<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
-----BEGIN PGP SIGNED MESSAGE----- <br>
Hash: SHA256 <br>
<br>
<br>
<br>
24.10.2016 22:28, Nicolas Valera пишет:<br>
<span style="white-space: pre;">><br>
><br>
> On 10/24/2016 01:21 PM, Yuri Voinov wrote:<br>
>><br>
><br>
> 24.10.2016 22:19, Nicolas Valera пишет:<br>
> >>> Hi Yuri, thanks for the answer!<br>
> >>><br>
> >>> we don't have the squid in transparent mode in
this network.<br>
> So, you route all traffic to proxy box?<br>
> > Yes, clients do not have direct Internet access</span><br>
Here is root of problem. Skype does not always uses HTTP/HTTPS as
transport. Just pass Skype connections with proxy bypass and it will
work.<br>
<br>
In transparent environment non-HTTP/HTTPS connections not route to
proxy.<br>
<span style="white-space: pre;">><br>
> >>> the squid configuration is very basic. here is
the conf:<br>
> >>><br>
> >>>
-------------------------------------------------------------------------<br>
> >>> http_port 1280 connection-auth=off<br>
> >>> forwarded_for delete<br>
> >>> httpd_suppress_version_string on<br>
> >>> client_persistent_connections off<br>
> >>><br>
> >>> cache_mem 16 GB<br>
> >>> maximum_object_size_in_memory 8 MB<br>
> >>><br>
> >>> url_rewrite_program /usr/bin/squidGuard<br>
> >>> url_rewrite_children 10<br>
> >>> url_rewrite_access allow all<br>
> >>><br>
> >>> acl numeric_IPs dstdom_regex<br>
>
^(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9a-f]+)?:([0-9a-f:]+)?:([0-9a-f]+|0-9\.]+)?\])):443<br>
> >>> acl Skype_UA browser ^skype<br>
> >>><br>
> >>> acl SSL_ports port 443 563 873 1445 2083 8000
8088 10017 8443 5443<br>
> 7443 50001<br>
> >>> acl Safe_ports port 80 82 88 182 210 554 591 777
873 1001 21 443 70<br>
> 280 488<br>
> >>> acl Safe_ports port 1025-65535 # unregistered
ports<br>
> >>><br>
> >>> acl CONNECT method CONNECT<br>
> >>> acl safe_method method GET<br>
> >>> acl safe_method method PUT<br>
> >>> acl safe_method method POST<br>
> >>> acl safe_method method HEAD<br>
> >>> acl safe_method method CONNECT<br>
> >>> acl safe_method method OPTIONS<br>
> >>> acl safe_method method PROPFIND<br>
> >>> acl safe_method method REPORT<br>
> >>> acl safe_method method MERGE<br>
> >>> acl safe_method method MKACTIVITY<br>
> >>> acl safe_method method CHECKOUT<br>
> >>><br>
> >>> http_access deny !Safe_ports<br>
> >>> http_access allow CONNECT localnet numeric_IPS
Skype_UA<br>
> >>> http_access deny CONNECT !SSL_ports<br>
> >>> http_access deny !safe_method<br>
> >>> http_access allow localnet<br>
> >>> http_access allow localhost<br>
> >>> http_access deny all<br>
> >>><br>
> >>> refresh_pattern ^ftp: 1440 20%
10080<br>
> >>> refresh_pattern ^gopher: 1440 0% 1440<br>
> >>> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0<br>
> >>> refresh_pattern Packages\.tar$ 0 20%
4320 refresh-ims<br>
> ignore-no-cache<br>
> >>> refresh_pattern Packages\.bz2$ 0 20%
4320 refresh-ims<br>
> ignore-no-cache<br>
> >>> refresh_pattern Sources\.bz2$ 0 20%
4320 refresh-ims<br>
> ignore-no-cache<br>
> >>> refresh_pattern Release\.gpg$ 0 20%
4320 refresh-ims<br>
> >>> refresh_pattern Release$ 0 20%
4320 refresh-ims<br>
> >>> refresh_pattern -i<br>
> microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip)
4320 80%<br>
> 43200 reload-into-ims ignore-no-cache<br>
> >>> refresh_pattern -i<br>
>
windowsupdate.com/.*\.(esd|cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip)<br>
> 4320 80% 43200 reload-into-ims ignore-no-cache<br>
> >>> refresh_pattern -i<br>
> windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip)
4320 80%<br>
> 43200 reload-into-ims ignore-no-cache<br>
> >>> refresh_pattern -i<br>
> live.net/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320
80% 43200<br>
> reload-into-ims ignore-no-cache<br>
> >>> refresh_pattern . 0 20% 4320<br>
> >>><br>
> >>>
-------------------------------------------------------------------------<br>
> >>><br>
> >>> please, can you send me your settings for ssl
bump?<br>
> Copy-n-paste unknown configs is very bad idea, Nicolas.<br>
><br>
> > sorry about that!<br>
> > the only way to make skype works through squid is with
ssl bump?</span><br>
No. Just permit skype TCP traffic bypass proxy.<br>
<span style="white-space: pre;">><br>
> >>><br>
> >>> thanks again!<br>
> >>> nicolás.<br>
> >>><br>
> >>> On 10/23/2016 07:28 PM, Yuri Voinov wrote:<br>
> >>>><br>
> >>><br>
> >>><br>
> >>> 24.10.2016 4:11, N V пишет:<br>
> >>> >>> hi there,<br>
> >>> >>> i've had problems with windows
skype clients with the only internet<br>
> >>> connection is through squid. the clients can
login successful but when<br>
> >>> they make a call, it hangs after 12 secconds.<br>
> >>> >>><br>
> >>> >>> I checked the client connections
and see that attempts to connect<br>
> >>> directly even if the proxy is properly
configured.<br>
> >>> Exactly, Skype does not use HTTP to calls. So,
why you expect it calls<br>
> >>> should goes via proxy?<br>
> >>> >>><br>
> >>> >>> my squid version is 3.5.12<br>
> >>> >>> the skype clients have the last
version available.<br>
> >>> >>> does anyone have the same issues?<br>
> >>> >>> any idea?<br>
> >>> With properly configured ssl bump and
transparent proxy we have not any<br>
> >>> problems with skype. I don't know your details.<br>
> >>> >>><br>
> >>> >>> thanks in advance!<br>
> >>> >>> Nicolás.<br>
> >>> >>><br>
> >>> >>> pd. sorry about my english<br>
> >>> >>><br>
> >>> >>><br>
> >>> >>><br>
> >>> >>>
_______________________________________________<br>
> >>> >>> squid-users mailing list<br>
> >>> >>> <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
> >>> >>>
<a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a><br>
> >>><br>
> >>>><br>
> >>>><br>
> >>>><br>
> >>>>
_______________________________________________<br>
> >>>> squid-users mailing list<br>
> >>>> <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
> >>>>
<a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a><br>
> >>>><br>
> >>> _______________________________________________<br>
> >>> squid-users mailing list<br>
> >>> <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
> >>>
<a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a><br>
><br>
>><br>
>><br>
>><br>
>> _______________________________________________<br>
>> squid-users mailing list<br>
>> <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
>> <a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a><br>
>><br>
> _______________________________________________<br>
> squid-users mailing list<br>
> <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
> <a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a></span><br>
<br>
- -- <br>
Cats - delicious. You just do not know how to cook them.<br>
-----BEGIN PGP SIGNATURE-----
<br>
Version: GnuPG v2
<br>
<br>
iQEcBAEBCAAGBQJYDjwUAAoJENNXIZxhPexGN9EH/3ttH+4Xydg4EnSSfn+2SStI
<br>
MsQeyOY4VNLNfwg7Gul/JZ8/9dl03Bzpn5U3/vSFL1RHu3syRVsH9CkROsO1u9ui
<br>
MaEtdOYnY53AYAnW5xbppV+TaBgBGlRH6pYFPJ55uKPmTBYPnDO2TIrZnaGT1bZF
<br>
TAWbSinZ7R0I0dRVm+Bm2CYFkyDJxkeTxf0dgYNtLAeI9wyH0lwN7YO6lpOAMhzA
<br>
JAX7mz2prV8NPxVp21UkzA0Nj6My4iVeyOK87AMX9Z+mkZMwhqnSPXp4bsCNCL9l
<br>
WZl7If88PgZVqh/CxPV9T09S7zAtsqMNPzabRi0XGC2DoEuof+azqx+uAuX5aSA=
<br>
=g0h2
<br>
-----END PGP SIGNATURE-----
<br>
<br>
</body>
</html>