<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body style="overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;">Do I need to add ::1 as a http port? for transparent I can’t get anything to work I sees the attempts with ipv6 pure mode however nothing connects..<div><br></div><div>[2001:470:8052:192::]:3128 is my proxy </div><div><br></div><div>I can’t get any connections from ipv6 only hosts.</div><div><br></div><div>I can get ipv4 all day and they can access ipv6 sites just not the other way around </div><div><br></div><div>It is currently set as </div><div><br></div><div><pre id="pconf" name="pconf" wrap="hard" readonly="" style="box-sizing: border-box; overflow: auto; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 13px; padding: 9.5px; margin-top: 0px; margin-bottom: 10px; line-height: 1.42857; color: rgb(51, 51, 51); word-break: break-all; overflow-wrap: break-word; background-color: rgb(245, 245, 245); border: 1px solid rgb(204, 204, 204); border-radius: 4px; font-variant-ligatures: normal; orphans: 2; widows: 2; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;">http_port 192.168.1.1:3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=20MB cert=/usr/local/etc/squid/serverkey.pem tls-cafile=/usr/local/share/certs/ca-root-nss.crt capath=/usr/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS tls-dh=prime256v1:/etc/dh-parameters.2048 options=NO_SSLv3

http_port 127.0.0.1:3128 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=20MB cert=/usr/local/etc/squid/serverkey.pem tls-cafile=/usr/local/share/certs/ca-root-nss.crt capath=/usr/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS tls-dh=prime256v1:/etc/dh-parameters.2048 options=NO_SSLv3

https_port 127.0.0.1:3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=20MB cert=/usr/local/etc/squid/serverkey.pem tls-cafile=/usr/local/share/certs/ca-root-nss.crt capath=/usr/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS tls-dh=prime256v1:/etc/dh-parameters.2048 options=NO_SSLv3

http_port [2001:470:8052:192::]:3128 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=20MB cert=/usr/local/etc/squid/serverkey.pem tls-cafile=/usr/local/share/certs/ca-root-nss.crt capath=/usr/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS tls-dh=prime256v1:/etc/dh-parameters.2048 options=NO_SSLv3

https_port [2001:470:8052:192::]:3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=20MB cert=/usr/local/etc/squid/serverkey.pem tls-cafile=/usr/local/share/certs/ca-root-nss.crt capath=/usr/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS tls-dh=prime256v1:/etc/dh-parameters.2048 options=NO_SSLv3
</pre><br class="Apple-interchange-newline"></div><div><br></div><div>so should it include??</div><div><br></div><div><div>http_port [::1]:3128 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=20MB cert=/usr/local/etc/squid/serverkey.pem tls-cafile=/usr/local/share/certs/ca-root-nss.crt capath=/usr/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS tls-dh=prime256v1:/etc/dh-parameters.2048 options=NO_SSLv3</div><div><br></div><div>https_port [::1]:3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=20MB cert=/usr/local/etc/squid/serverkey.pem tls-cafile=/usr/local/share/certs/ca-root-nss.crt capath=/usr/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS tls-dh=prime256v1:/etc/dh-parameters.2048 options=NO_SSLv3</div><div><br></div><div><br></div><div><br></div><div><br><blockquote type="cite"><div>On Jul 26, 2024, at 15:10, Jonathan Lee <jonathanlee571@gmail.com> wrote:</div><br class="Apple-interchange-newline"><div><meta http-equiv="content-type" content="text/html; charset=us-ascii"><div style="overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;">Hello fellow squid users can you please help me??<div><br></div><div>I know I have good IPV6 internet if I use the IPV4 proxy address, and the IPv6 test sites pass 10 out of 10. If I make the client IPV6 only and have the rules set to use the proxy with the proxy IPV6 address for the proxy I get no internet. <br><div><br></div><div>I am using a IPV6 tunnel broker in pfsense. When I configure my client to IPv6 only it can access all IPv6 sites. As soon as I use the proxy address in IPv6 of Squid squid gives me the following errors...</div><div><br></div><div><table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0" style="font-variant-caps: normal; border-collapse: collapse; border-spacing: 0px; background-color: rgb(255, 255, 255); color: rgb(51, 51, 51); font-family: Roboto, sans-serif; font-size: 14px; orphans: 2; widows: 2; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;"><thead style="box-sizing: border-box;"><tr style="box-sizing: border-box;"><td colspan="2" class="listtopic" align="center" style="box-sizing: border-box; padding: 0px;">Squid - Cache Logs</td></tr></thead><tbody id="squidCacheView" style="box-sizing: border-box;"><tr valign="top" style="box-sizing: border-box;"><td class="listhdrr" style="box-sizing: border-box; padding: 0px;">Date-Time</td><td class="listhdrr" style="box-sizing: border-box; padding: 0px;">Message</td></tr><tr style="box-sizing: border-box;"><td class="listlr" nowrap="nowrap" style="box-sizing: border-box; padding: 0px;">26.07.2024 15:07:12</td><td class="listr" nowrap="nowrap" style="box-sizing: border-box; padding: 0px;">ERROR: failure while acc<wbr style="box-sizing: border-box;">epting a TLS connection o<wbr style="box-sizing: border-box;">n conn26864 local=192.168<wbr style="box-sizing: border-box;">.1.1:3128 remote=192.168.<wbr style="box-sizing: border-box;">1.14:52687 FD 452 flags=1<wbr style="box-sizing: border-box;">: SQUID_TLS_ERR_ACCEPT+TL<wbr style="box-sizing: border-box;">S_LIB_ERR=A000415+TLS_IO_<wbr style="box-sizing: border-box;">ERR=1<wbr style="box-sizing: border-box;"></td></tr><tr style="box-sizing: border-box;"><td class="listlr" nowrap="nowrap" style="box-sizing: border-box; padding: 0px;">31.12.1969 16:00:00</td><td class="listr" nowrap="nowrap" style="box-sizing: border-box; padding: 0px;"></td></tr><tr style="box-sizing: border-box;"><td class="listlr" nowrap="nowrap" style="box-sizing: border-box; padding: 0px;">26.07.2024 15:07:10</td><td class="listr" nowrap="nowrap" style="box-sizing: border-box; padding: 0px;">kick abandoning conn2686<wbr style="box-sizing: border-box;">3 local=[2001:470:8052:19<wbr style="box-sizing: border-box;">2::]:3128 remote=[2001:47<wbr style="box-sizing: border-box;">0:8052:192:898d:9911:720b<wbr style="box-sizing: border-box;">:5bdd]:54252 FD 451 flags<wbr style="box-sizing: border-box;">=33<wbr style="box-sizing: border-box;"></td></tr><tr style="box-sizing: border-box;"><td class="listlr" nowrap="nowrap" style="box-sizing: border-box; padding: 0px;">31.12.1969 16:00:00</td><td class="listr" nowrap="nowrap" style="box-sizing: border-box; padding: 0px;"></td></tr><tr style="box-sizing: border-box;"><td class="listlr" nowrap="nowrap" style="box-sizing: border-box; padding: 0px;">26.07.2024 15:07:10</td><td class="listr" nowrap="nowrap" style="box-sizing: border-box; padding: 0px;">SECURITY ALERT: on URL: <wbr style="box-sizing: border-box;">www.bing.com:443<wbr style="box-sizing: border-box;"></td></tr><tr style="box-sizing: border-box;"><td class="listlr" nowrap="nowrap" style="box-sizing: border-box; padding: 0px;">31.12.1969 16:00:00</td><td class="listr" nowrap="nowrap" style="box-sizing: border-box; padding: 0px;"></td></tr><tr style="box-sizing: border-box;"><td class="listlr" nowrap="nowrap" style="box-sizing: border-box; padding: 0px;">26.07.2024 15:07:10</td><td class="listr" nowrap="nowrap" style="box-sizing: border-box; padding: 0px;">SECURITY ALERT: By user <wbr style="box-sizing: border-box;">agent: Mozilla/5.0 (Macin<wbr style="box-sizing: border-box;">tosh; Intel Mac OS X 10_1<wbr style="box-sizing: border-box;">5_7) AppleWebKit/537.36 (<wbr style="box-sizing: border-box;">KHTML, like Gecko) Chrome<wbr style="box-sizing: border-box;">/127.0.0.0 Safari/537.36 <wbr style="box-sizing: border-box;">Edg/127.0.0.0<wbr style="box-sizing: border-box;"></td></tr><tr style="box-sizing: border-box;"><td class="listlr" nowrap="nowrap" style="box-sizing: border-box; padding: 0px;">31.12.1969 16:00:00</td><td class="listr" nowrap="nowrap" style="box-sizing: border-box; padding: 0px;"></td></tr><tr style="box-sizing: border-box;"><td class="listlr" nowrap="nowrap" style="box-sizing: border-box; padding: 0px;">26.07.2024 15:07:10</td><td class="listr" nowrap="nowrap" style="box-sizing: border-box; padding: 0px;">SECURITY ALERT: Host hea<wbr style="box-sizing: border-box;">der forgery detected on c<wbr style="box-sizing: border-box;">onn26863 local=[2001:470:<wbr style="box-sizing: border-box;">8052:192::]:3128 remote=[<wbr style="box-sizing: border-box;">2001:470:8052:192:898d:99<wbr style="box-sizing: border-box;">11:720b:5bdd]:54252 FD 45<wbr style="box-sizing: border-box;">1 flags=33 (intercepted p<wbr style="box-sizing: border-box;">ort does not match 443)<br><br></td></tr></tbody></table></div></div></div></div></blockquote></div><br></div></body></html>