transparent' '--with-nat-devpf' '--enable-ssl-crtd'
'--enable-ecap' '--with-openssl' 'PKG_CONFIG_PATH=/usr/local/lib/pkgconfig'
--enable-ltdl-convenience






--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-3-5-ssl-bump-intercept-TCP-DENIED-200-on-bridge-mode-tp4682712p4682748.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users