Bug #7391
closed
0.4.36_1 localnet ACL missing
Added by tqwqllrm tqwqllrm over 7 years ago. Updated over 7 years ago.
0%
Description
Version 0.4.36_1 of Squid on pfSense 2.3.3 does not provide the "localnet" acl anymore in /usr/local/etc/squid/squid.conf
Updated by Kill Bill over 7 years ago
Kindly tick "Allow local network(s) on interface(s)" if you want such ACL.
Updated by tqwqllrm tqwqllrm over 7 years ago
Additional information: The pfSense box is running OpenVPN so this may be a problem with this version of squid not being able to define localnet on a multi-interface pfSense platform
Updated by tqwqllrm tqwqllrm over 7 years ago
Kill Bill wrote:
Kindly tick "Allow local network(s) on interface(s)" if you want such ACL.
This is already ticked / enabled. More detail: I need localnet defined because I use "never_direct allow localnet" in "General / Advanced Options" to force clients through the pfSense squid proxy which itself uses an upstream parent. Since the upgrade to the squid package it is now not seeing localnet in /usr/local/etc/squid/squid.conf
Updated by Kill Bill over 7 years ago
Look, you need either non-empty local interface, or fill in Allowed Subnets on the ACLs tab. Please, use forums for discussion, this is a bug tracker.
Updated by tqwqllrm tqwqllrm over 7 years ago
Kill Bill wrote:
Look, you need either non-empty local interface, or fill in Allowed Subnets on the ACLs tab. Please, use forums for discussion, this is a bug tracker.
It is a bug, introduced since version 0.4.36_1. Perhaps I haven't explained it enough but I have a workaround. Hopefully someone else will submit the same bug and provide whatever information is required for proper investigation.
Updated by Kill Bill over 7 years ago
No, it's not, noone touched the relevant code for years.
https://github.com/pfsense/FreeBSD-ports/blame/devel/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc#L1340
https://github.com/pfsense/FreeBSD-ports/blame/devel/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc#L1866
https://github.com/pfsense/FreeBSD-ports/blame/devel/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc#L1931
And here are the changes between 0.4.36 and 0.4.36_1:
https://github.com/pfsense/FreeBSD-ports/pull/313/files
Kindly use the forums for discussion.
Updated by Kill Bill over 7 years ago
And FYI regarding the OpenVPN: https://redmine.pfsense.org/issues/4331 (IOW, it will never be auto-added to localnet since it would only add invalid junk. Any OpenVPN subnets need to be added manually to Allowed Subnets on the ACLs tab, as already noted above.)
Updated by tqwqllrm tqwqllrm over 7 years ago
Kill Bill wrote:
And FYI regarding the OpenVPN: https://redmine.pfsense.org/issues/4331 (IOW, it will never be auto-added to localnet since it would only add invalid junk. Any OpenVPN subnets need to be added manually to Allowed Subnets on the ACLs tab, as already noted above.)
FYI it worked fine before I upgraded to 0.4.36_1
Updated by Kill Bill over 7 years ago
As noted in https://redmine.pfsense.org/issues/7391#note-7 the OpenVPN interfaces are not added by design since it adds invalid information that does not and cannot work (see Bug #4331).
Close please, there's no bug here.
Updated by Jim Pingle over 7 years ago
- Status changed from New to Not a Bug
- Priority changed from High to Normal
- Affected Version deleted (
2.3.3)