[squid-users] skype connection problem

Nicolas Valera nvalera at gmail.com
Mon Oct 24 16:28:54 UTC 2016 


On 10/24/2016 01:21 PM, Yuri Voinov wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
>
> 24.10.2016 22:19, Nicolas Valera пишет:
>> Hi Yuri, thanks for the answer!
>>
>> we don't have the squid in transparent mode in this network.
> So, you route all traffic to proxy box?
Yes, clients do not have direct Internet access
>
>> the squid configuration is very basic. here is the conf:
>>
>> -------------------------------------------------------------------------
>> http_port 1280 connection-auth=off
>> forwarded_for delete
>> httpd_suppress_version_string on
>> client_persistent_connections off
>>
>> cache_mem 16 GB
>> maximum_object_size_in_memory 8 MB
>>
>> url_rewrite_program /usr/bin/squidGuard
>> url_rewrite_children 10
>> url_rewrite_access allow all
>>
>> acl numeric_IPs dstdom_regex
> ^(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9a-f]+)?:([0-9a-f:]+)?:([0-9a-f]+|0-9\.]+)?\])):443
>> acl Skype_UA browser ^skype
>>
>> acl SSL_ports port 443 563 873 1445 2083 8000 8088 10017 8443 5443
> 7443 50001
>> acl Safe_ports port 80 82 88 182 210 554 591 777 873 1001 21 443 70
> 280 488
>> acl Safe_ports port 1025-65535  # unregistered ports
>>
>> acl CONNECT method CONNECT
>> acl safe_method method GET
>> acl safe_method method PUT
>> acl safe_method method POST
>> acl safe_method method HEAD
>> acl safe_method method CONNECT
>> acl safe_method method OPTIONS
>> acl safe_method method PROPFIND
>> acl safe_method method REPORT
>> acl safe_method method MERGE
>> acl safe_method method MKACTIVITY
>> acl safe_method method CHECKOUT
>>
>> http_access deny !Safe_ports
>> http_access allow CONNECT localnet numeric_IPS Skype_UA
>> http_access deny CONNECT !SSL_ports
>> http_access deny !safe_method
>> http_access allow localnet
>> http_access allow localhost
>> http_access deny all
>>
>> refresh_pattern ^ftp:        1440    20%    10080
>> refresh_pattern ^gopher:    1440    0%    1440
>> refresh_pattern -i (/cgi-bin/|\?) 0    0%    0
>> refresh_pattern Packages\.tar$ 0       20%    4320 refresh-ims
> ignore-no-cache
>> refresh_pattern Packages\.bz2$ 0       20%    4320 refresh-ims
> ignore-no-cache
>> refresh_pattern Sources\.bz2$  0       20%    4320 refresh-ims
> ignore-no-cache
>> refresh_pattern Release\.gpg$  0       20%    4320 refresh-ims
>> refresh_pattern Release$       0       20%    4320 refresh-ims
>> refresh_pattern -i
> microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80%
> 43200 reload-into-ims ignore-no-cache
>> refresh_pattern -i
> windowsupdate.com/.*\.(esd|cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip)
> 4320 80% 43200 reload-into-ims ignore-no-cache
>> refresh_pattern -i
> windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80%
> 43200 reload-into-ims ignore-no-cache
>> refresh_pattern -i
> live.net/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200
> reload-into-ims ignore-no-cache
>> refresh_pattern .        0    20%    4320
>>
>> -------------------------------------------------------------------------
>>
>> please, can you send me your settings for ssl bump?
> Copy-n-paste unknown configs is very bad idea, Nicolas.

sorry about that!
the only way to make skype works through squid is with ssl bump?

>>
>> thanks again!
>> nicolás.
>>
>> On 10/23/2016 07:28 PM, Yuri Voinov wrote:
>>>
>>
>>
>> 24.10.2016 4:11, N V пишет:
>> >>> hi there,
>> >>> i've had problems with windows skype clients with the only internet
>> connection is through squid. the clients can login successful but when
>> they make a call, it hangs after 12 secconds.
>> >>>
>> >>> I checked the client connections and see that attempts to connect
>> directly even if the proxy is properly configured.
>> Exactly, Skype does not use HTTP to calls. So, why you expect it calls
>> should goes via proxy?
>> >>>
>> >>> my squid version is 3.5.12
>> >>> the skype clients have the last version available.
>> >>> does anyone have the same issues?
>> >>> any idea?
>> With properly configured ssl bump and transparent proxy we have not any
>> problems with skype. I don't know your details.
>> >>>
>> >>> thanks in advance!
>> >>> Nicolás.
>> >>>
>> >>> pd. sorry about my english
>> >>>
>> >>>
>> >>>
>> >>> _______________________________________________
>> >>> squid-users mailing list
>> >>> squid-users at lists.squid-cache.org
>> >>> http://lists.squid-cache.org/listinfo/squid-users
>>
>>>
>>>
>>>
>>> _______________________________________________
>>> squid-users mailing list
>>> squid-users at lists.squid-cache.org
>>> http://lists.squid-cache.org/listinfo/squid-users
>>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>
> - --
> Cats - delicious. You just do not know how to cook them.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQEcBAEBCAAGBQJYDjURAAoJENNXIZxhPexGJAYH/jWHDNBJz43d17Lx1iUZSn1N
> 88PER8+AcS9aVlAzBWnu7uSu2yCWdcmMMNz1g5O2PYOnzuzMpyBHd2fKZFgksoP8
> azdw5AXeHT9FOvXnY1qjGGWmn/vcBXC06NDpA8OEeuW9qNpEoRYR/0LQUrAOokW3
> vLFft2FWT127ZK5c2DlD/p7yPrW7FmlovSkMlAAoe+sXkMMmPomSu75PhDBv3dKs
> HCsTpama4Cwv+huJg/HDMyOLCsy4uiYZoFmilNiOF92Hg6RNq18LymVqe2FX0IlY
> guY1U/DrkugmeGF1n8M+6Z5VWhR1Nhq2+lna9wlozRF1EqfuwsYT/a6EUSkx/LU=
> =fHtH
> -----END PGP SIGNATURE-----
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>

More information about the squid-users mailing list