Re: [squid-users] VoIP Software trouble
On 7/25/19 6:00 AM, gswijker wrote: > Squid Proxy Server v3.5 ... > ssl_bump peek all > ssl_bump splice all Please upgrade to Squid v4 (at least) or stop using SslBump features, depending on whether you actually need SslBump features. And if you do need SslBump features, then you must configure http_port(s) accordingly. > tail -f /var/log/squid/access.log: > 1564047457.829 65109 10.1.10.224 TAG_NONE/503 0 CONNECT > clients.interact.mtel.eu:443 - HIER_NONE/- - The primary question is why is your Squid responding with a 503 error to the CONNECT request? Perhaps Squid cannot resolve clients.interact.mtel.eu domain name? You can see Squid error response (that may have more details) in a packet capture (or, probably, in cache.log after setting debug_options to ALL,2). > http_access allow all > http_access allow localnet > http_access allow localhost > http_access deny all ... > http_access allow localhost manager > http_access deny manager This combination does not make sense. The very first rule is the only one that will work, potentially turning your Squid into an open proxy. However, this is not the reason for those 503 errors. > http_port 3128 > http_port 3130 ... > http_port 3128 One http_port directive per port/address, please. Perhaps you are not looking at cache.log errors/warnings? They are often useful. > I'm a linux novice, so do it step by step, please. Sorry, the above is all I had time for. If you need more detailed instructions, then hopefully somebody on the list can give them to you. HTH, Alex. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Squid Cache Problem
Great, thank you. We'll take a look at the DNS cache and see what we find. -- Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] VoIP Software trouble
Hello, I have trouble with a VoIP software. It can't connect to the VoIP server. Log of working software: 09:14:56.3 Telephony deviceLoading 09:14:56.5 Telephony deviceLicense: CRM 09:15:01.0 Telephony deviceConnecting 09:15:01.1 Telephony deviceMethod: XSI-HTTPS 09:15:01.1 Telephony deviceConnecting 09:15:01.1 Telephony deviceVerified: CN=*.interact.mtel.eu, OU=PositiveSSL Wildcard, OU=Domain Control Validated 09:15:01.2 Telephony deviceVersion: 21.0 09:15:01.5 Telephony deviceChannel started 09:15:01.5 Telephony deviceFetching directory: Extensions 09:15:01.9 Telephony device2 common records 09:15:02.0 Telephony device0 personal records 09:15:02.0 Telephony device127 records downloaded, 0 seconds 09:15:02.6 Telephony deviceService pack found: OBT CONNECTOR CRM 09:15:02.6 Telephony deviceService pack: CRM 09:15:02.6 Telephony deviceLicense: CRM Log of not working software: 10:13:44.5 Telephony deviceLoading 10:13:44.6 Telephony deviceLicense: CRM 10:13:49.1 Telephony deviceConnecting 10:13:49.2 Telephony deviceMethod: XSI-HTTPS 10:13:49.2 Telephony deviceConnecting OS: Debian Linux 9 v19.36 Squid Proxy Server v3.5 tail -f /var/log/squid/access.log: 1564047457.829 65109 10.1.10.224 TAG_NONE/503 0 CONNECT clients.interact.mtel.eu:443 - HIER_NONE/- - /etc/squid/squid.conf: acl all src all acl localhost src 127.0.0.1/32 acl localnet src 10.1.9.0/24 acl localnet src 10.1.10.0/24 acl localnet src 172.19.142.0/24 icp_port 3130 icp_access allow all acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 2208 # Evolve OBT acl Safe_ports port 2209 # Evolve OBT acl CONNECT method CONNECT acl HTTPS proto HTTPS http_access allow all http_access allow localnet http_access allow localhost http_access deny all http_port 3128 http_port 3130 dns_v4_first on ssl_bump peek all ssl_bump splice all http_access allow localhost manager http_access deny manager http_port 3128 cache_mem 1048 MB cache_dir ufs /var/spool/squid 100 16 256 access_log /var/log/squid/combined.log combined access_log /var/log/squid/access.log squid cache_log /var/log/squid/debug.log coredump_dir /var/spool/squid strip_query_terms off refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 cache_effective_user proxy check_hostnames off cache_effective_group proxy I have search for months, but I can't find the solution. Can someone help me? I'm a linux novice, so do it step by step, please. Best regards, gswijker -- Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
