[squid-users] Squid v4.45

Mon Aug 23 05:54:44 UTC 2021

On Thu, Aug 19, 2021 at 7:40 PM Amos Jeffries <squid3 at treenet.co.nz> wrote:
>
>
> FYI, there is no such version as Squid 4.45.

Amos sorry, is 4.15 my mistake.
>
> What is the output when you run "squid -v" ?
>
 squid -v
Squid Cache: Version 4.15
Service Name: squid

This binary uses OpenSSL 1.1.1k-freebsd  25 Mar 2021. For legal
restrictions on distribution see
https://www.openssl.org/source/license.html

configure options:  '--with-default-user=squid'
'--bindir=/usr/local/sbin' '--sbindir=/usr/local/sbin'
'--datadir=/usr/local/etc/squid'
'--libexecdir=/usr/local/libexec/squid' '--localstatedir=/var'
'--sysconfdir=/usr/local/etc/squid' '--with-logdir=/var/log/squid'
'--with-pidfile=/var/run/squid/squid.pid'
'--with-swapdir=/var/squid/cache' '--without-gnutls'
'--with-included-ltdl' '--enable-auth' '--enable-zph-qos'
'--enable-build-info' '--enable-loadable-modules'
'--enable-removal-policies=lru heap' '--disable-epoll'
'--disable-linux-netfilter' '--disable-linux-tproxy'
'--disable-translation' '--disable-arch-native'
'--disable-strict-error-checking' '--enable-eui'
'--enable-cache-digests' '--enable-delay-pools' '--disable-ecap'
'--disable-esi' '--enable-follow-x-forwarded-for'
'--with-mit-krb5=/usr/local' 'CFLAGS=-I/usr/local/include -O2 -pipe
-I/usr/local/include -I/usr/local/include -fstack-protector-strong
-DLDAP_DEPRECATED -fno-strict-aliasing ' 'LDFLAGS=-L/usr/local/lib
-L/usr/local/lib -L/usr/local/lib -pthread -L/usr/local/lib
-lpcreposix -lpcre -Wl,-rpath,/usr/local/lib:/usr/lib
-fstack-protector-strong ' 'LIBS=-lkrb5 -lgssapi_krb5 '
'KRB5CONFIG=/usr/local/bin/krb5-config'
'krb5_config=/usr/local/bin/krb5-config' '--enable-htcp'
'--enable-icap-client' '--enable-icmp' '--enable-ident-lookups'
'--enable-ipv6' '--enable-kqueue' '--with-large-files'
'--enable-http-violations' '--without-nettle' '--enable-snmp'
'--enable-ssl' '--with-openssl=/usr'
'--enable-security-cert-generators=file'
'LIBOPENSSL_CFLAGS=-I/usr/include' 'LIBOPENSSL_LIBS=-lcrypto -lssl'
'--enable-ssl-crtd' '--disable-stacktraces'
'--disable-ipf-transparent' '--disable-ipfw-transparent'
'--enable-pf-transparent' '--with-nat-devpf' '--disable-forw-via-db'
'--enable-wccp' '--enable-wccpv2' '--enable-auth-basic=LDAP SASL DB
SMB_LM NCSA PAM POP3 RADIUS fake getpwnam NIS'
'--enable-auth-digest=eDirectory LDAP file'
'--enable-external-acl-helpers=LDAP_group eDirectory_userip
file_userip unix_group delayer kerberos_ldap_group'
'--enable-auth-negotiate=kerberos wrapper' '--enable-auth-ntlm=fake
SMB_LM' '--enable-storeio=aufs diskd ufs'
'--enable-disk-io=DiskThreads DiskDaemon AIO Blocking IpcIo Mmapped'
'--enable-log-daemon-helpers=file DB'
'--enable-url-rewrite-helpers=fake LFS'
'--enable-storeid-rewrite-helpers=file'
'--enable-security-cert-validators=fake' '--prefix=/usr/local'
'--mandir=/usr/local/man' '--disable-silent-rules'
'--infodir=/usr/local/share/info/' '--build=amd64-portbld-freebsd12.2'
'build_alias=amd64-portbld-freebsd12.2' 'CC=cc'
'CPPFLAGS=-I/usr/local/include -I/usr/local/include' 'CXX=c++'
'CXXFLAGS=-O2 -pipe -I/usr/local/include -I/usr/local/include
-fstack-protector-strong -DLDAP_DEPRECATED -fno-strict-aliasing  '
'CPP=cpp' --enable-ltdl-convenience
> On 19/08/21 4:12 am, Periko Support wrote:
> > Hello guys.
> >
> > I have been searching the issue I have with windows 10 and the ugly
> > job he do to put the NIC "Internet access" and went we have squid
> > behind "no internet".
> >
>
> The NIC status simply says that *somehow* the Internet is available.
> that means DNS resolution, TCP connectivity, HTTP transactions and HTTPS
> transactions are all fully working and producing responses.

Windows 10 if for some reason cannot reach the internet will say "no internet".

I had sniff the communication and I just found thos 2 sites that looks
like windows use to check connectivity.

>
> Break any one and you will get "no internet". Even when the rest
> continue working fine. So it can tell you when some sort of failure
> occurs, but is not reliable when it claims success.
>
>
> Please be aware that using your Squid proxy properly is one way Windows
> can receive all those services and claim "Internet Access".
>
>
> > I have sniff logs and  I just found this sites went I turn on the computer:
> >
> > .msftconnecttest.com
> > .windows.com
> >
> > Some has win over this annoying thing with windows 10?
> >
> > No-Trans[parent Proxy WPAD.
> >
>
> Check that your firewall does not permit HTTP(S) connections directly
> from clients to the Internet.

I don't allow direct connection to the Internet, all 80/443 must cross
under squid.

> When;
>   * your network gateway firewall(s) block direct connections (other
> than from Squid) to HTTP(S), and
>   * your proxy logs show those Win10 connection URLs happening, and
>   * Win10 NIC says "Interent Access"
>
> Then you know that the proxy usage is how "Internet Access" happens,
> that is what you want so no problem.
>
>

I still haven't found the solution to this little issue.

Regards!!!

> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users