[squid-users] skype connection problem

Yuri Voinov yvoinov at gmail.com
Mon Oct 24 16:51:32 UTC 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 


24.10.2016 22:28, Nicolas Valera пишет:
>
>
> On 10/24/2016 01:21 PM, Yuri Voinov wrote:
>>
>
> 24.10.2016 22:19, Nicolas Valera пишет:
> >>> Hi Yuri, thanks for the answer!
> >>>
> >>> we don't have the squid in transparent mode in this network.
> So, you route all traffic to proxy box?
> > Yes, clients do not have direct Internet access
Here is root of problem. Skype does not always uses HTTP/HTTPS as
transport. Just pass Skype connections with proxy bypass and it will work.

In transparent environment non-HTTP/HTTPS connections not route to proxy.
>
> >>> the squid configuration is very basic. here is the conf:
> >>>
> >>>
-------------------------------------------------------------------------
> >>> http_port 1280 connection-auth=off
> >>> forwarded_for delete
> >>> httpd_suppress_version_string on
> >>> client_persistent_connections off
> >>>
> >>> cache_mem 16 GB
> >>> maximum_object_size_in_memory 8 MB
> >>>
> >>> url_rewrite_program /usr/bin/squidGuard
> >>> url_rewrite_children 10
> >>> url_rewrite_access allow all
> >>>
> >>> acl numeric_IPs dstdom_regex
>
^(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9a-f]+)?:([0-9a-f:]+)?:([0-9a-f]+|0-9\.]+)?\])):443
> >>> acl Skype_UA browser ^skype
> >>>
> >>> acl SSL_ports port 443 563 873 1445 2083 8000 8088 10017 8443 5443
> 7443 50001
> >>> acl Safe_ports port 80 82 88 182 210 554 591 777 873 1001 21 443 70
> 280 488
> >>> acl Safe_ports port 1025-65535  # unregistered ports
> >>>
> >>> acl CONNECT method CONNECT
> >>> acl safe_method method GET
> >>> acl safe_method method PUT
> >>> acl safe_method method POST
> >>> acl safe_method method HEAD
> >>> acl safe_method method CONNECT
> >>> acl safe_method method OPTIONS
> >>> acl safe_method method PROPFIND
> >>> acl safe_method method REPORT
> >>> acl safe_method method MERGE
> >>> acl safe_method method MKACTIVITY
> >>> acl safe_method method CHECKOUT
> >>>
> >>> http_access deny !Safe_ports
> >>> http_access allow CONNECT localnet numeric_IPS Skype_UA
> >>> http_access deny CONNECT !SSL_ports
> >>> http_access deny !safe_method
> >>> http_access allow localnet
> >>> http_access allow localhost
> >>> http_access deny all
> >>>
> >>> refresh_pattern ^ftp:        1440    20%    10080
> >>> refresh_pattern ^gopher:    1440    0%    1440
> >>> refresh_pattern -i (/cgi-bin/|\?) 0    0%    0
> >>> refresh_pattern Packages\.tar$ 0       20%    4320 refresh-ims
> ignore-no-cache
> >>> refresh_pattern Packages\.bz2$ 0       20%    4320 refresh-ims
> ignore-no-cache
> >>> refresh_pattern Sources\.bz2$  0       20%    4320 refresh-ims
> ignore-no-cache
> >>> refresh_pattern Release\.gpg$  0       20%    4320 refresh-ims
> >>> refresh_pattern Release$       0       20%    4320 refresh-ims
> >>> refresh_pattern -i
> microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80%
> 43200 reload-into-ims ignore-no-cache
> >>> refresh_pattern -i
> windowsupdate.com/.*\.(esd|cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip)
> 4320 80% 43200 reload-into-ims ignore-no-cache
> >>> refresh_pattern -i
> windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80%
> 43200 reload-into-ims ignore-no-cache
> >>> refresh_pattern -i
> live.net/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200
> reload-into-ims ignore-no-cache
> >>> refresh_pattern .        0    20%    4320
> >>>
> >>>
-------------------------------------------------------------------------
> >>>
> >>> please, can you send me your settings for ssl bump?
> Copy-n-paste unknown configs is very bad idea, Nicolas.
>
> > sorry about that!
> > the only way to make skype works through squid is with ssl bump?
No. Just permit skype TCP traffic bypass proxy.
>
> >>>
> >>> thanks again!
> >>> nicolás.
> >>>
> >>> On 10/23/2016 07:28 PM, Yuri Voinov wrote:
> >>>>
> >>>
> >>>
> >>> 24.10.2016 4:11, N V пишет:
> >>> >>> hi there,
> >>> >>> i've had problems with windows skype clients with the only
internet
> >>> connection is through squid. the clients can login successful but when
> >>> they make a call, it hangs after 12 secconds.
> >>> >>>
> >>> >>> I checked the client connections and see that attempts to connect
> >>> directly even if the proxy is properly configured.
> >>> Exactly, Skype does not use HTTP to calls. So, why you expect it calls
> >>> should goes via proxy?
> >>> >>>
> >>> >>> my squid version is 3.5.12
> >>> >>> the skype clients have the last version available.
> >>> >>> does anyone have the same issues?
> >>> >>> any idea?
> >>> With properly configured ssl bump and transparent proxy we have
not any
> >>> problems with skype. I don't know your details.
> >>> >>>
> >>> >>> thanks in advance!
> >>> >>> Nicolás.
> >>> >>>
> >>> >>> pd. sorry about my english
> >>> >>>
> >>> >>>
> >>> >>>
> >>> >>> _______________________________________________
> >>> >>> squid-users mailing list
> >>> >>> squid-users at lists.squid-cache.org
> >>> >>> http://lists.squid-cache.org/listinfo/squid-users
> >>>
> >>>>
> >>>>
> >>>>
> >>>> _______________________________________________
> >>>> squid-users mailing list
> >>>> squid-users at lists.squid-cache.org
> >>>> http://lists.squid-cache.org/listinfo/squid-users
> >>>>
> >>> _______________________________________________
> >>> squid-users mailing list
> >>> squid-users at lists.squid-cache.org
> >>> http://lists.squid-cache.org/listinfo/squid-users
>
>>
>>
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

- -- 
Cats - delicious. You just do not know how to cook them.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJYDjwUAAoJENNXIZxhPexGN9EH/3ttH+4Xydg4EnSSfn+2SStI
MsQeyOY4VNLNfwg7Gul/JZ8/9dl03Bzpn5U3/vSFL1RHu3syRVsH9CkROsO1u9ui
MaEtdOYnY53AYAnW5xbppV+TaBgBGlRH6pYFPJ55uKPmTBYPnDO2TIrZnaGT1bZF
TAWbSinZ7R0I0dRVm+Bm2CYFkyDJxkeTxf0dgYNtLAeI9wyH0lwN7YO6lpOAMhzA
JAX7mz2prV8NPxVp21UkzA0Nj6My4iVeyOK87AMX9Z+mkZMwhqnSPXp4bsCNCL9l
WZl7If88PgZVqh/CxPV9T09S7zAtsqMNPzabRi0XGC2DoEuof+azqx+uAuX5aSA=
=g0h2
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161024/140f0a72/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161024/140f0a72/attachment-0001.key>


More information about the squid-users mailing list