[squid-users] Squid TCP_TUNNEL_ABORTED/200

Emre Oksum emreoksum at gmail.com
Fri May 3 14:29:11 UTC 2024 

 Hi everyone,

I'm having a issue with Squid Cache 4.10 which I cannot fix for weeks now
and kinda lost at the moment. I will be appreciated if someone can guide me
through the issue I'm having.
I need to create a IPv6 HTTP proxy which should match the entry address to
outgoing TCP address. For example, if user is connecting from fe80:abcd::1
it should exit the HTTP proxy from the same address. We got like 50k
addresses like this at the moment.
The issue is, client connecting to the proxy is receiving "EOF" or
"FLOW_CONTROL_ERROR" on their side. When I test connection by connecting to
whatismyip.com everything works fine and entry IP always matches with
outgoing IP for each of the 50k addresses. Client tells me this problem
occurs both at GET and POST requests with around 10 MB of data.
I initially thought that could be related to server resources being drained
but upon inspecting server resource usage, Squid isn't even topping at 100%
CPU or RAM anytime so not that.

My Squid.conf is like this at the moment:

auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd
acl auth_users proxy_auth REQUIRED
http_access allow auth_users
http_access deny !auth_users
cache deny all
dns_nameservers <nameservers here>
dns_v4_first off
via off
forwarded_for delete
follow_x_forwarded_for deny all
server_persistent_connections off
max_filedesc 1048576
max_filedescriptors 1048576
workers 8
http_port [::0]:1182
acl binding1 myip  fe80:abcd::1
tcp_outgoing_address  fe80:abcd::1 binding1
acl binding2 myip  fe80:abcd::2
tcp_outgoing_address  fe80:abcd::2 binding2
acl binding3 myip  fe80:abcd::3
tcp_outgoing_address  fe80:abcd::3 binding3
...
...
...
access_log /var/log/squid/access.log squid
cache_store_log none
cache deny all

I've tried to get a PCAP file and realized when client tries to connect
with a new IPv6 address, Squid is not trying to open a new connection
instead tries to resume a previously opened one on a different outgoing
IPv6 address. I set server_persistent_connections off which should have
disabled this behavior but it's still the same. I tried using a newer
version of Squid but it behaved differently and did not follow my outgoing
address specifications and kept connecting on IPv4.

I would be appreciated if someone can help me out here.
Thank you.
Emre
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20240503/1c293605/attachment.htm>

More information about the squid-users mailing list