[squid-users] skype connection problem

Yuri Voinov yvoinov at gmail.com
Tue Oct 25 14:26:48 UTC 2016 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
You LAN settings is too restrictive. AFAIK you require to permit traffic
to skype servers directly from your clients. Without proxy.

Because of Skype voice traffic is non-HTTP(S). And proxy can't know how
to handle it.


25.10.2016 20:25, Nicolas Valera пишет:
> Amos, thanks for the tips!
> any idea about my skype problem?
>
> regards
>
> On 10/25/2016 08:13 AM, Amos Jeffries wrote:
>> On 25/10/2016 5:19 a.m., Nicolas Valera wrote:
>>> Hi Yuri, thanks for the answer!
>>>
>>> we don't have the squid in transparent mode in this network.
>>> the squid configuration is very basic. here is the conf:
>>>
>>>
-------------------------------------------------------------------------
>>> http_port 1280 connection-auth=off
>>> forwarded_for delete
>>> httpd_suppress_version_string on
>>> client_persistent_connections off
>>>
>>> cache_mem 16 GB
>>> maximum_object_size_in_memory 8 MB
>>>
>>> url_rewrite_program /usr/bin/squidGuard
>>
>> These...
>>
>>> url_rewrite_children 10
>>> url_rewrite_access allow all
>>
>> ... are redundant. That is the default values for those directives.
>>
>>>
>>> acl numeric_IPs dstdom_regex
>>>
^(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9a-f]+)?:([0-9a-f:]+)?:([0-9a-f]+|0-9\.]+)?\])):443
>>>
>>> acl Skype_UA browser ^skype
>>>
>>> acl SSL_ports port 443 563 873 1445 2083 8000 8088 10017 8443 5443 7443
>>> 50001
>>> acl Safe_ports port 80 82 88 182 210 554 591 777 873 1001 21 443 70
280 488
>>> acl Safe_ports port 1025-65535  # unregistered ports
>>>
>>> acl CONNECT method CONNECT
>>> acl safe_method method GET
>>> acl safe_method method PUT
>>> acl safe_method method POST
>>> acl safe_method method HEAD
>>> acl safe_method method CONNECT
>>> acl safe_method method OPTIONS
>>> acl safe_method method PROPFIND
>>> acl safe_method method REPORT
>>> acl safe_method method MERGE
>>> acl safe_method method MKACTIVITY
>>> acl safe_method method CHECKOUT
>>
>> Whats the point of this ACL ?
>>
>>
>>>
>>> http_access deny !Safe_ports
>>> http_access allow CONNECT localnet numeric_IPS Skype_UA
>>> http_access deny CONNECT !SSL_ports
>>> http_access deny !safe_method
>>> http_access allow localnet
>>> http_access allow localhost
>>> http_access deny all
>>>
>>> refresh_pattern ^ftp:        1440    20%    10080
>>> refresh_pattern ^gopher:    1440    0%    1440
>>> refresh_pattern -i (/cgi-bin/|\?) 0    0%    0
>>> refresh_pattern Packages\.tar$ 0       20%    4320 refresh-ims
>>> ignore-no-cache
>>> refresh_pattern Packages\.bz2$ 0       20%    4320 refresh-ims
>>> ignore-no-cache
>>> refresh_pattern Sources\.bz2$  0       20%    4320 refresh-ims
>>> ignore-no-cache
>>> refresh_pattern Release\.gpg$  0       20%    4320 refresh-ims
>>> refresh_pattern Release$       0       20%    4320 refresh-ims
>>> refresh_pattern -i
>>> microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80%
>>> 43200 reload-into-ims ignore-no-cache
>>> refresh_pattern -i
>>> windowsupdate.com/.*\.(esd|cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip)
>>> 4320 80% 43200 reload-into-ims ignore-no-cache
>>> refresh_pattern -i
>>> windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80%
>>> 43200 reload-into-ims ignore-no-cache
>>> refresh_pattern -i
>>> live.net/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200
>>> reload-into-ims ignore-no-cache
>>> refresh_pattern .        0    20%    4320
>>>
>>
>> All those "ignore-no-cache" are not useful. Run "squid -k parse" and it
>> should mention they are no longer supported.
>>
>> Amos
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

- -- 
Cats - delicious. You just do not know how to cook them.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJYD2uoAAoJENNXIZxhPexGX1IIAI+JWytszKKX9ArRjDioUmeU
6tyWfumjWiiASMDV83MOtS54cuhy1UMGzXoHuJBb+aqo76suXQVI/w+fO987go6g
fU6lm0xsSnXDbcwoIahSmfoevDsP6dQzGAXDWv1Q3Tqky+mPc/xtNlISO/5BhHL0
JzAkl/XFIzDZFraTJOOuJXiQ7FoMhwsICWL8hO7+OiRR6vpuPlxruuzYNbqLBxD2
3LPMbgv67XsitcdM21jsiR+CrO/7VeIcoOcbwpE8yE8dM03ldRq8+PoUmUtUut77
cQZl+7j2Fyh7H08vqAp46fFcWoAyiebPW+SnNh5zCLhw4XBHBp4vK3bqQCQOp3o=
=17cK
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161025/46270587/attachment.key>

More information about the squid-users mailing list