Bug #4690
closed
Squid cache needs to be flushed periodically or package managers on LAN clients wont work
0%
Description
I have experienced the same issue about 6 months ago when after having installed squid+SG I noticed that package managers (both windows & linux) were behaving strangely. All problems seemed to point to connection issues to repos or external sources.
I opened a thread on the forum but no real solution was found except reinstall pfsense from scratch without squid..
I need squid to do caching and web filtering. Lately, I reinstalled it but a few days later, the issue with package managers resurfaced.
For example of the behavior I experience, please visit the forum thread https://forum.pfsense.org/index.php?topic=83568.0
The workaround is to flush squid's cache and reconstruct the folder architecture with the following commands:
squid -k shutdown
rm -fr /var/squid/cache/*
squid -z
/usr/local/sbin/squid -D
All other web functions, VOIP, websites and such are functioning normally. I only have problems with the package managers. When I execute the commands above, immediately all goes to normal but a few days later, I need again to flush squid's cache manually.
Squid 2.7.9 pkg v.4.3.6
pfsense 2.2.2-RELEASE (amd64) built on Mon Apr 13 20:10:22 CDT 2015 FreeBSD 10.1-RELEASE-p9
Updated by Chris Buechler over 10 years ago
- Status changed from New to Rejected
this is almost certainly a problem within squid itself, or a problem on the servers in question, none of which we have control over. If you find a config issue that's the source of the issue, please follow up. Otherwise, you'll need to do further troubleshooting to find the root cause and address with the responsible party.
Updated by Anonymous over 10 years ago
Chris, thanks for the response. YOu suggest to follow up with the responsible parties (I assume squid's devs) but do you have a suggestion to start with a specific dev or contributor?
While I am not a dev myself, I am pretty handy at tweaking stuff and getting my hand in the internals of things..
Updated by Chris Buechler over 10 years ago
the squid users mailing list is probably your best bet to start.
Updated by Anonymous over 10 years ago
I posted on squid's maillist and their answer was:
"The Ubuntu problem is a combination of pacage manager assuming HTTP/1,1
protocol mechanisms (revalidatio particularly) will work despite clear signal
from Squid-2.7 that it is only HTTP/1.0 compliant. The YUM output is unclear
but appears to be the same core issue.
Please upgrade to a current version of Squid (today that would be 3.5.4). The
APT problem at least has been confirmed fixed years go in Squid-3.1."
SO I assume squid's package in pfsense is WAYYY old?
Updated by Kill Bill over 10 years ago
Louis-Philippe Allard wrote:
SO I assume squid's package in pfsense is WAYYY old?
Yeah, when you install Squid v2, it's obviously very old. ;) Perhaps you would have better luck with the Squid*3* package.
Updated by Anonymous over 10 years ago
Solved! Squid 3 seems to have solved the issue! Why not mark Squid 2 as "deprecated"?
Updated by Phillip Davis over 10 years ago
Squid2 has been disabled for pfSense 2.3 onwards - https://github.com/pfsense/pfsense-packages/commit/5be0199960c6d8fe85d1e4085e26316b504a91cd