Project

General

Profile

Actions

Bug #7391

closed

0.4.36_1 localnet ACL missing

Added by tqwqllrm tqwqllrm about 7 years ago. Updated over 6 years ago.

Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
03/15/2017
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:

Description

Version 0.4.36_1 of Squid on pfSense 2.3.3 does not provide the "localnet" acl anymore in /usr/local/etc/squid/squid.conf

Actions #1

Updated by Kill Bill about 7 years ago

Kindly tick "Allow local network(s) on interface(s)" if you want such ACL.

Actions #2

Updated by tqwqllrm tqwqllrm about 7 years ago

Additional information: The pfSense box is running OpenVPN so this may be a problem with this version of squid not being able to define localnet on a multi-interface pfSense platform

Actions #3

Updated by tqwqllrm tqwqllrm about 7 years ago

Kill Bill wrote:

Kindly tick "Allow local network(s) on interface(s)" if you want such ACL.

This is already ticked / enabled. More detail: I need localnet defined because I use "never_direct allow localnet" in "General / Advanced Options" to force clients through the pfSense squid proxy which itself uses an upstream parent. Since the upgrade to the squid package it is now not seeing localnet in /usr/local/etc/squid/squid.conf

Actions #4

Updated by Kill Bill about 7 years ago

Look, you need either non-empty local interface, or fill in Allowed Subnets on the ACLs tab. Please, use forums for discussion, this is a bug tracker.

Actions #5

Updated by tqwqllrm tqwqllrm about 7 years ago

Kill Bill wrote:

Look, you need either non-empty local interface, or fill in Allowed Subnets on the ACLs tab. Please, use forums for discussion, this is a bug tracker.

It is a bug, introduced since version 0.4.36_1. Perhaps I haven't explained it enough but I have a workaround. Hopefully someone else will submit the same bug and provide whatever information is required for proper investigation.

Actions #7

Updated by Kill Bill about 7 years ago

And FYI regarding the OpenVPN: https://redmine.pfsense.org/issues/4331 (IOW, it will never be auto-added to localnet since it would only add invalid junk. Any OpenVPN subnets need to be added manually to Allowed Subnets on the ACLs tab, as already noted above.)

Actions #8

Updated by tqwqllrm tqwqllrm about 7 years ago

Kill Bill wrote:

And FYI regarding the OpenVPN: https://redmine.pfsense.org/issues/4331 (IOW, it will never be auto-added to localnet since it would only add invalid junk. Any OpenVPN subnets need to be added manually to Allowed Subnets on the ACLs tab, as already noted above.)

FYI it worked fine before I upgraded to 0.4.36_1

Actions #9

Updated by Kill Bill over 6 years ago

As noted in https://redmine.pfsense.org/issues/7391#note-7 the OpenVPN interfaces are not added by design since it adds invalid information that does not and cannot work (see Bug #4331).

Close please, there's no bug here.

Actions #10

Updated by Jim Pingle over 6 years ago

  • Status changed from New to Not a Bug
  • Priority changed from High to Normal
  • Affected Version deleted (2.3.3)
Actions

Also available in: Atom PDF