If your diagnosis is correct you should resolve all your problems downgrading squid:
yum downgrade squid
Honestly, I doubt that squid-3.5.20-10 will fix the problems, but, please, let us know.
I upgraded to NethServer release 7.4.1708 (Final). The problem is not solved.
P.S.
I performed the slide, but unfortunately the problem is not solved. The downgrade performed on the version (NethServer 7.4.1708 (Final)
Downgrade 1 Package
Total download size: 3.1 M
Is this ok [y/d/N]: y
Downloading packages:
squid-3.5.20-10.el7.x86_64.rpm | 3.1 MB 00:11
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : 7:squid-3.5.20-10.el7.x86_64 1/2
Cleanup : 7:squid-3.5.20-999.ns7.x86_64 2/2
Verifying : 7:squid-3.5.20-10.el7.x86_64 1/2
Verifying : 7:squid-3.5.20-999.ns7.x86_64 2/2
Removed:
squid.x86_64 7:3.5.20-999.ns7
Installed:
squid.x86_64 7:3.5.20-10.el7
Complete!
@Valeriy I think the hardware is not your problem, it looks ok for nethserver with a proxy, so we have to find out what happened on update. You have downgraded your squid and it’s the same error. My next bet would be something with the network. Can you test the speed of your networkconnection between nethserver and client computer please. For example create a share and copy a big file.
2 Likes
do I need to install samba? or other options? how to do it right?
P.S.
I installed samba. File 5.5 Gb write to the server 39-55 Mb \ s. Copy from server to computer 50-60 Mb \ s. The copying time is approximately 2 minutes.
That’s ok. I don’t know what happened on update.
Somebody else an idea?
Ive ran proxy since yesterday with no issues, ill keep monitoring it and checking logs. The only thing different I did was I changed the disk cache size to 512MB. Ive never gotten the proxy to work after about 3 days of use even after clearing the cache so Ill give it this week and stress test it, but so far it looks like an update recently may have fixed it. OP can you please post logs from squid? access.log is the log of every ip you connected to with time stamps that the nethserver gui uses for proxy stats, thats not required but post the cache.log. Maybe something weird. you also have a ufdbgclient.log but thats just telling you
The ufdbGuard (1.33.4) software suite is free and Open Source Software.
Copyright © 2005-2017 by URLfilterDB B.V. and others.
2017-10-24 03:32:17 [22819] ufdbgclient 1.33.4 started /var/log/squid
Over and over for some reason. /var/log/squid is the location of the cache log.
Something else interesting, not sure if it might help diagnose the issue, whenever I use a web filter with the proxy, I check “gambling” and hit save. My ufdbgclient.log
2017-10-24 08:28:42 [1402] ERROR: cannot connect to UNIX socket /tmp/ufdbguardd-03977
2017-10-24 08:28:42 [1402] ufdbgclient 1.33.4 started
2017-10-24 08:28:42 [1402] cannot connect to ufdbguardd daemon - is it running? If yes, check the -p option.
2017-10-24 08:28:44 [1393] after sleeping 2 seconds I could connect to the ufdbguardd daemon
So clearly an issue with the filter, not sure if that might be a reason why squid is acting up…
1 Like
Could you try running the proxy without the filter for some time?
I never focused on the filter, it may be the real issue here.
done. the only error I get in the cache.log is
2017/10/24 08:49:14 kid1| optional ICAP service is down after an options fetch failure: icap://127.0.0.1:1344/squidclamav [down,!opt]
This is the web anitvirus service, another option that could slow down web browsing. I’d disable it, to rule out most of the variables.
Every time I reenable the filter
2017-10-24 08:52:56 [4090] ERROR: cannot connect to UNIX socket /tmp/ufdbguardd-03977
2017-10-24 08:52:56 [4090] ufdbgclient 1.33.4 started
2017-10-24 08:52:56 [4090] cannot connect to ufdbguardd daemon - is it running? If yes, check the -p option.
But the filter works, It blocks sites like its supposed to, just spams this error about 100 times a day
Let’s check the ufdb service with systemctl status ufdb. Here’s my firewall:
[root@nsec-primary ~]# systemctl status ufdb
● ufdb.service - LSB: ufdbguardd daemons from URLfilterDB
Loaded: loaded (/etc/rc.d/init.d/ufdb; bad; vendor preset: disabled)
Active: active (running) since Tue 2017-10-17 14:29:20 CEST; 1 weeks 0 days ago
Docs: man:systemd-sysv-generator(8)
CGroup: /system.slice/ufdb.service
└─6519 /usr/sbin/ufdbguardd -U ufdb -c /etc/ufdbguard/ufdbGuard.conf
Oct 17 14:29:19 nsec-primary.nethesis.it systemd[1]: Starting LSB: ufdbguardd daemons from URLfilterDB...
Oct 17 14:29:20 nsec-primary.nethesis.it ufdb[6515]: Starting URLfilterDB daemons OK
Oct 17 14:29:20 nsec-primary.nethesis.it systemd[1]: Started LSB: ufdbguardd daemons from URLfilterDB.
Could you please try to restart it and check status again?
Weird, so I start it, service starts fine, no log is created under /var/log/squid. I stopped and started it a couple times no issues
[root@gateway ~]# systemctl status ufdb -l
● ufdb.service - LSB: ufdbguardd daemons from URLfilterDB
Loaded: loaded (/etc/rc.d/init.d/ufdb; bad; vendor preset: disabled)
Active: active (running) since Tue 2017-10-24 09:31:22 EDT; 59s ago
Docs: man:systemd-sysv-generator(8)
Process: 8217 ExecStart=/etc/rc.d/init.d/ufdb start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/ufdb.service
├─1017 /usr/sbin/ufdbguardd -U ufdb -c /etc/ufdbguard/ufdbGuard.conf
└─8221 /usr/sbin/ufdbguardd -U ufdb -c /etc/ufdbguard/ufdbGuard.conf
Edit: Neth ui still shows filter off but I assume manually starting a service doesn’t trigger that.
How to solve the SSL proxy problem?
Still working on it. Its actually working very well for me after the 1708 stable nethserver update for what its worth besides the filter errors in the log. Have you updated yet to stable 1708?
I am trying to reproduce your error since days but no success until now. Trying it next to testing other things but transparent SSL proxy still just works.
Please give me some information:
Which browsers do you use on which OS?
Does Nethserver all server tasks in your network or do you have a router or another server doing dns, dhcp or firewalling etc.?
What proxy config do you have? Do you block HTTP/HTTPS ports?
Do you use content filter or dpi?
Sorry but to reproduce it I need the scenario…
Summary of what I know, please correct me if somethings wrong:
- minimum of 20 seconds delay when browsing via proxy
- no antivirus and no cache used
- it seems to be the transparent SSL mode, as it works without SSL
- 7.4 release does not solve it
- IPv4 patch not working
Did you try this, as it will show us where the error is located:
1 Like
Yes I am using transparent with ssl, caching enabled but I drastically increased max file size and cache size because of some failing downloads, which I am not sure are a proxy issue but it did not hurt anything. Can I ask what sites are giving you issues? You haven’t posted any of the logs either, please post, they may help. Locations are in a previous post 
1 Like
браузеры Google chrome, opera, firefox
Windows 10
Windows 2016 DHCP, DNS
Nethserver proxy
порты не блокируются.
Контент фильтр и dpi не используется.
На компьютере где включен обход прокси проблем с доступом нет.
Если отключить прокси проблем нет на всех компьютерах.
Если включить прозрачный режим без SSL проблем нет на всех компьютерах.
Если включить прозрачный режим с SSL задержка примерно 20 секунд, на компьютерах которые включены в обход прокси проблем нет.
Можно ли в NS сделать сброс всех настроек поумолчанию (как чистая установка)? Или попробовать сделать новую установку?
@Valeriy Can you translate it to english please? Tried it with google translation, but this not works very well.