What is your experience with Windows Skype with latest Squid version ?
I think Skype uses UDP protocol too.
I have issue with start call to all computers, It works only chat.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.s
On 23/03/2017 2:44 a.m., Heiler Bemerguy wrote:
>
> Hi dude,
>
> I've noticed our users are being blocked by a rule which prevents
> CONNECTs to IP addresses instead of FQDN.
>
> What puzzles me is WHY skype is trying to connect to IPs even after
> connecting to FQDNs.. ? Have anyone noticed thi
Hi dude,
I've noticed our users are being blocked by a rule which prevents
CONNECTs to IP addresses instead of FQDN.
What puzzles me is WHY skype is trying to connect to IPs even after
connecting to FQDNs.. ? Have anyone noticed this? Any workaround apart
from whitelisting Microsoft IPs
aissi [mailto:sameh.onai...@solcv.com]
Sent: Thursday, December 8, 2016 12:51 AM
To: Eliezer Croitoru
Cc: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Skype for Business behind a transparent squid
(TProxy) HTTP/S
Hello, thank you Eliezer!
We managed to fix the issue, but we created an
e: +972-5-28704261
Email: elie...@ngtech.co.il
From: Sameh Onaissi [mailto:sameh.onai...@solcv.com]
Sent: Wednesday, December 7, 2016 10:11 PM
To: Eliezer Croitoru
Cc: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Skype for Business behind a transparent squid
(TProxy) HTTP/S
iptabl
, 2016 10:11 PM
To: Eliezer Croitoru
Cc: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Skype for Business behind a transparent squid
(TProxy) HTTP/S
iptables is the same.. here is after I ran the script twice (with and
without proxy)
http://pastebin.com/YFtbG6St
I have a script th
tp://pastebin.com/9JrVANtt
pastebin.com
Piensa en el medio ambiente antes de imprimir este email.
From: Eliezer Croitoru <mailto:elie...@ngtech.co.il>
Sent: Wednesday, December 7, 2016 10:58:18 AM
To: Sameh Onaissi
Cc: mailto:squid-users@lists.squid-cache.org
6:09 PM
To: Eliezer Croitoru
Cc: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Skype for Business behind a transparent squid
(TProxy) HTTP/S
iptables-save: http://pastebin.com/9JrVANtt
ipset list : http://pastebin.com/wtMtzaQe
http://pastebin.com/wtMtzaQe
http://pastebin.com/w
bn1.gstatic.com/images?q=tbn:ANd9GcQfU2bXCBPGhd5da40t2NysagP5_TdzOv6NOC14r3PXrn5b8k8cog]
Piensa en el medio ambiente antes de imprimir este email.
From: Eliezer Croitoru
Sent: Wednesday, December 7, 2016 10:58:18 AM
To: Sameh Onaissi
Cc: squid-users@lists.squid-cache.org
Subject: RE: [squid-users] Skype for Busin
...@ngtech.co.il
From: Sameh Onaissi [mailto:sameh.onai...@solcv.com]
Sent: Wednesday, December 7, 2016 5:23 PM
To: Eliezer Croitoru
Cc: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Skype for Business behind a transparent squid
(TProxy) HTTP/S
Still not working and I do not know what
naissi [mailto:sameh.onai...@solcv.com]
Sent: Wednesday, December 7, 2016 12:36 AM
To: Eliezer Croitoru
Cc: 'Amos Jeffries' ;
squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Skype for Business behind a transparent squid
(TProxy) HTTP/S
Hello Eliezer and thanks again.
I ran the script
Cc: 'Amos Jeffries' ;
squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Skype for Business behind a transparent squid
(TProxy) HTTP/S
Hello Eliezer and thanks again.
I ran the script with the tproxy argument.
Tried to reconnect skype for business...
After about a 3 min w
60720 10.0.0.38 TAG_NONE/200 0 CONNECT 104.208.31.113:443 -
HIER_NONE/- -
1481063344.143 60719 10.0.0.38 TCP_TUNNEL/200 6389 CONNECT
pipe.skype.com:443 - ORIGINAL_DST/104.208.31.113 -
a new set showed up...
what more can we do?
keep adding ip ranges?
thanks
Piensa en el medio ambiente
On 7/12/2016 11:35 a.m., Sameh Onaissi wrote:
>
> a new set showed up...
>
> what more can we do?
>
> keep adding ip ranges?
Yes, this choice of approach means constatly keeping an eye out for and
adding ranges as needed.
Amos
___
squid-users mailin
, December 7, 2016 12:36 AM
To: Eliezer Croitoru
Cc: 'Amos Jeffries' ;
squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Skype for Business behind a transparent squid
(TProxy) HTTP/S
Hello Eliezer and thanks again.
I ran the script with the tproxy argument.
Tried to reconnect
m/images?q=tbn:ANd9GcQfU2bXCBPGhd5da40t2NysagP5_TdzOv6NOC14r3PXrn5b8k8cog]
Piensa en el medio ambiente antes de imprimir este email.
From: Eliezer Croitoru
Sent: Tuesday, December 6, 2016 4:36:56 PM
To: Sameh Onaissi
Cc: 'Amos Jeffries'; squid-users@lists.squid-cache.org
Subject: RE: [sq
.@treenet.co.nz>;
mailto:squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Skype for Business behind a transparent squid
(TProxy) HTTP/S
Hello,
OK, I added the ssl_bump slice on the skype domains text file
I installed ipset and ran the script.
Now access.log has much less skype rela
-
http://ngtech.co.il/lmgtfy/
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il
From: Sameh Onaissi [mailto:sameh.onai...@solcv.com]
Sent: Tuesday, December 6, 2016 7:29 PM
To: Eliezer Croitoru
Cc: Amos Jeffries ; squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Sky
/lmgtfy/
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il
From: Sameh Onaissi [mailto:sameh.onai...@solcv.com]
Sent: Tuesday, December 6, 2016 7:29 PM
To: Eliezer Croitoru
Cc: Amos Jeffries ; squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Skype for
o.il>
From: Sameh Onaissi [mailto:sameh.onai...@solcv.com]
Sent: Tuesday, December 6, 2016 5:23 PM
To: Amos Jeffries mailto:squ...@treenet.co.nz>>
Cc: Eliezer Croitoru mailto:elie...@ngtech.co.il>>
Subject: Re: [squid-users] Skype for Business behind a transparent squid
(TProxy) HTT
If that is the edge server then it will be the audio/video
Sent from my iPhone
> On 6/12/2016, at 12:35, Amos Jeffries wrote:
>
>> On 6/12/2016 11:46 a.m., Sameh Onaissi wrote:
>>
>> I have a Ubuntu 16.04 server with Squid 3.5.22 installed. It acts as a
>> gateway in a LAN.
>>
>> It is confi
On 6/12/2016 1:11 p.m., Sameh Onaissi wrote:
Hey,
Let me see if I understood that right.
I can change TPROXY to REDIRECT in my iptables.sh and in the ssl-bump
replace proxy with intercept.
You _can_ but dont have to. It is just an optimization made possible by
what that machine is doing to
2016 1:28 AM
To: Eliezer Croitoru mailto:elie...@ngtech.co.il>>
Cc: squid-users@lists.squid-cache.org<mailto:squid-users@lists.squid-cache.org>
Subject: Re: [squid-users] Skype for Business behind a transparent squid
(TProxy) HTTP/S
Hello Eliezer, thank you for the reply.
Honestly, to get
On 6/12/2016 11:46 a.m., Sameh Onaissi wrote:
I have a Ubuntu 16.04 server with Squid 3.5.22 installed. It acts as a
gateway in a LAN.
It is configured to intercept HTTP and HTTPS traffic (Transparent). So
iptables redirects were used for ports 80 and 443.
The server runs two scripts:
_*nat
Sameh Onaissi
Sent: Tuesday, December 6, 2016 12:47 AM
To: squid-users@lists.squid-cache.org<mailto:squid-users@lists.squid-cache.org>
Subject: [squid-users] Skype for Business behind a transparent squid (TProxy)
HTTP/S
I have a Ubuntu 16.04 server with Squid 3.5.22 installed. It acts as a
I have a Ubuntu 16.04 server with Squid 3.5.22 installed. It acts as a gateway
in a LAN.
It is configured to intercept HTTP and HTTPS traffic (Transparent). So iptables
redirects were used for ports 80 and 443.
The server runs two scripts:
nat.sh to bridge the two network cards, allowing LAN co
...@lists.squid-cache.org] On Behalf
Of Andrea Venturoli
Sent: Tuesday, October 25, 2016 17:42
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] skype connection problem
On 10/25/16 16:26, Yuri Voinov wrote:
You LAN settings is too restrictive. AFAIK you require to permit
traffic t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
25.10.2016 21:45, Andrea Venturoli пишет:
> On 10/25/16 16:43, Yuri Voinov wrote:
>>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> Wireshark? :)
>
> No good: I don't trust MS not to change them the next day.
You. But you is not the
On 10/25/16 16:43, Yuri Voinov wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Wireshark? :)
No good: I don't trust MS not to change them the next day.
In my environment this not required.
Neither in mine, but some customer insists on using this Skype crap and
while the Windows
[mailto:squid-users-boun...@lists.squid-cache.org] On Behalf
Of Andrea Venturoli
Sent: Tuesday, October 25, 2016 17:42
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] skype connection problem
On 10/25/16 16:26, Yuri Voinov wrote:
> You LAN settings is too restrictive. AFAIK you requ
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Wireshark? :)
No, I have no IP list. In my environment this not required.
25.10.2016 20:41, Andrea Venturoli пишет:
> On 10/25/16 16:26, Yuri Voinov wrote:
>
>> You LAN settings is too restrictive. AFAIK you require to permit traffic
>> to skype
s [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf
Of Yuri Voinov
Sent: Tuesday, October 25, 2016 17:37
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] skype connection problem
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
25.10.2016 20:35, Eliezer Croitoru пишет
On 10/25/16 16:26, Yuri Voinov wrote:
You LAN settings is too restrictive. AFAIK you require to permit traffic
to skype servers directly from your clients. Without proxy.
Any hint on how to identify those server?
Any IP list?
bye & Thanks
av.
_
-28704261
> Email: elie...@ngtech.co.il
>
>
> -Original Message-
> From: Nicolas Valera [mailto:nval...@gmail.com]
> Sent: Tuesday, October 25, 2016 17:19
> To: Eliezer Croitoru ; squid-us...@squid-cache.org
> Subject: Re: [squid-users] skype connection problem
>
> Hi Eliezer
: Re: [squid-users] skype connection problem
Hi Eliezer, thanks for the answer!
On 10/24/2016 02:03 PM, Eliezer Croitoru wrote:
> Just to understand the scenario:
> You have let say 1 client on network 192.168.0.0/24 You have a proxy
> at 192.168.0.200 The client doesn’t have a gatew
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
You LAN settings is too restrictive. AFAIK you require to permit traffic
to skype servers directly from your clients. Without proxy.
Because of Skype voice traffic is non-HTTP(S). And proxy can't know how
to handle it.
25.10.2016 20:25, Nicolas
Amos, thanks for the tips!
any idea about my skype problem?
regards
On 10/25/2016 08:13 AM, Amos Jeffries wrote:
On 25/10/2016 5:19 a.m., Nicolas Valera wrote:
Hi Yuri, thanks for the answer!
we don't have the squid in transparent mode in this network.
the squid configuration is very basic. h
Of N V
Sent: Monday, October 24, 2016 01:11
To: squid-us...@squid-cache.org
Subject: [squid-users] skype connection problem
hi there,
i've had problems with windows skype clients with the only internet
connection is through squid. the clients can login successful but when they
make a call, i
On 25/10/2016 5:19 a.m., Nicolas Valera wrote:
> Hi Yuri, thanks for the answer!
>
> we don't have the squid in transparent mode in this network.
> the squid configuration is very basic. here is the conf:
>
> -
> http_port 12
trator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On
Behalf Of N V
Sent: Monday, October 24, 2016 01:11
To: squid-us...@squid-cache.org
Subject: [squid-users] skype connection problem
hi there,
i've had problems w
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
24.10.2016 22:28, Nicolas Valera пишет:
>
>
> On 10/24/2016 01:21 PM, Yuri Voinov wrote:
>>
>
> 24.10.2016 22:19, Nicolas Valera пишет:
> >>> Hi Yuri, thanks for the answer!
> >>>
> >>> we don't have the squid in transparent mode in this network.
On 10/24/2016 01:21 PM, Yuri Voinov wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
24.10.2016 22:19, Nicolas Valera пишет:
Hi Yuri, thanks for the answer!
we don't have the squid in transparent mode in this network.
So, you route all traffic to proxy box?
Yes, clients do not have
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
24.10.2016 22:19, Nicolas Valera пишет:
> Hi Yuri, thanks for the answer!
>
> we don't have the squid in transparent mode in this network.
So, you route all traffic to proxy box?
> the squid configuration is very basic. here is the conf:
>
>
Hi Yuri, thanks for the answer!
we don't have the squid in transparent mode in this network.
the squid configuration is very basic. here is the conf:
-
http_port 1280 connection-auth=off
forwarded_for delete
httpd_suppress_v
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
24.10.2016 4:11, N V пишет:
> hi there,
> i've had problems with windows skype clients with the only internet
connection is through squid. the clients can login successful but when
they make a call, it hangs after 12 secconds.
>
> I checked the c
hi there,
i've had problems with windows skype clients with the only internet
connection is through squid. the clients can login successful but when they
make a call, it hangs after 12 secconds.
I checked the client connections and see that attempts to connect directly even
if the proxy is properl
On 09/01/2016 01:53 PM, Marcus Kool wrote:
>> On 07/30/2016 04:21 PM, Alex Rousskov wrote:
>>> We are working on supporting/fixing tunneling of bumped connections
> Is there an expected date for a fix?
I hesitate publishing private ETAs because priorities often change but
"in a few weeks" does no
On 08/27/2016 02:20 PM, Marcus Kool wrote:
On 07/30/2016 04:21 PM, Alex Rousskov wrote:
*snip*
Update: The question still stands, but we now know more about what
happens if the on_unsupported_protocol bug (in code and/or
documentation, depending on how you look at it) discussed above is
fix
On 07/30/2016 04:21 PM, Alex Rousskov wrote:
*snip*
Update: The question still stands, but we now know more about what
happens if the on_unsupported_protocol bug (in code and/or
documentation, depending on how you look at it) discussed above is
fixed: Squid then starts tunneling traffic as it
On 07/18/2016 05:03 PM, Alex Rousskov wrote:
> On 07/18/2016 01:27 AM, Amos Jeffries wrote:
>> On 15/07/2016 10:38 p.m., Evgeniy Kononov wrote:
>>> With this setup I have problem with group chats, calls and attachments in
>>> messages.
>
>> The problem is with identifying it in fairly reliable wa
On 07/18/2016 01:27 AM, Amos Jeffries wrote:
> On 15/07/2016 10:38 p.m., Evgeniy Kononov wrote:
>> With this setup I have problem with group chats, calls and attachments in
>> messages.
> The problem is with identifying it in fairly reliable way from all the
> other traffic. That is where we are
ech.co.il
-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf
Of Amos Jeffries
Sent: Monday, July 18, 2016 10:27 AM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Skype+intercept+ssl_bump
On 15/07/2016 10:38 p.m., Evgeniy Kononov
On 15/07/2016 10:38 p.m., Evgeniy Kononov wrote:
> Hello!
>
> Can you help me with correct settings for squid to use skype ?
>
FYI: there are currently no known "correct" setting for Skype when
SSL-Bump is involved.
There are settings known to work when Squid is setup as an explicit
proxy, and
Hello!
Can you help me with correct settings for squid to use skype ?
My current config.
# squid -v
Squid Cache: Version 3.5.20
Service Name: squid
configure options: '--build=x86_64-redhat-linux-gnu'
'--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr'
'--exec-prefix=/usr' '
rator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il
-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf
Of Steve Hill
Sent: Wednesday, July 6, 2016 5:47 PM
To: squid-users@lists.squid-cache.org
Subject: [squid-users] Skype, SSL bum
On 07/07/2016 10:12 AM, Steve Hill wrote:
> I've compared the headers and the original contains:
> Upgrade: websocket
> Connection: Upgrade
>
> Unfortunately, since Squid doesn't support websockets I think there's no
> way around this
Squid can be taught to recognize HTTP upgrades to un
On 07/07/16 11:07, Eliezer Croitoru wrote:
Can you verify please using a debug 11,9 that squid is not altering the request
in any form?
Such as mentioned at: http://bugs.squid-cache.org/show_bug.cgi?id=4253
Thanks for this. I've compared the headers and the original contains:
Upgrade
elie...@ngtech.co.il
-Original Message-
From: Steve Hill [mailto:st...@opendium.com]
Sent: Thursday, July 7, 2016 11:45 AM
To: Eliezer Croitoru; squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Skype, SSL bump and go.trouter.io
On 06/07/16 20:44, Eliezer Croitoru wrote:
> There ar
On 06/07/16 20:44, Eliezer Croitoru wrote:
There are couple options to the issue and a bad request can happen if
squid transforms or modifies the request. Did you tried to use basic
debug sections output to verify if you are able to "replicate" the
request using a tiny script or curl? I think th
ists.squid-cache.org] On Behalf
Of Steve Hill
Sent: Wednesday, July 6, 2016 5:47 PM
To: squid-users@lists.squid-cache.org
Subject: [squid-users] Skype, SSL bump and go.trouter.io
I've been finding some problems with Skype when combined with TProxy and
HTTPS interception and wondered if anyon
I've been finding some problems with Skype when combined with TProxy and
HTTPS interception and wondered if anyone had seen this before:
Skype works so long as HTTPS interception is not performed and traffic
to TCP and UDP ports 1024-65535 is allowed directly out to the internet.
Enabling S
On 06/30/2016 09:10 AM, Amos Jeffries wrote:
...
The on_unsupported_protocol directive is about what its name says *any*
unsupported protocol. Not ICQ specific.
I think the issue here is that Skype looks at the binary level like TLS.
TLS being a supported protocol if it looks close enough th
On 30/06/2016 5:19 a.m., Yuri Voinov wrote:
>
> No, the problem in another place.
>
> This option about ICQ, not about Skype.
>
> 29.06.2016 22:58, Renato Jop пишет:
>> I've installed squid4 and the problems still persists. I've added the
>> following acl:
>> # define what Squid errors indicate
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
No, the problem in another place.
This option about ICQ, not about Skype.
29.06.2016 22:58, Renato Jop пишет:
> I've installed squid4 and the problems still persists. I've added the
> following acl:
> # define what Squid errors indicate receivin
I've installed squid4 and the problems still persists. I've added the
following acl:
# define what Squid errors indicate receiving non-HTTP traffic:
acl foreignProtocol squid_error ERR_PROTOCOL_UNKNOWN ERR_TOO_BIG
# define what Squid errors indicate receiving nothing:
acl serverTalksFirstProtocol s
I've installed LibreSSL 2.2.9 and the issue still persists.
I think I am going to have install squid4 even if it's still in beta to
solve this issues.
Thanks for your help.
Renato Jop
On Mon, Jun 27, 2016 at 9:36 AM, Renato Jop wrote:
> Is there a way to verify that the SSL library doesn't sup
Is there a way to verify that the SSL library doesn't support SSLv3?
Renato Jop
On Mon, Jun 27, 2016 at 8:43 AM, Yuri wrote:
> Looks like your SSL library does not contain SSLv3 protocol support
> already, but site announce it.
>
> 27.06.2016 20:42, Renato Jop пишет:
>
> I removed the NO_SSLv2,
Looks like your SSL library does not contain SSLv3 protocol support
already, but site announce it.
27.06.2016 20:42, Renato Jop пишет:
I removed the NO_SSLv2, NO_SSLv3 however, right before the
SSL3_GET_RECORD:wrong version number the SSL
routines:SSL23_GET_SERVER_HELLO:unknown protocol is sh
I removed the NO_SSLv2, NO_SSLv3 however, right before the
SSL3_GET_RECORD:wrong version number the SSL
routines:SSL23_GET_SERVER_HELLO:unknown protocol is shown.
Renato Jop
On Mon, Jun 27, 2016 at 8:29 AM, Yuri wrote:
> Try to remove NO_SSLv2,NO_SSLv3 from options. SSLv2 already not supported
Try to remove NO_SSLv2,NO_SSLv3 from options. SSLv2 already not
supported everywhere, RC4/3DES is SSLv3 ciphers, so it can be confuse
software. I.e., you use custom ciphers/protocols combinations, which can
lead issue.
27.06.2016 20:25, Renato Jop пишет:
Thank you both for your valuable help
Thank you both for your valuable help.
I've configured the tls-dh param with a strong Diffie-Hellman group (2048
bits) and configured the cipher as Yuri specified and I was able to get
pass the unknown cipher, however now I get a "SSL
routines:SSL3_GET_RECORD:wrong version number". Here's the confi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
25.06.2016 23:09, Amos Jeffries пишет:
> On 26/06/2016 4:32 a.m., Yuri Voinov wrote:
>>
>> Amos, you are a wrong.
>>
>> No Squid-4. It's unstable and not ready for production. Whenever it's
>> features.
>
> So some beta software has bugs therefor
On 26/06/2016 4:32 a.m., Yuri Voinov wrote:
>
> Amos, you are a wrong.
>
> No Squid-4. It's unstable and not ready for production. Whenever it's
> features.
So some beta software has bugs therefore nobody should ever use it for
anything. I find that to be a strange and sad view of the world.
Ca
Thanks both for you help.
I'll try to make this changes and see if this solves my issues.
Renato Jop
On Sat, Jun 25, 2016 at 10:32 AM, Yuri Voinov wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Amos, you are a wrong.
>
> No Squid-4. It's unstable and not ready for production.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Amos, you are a wrong.
No Squid-4. It's unstable and not ready for production. Whenever it's
features.
Some time ago I have the same issue and know what happens exactly.
Skype initial connection site uses RC4 cipher. Which is disabled in most
sq
On 26/06/2016 1:19 a.m., Renato Jop wrote:
> Hello,
> I've configured squid to filter both HTTP and HTTPS traffic and for the
> most part the squid server is working correctly, however, I am always
> unable to login with skype. Skype does send all the requests through the
> suid server, but lookin
Hello,
I've configured squid to filter both HTTP and HTTPS traffic and for the
most part the squid server is working correctly, however, I am always
unable to login with skype. Skype does send all the requests through the
suid server, but looking into the cache.log I always get a Error
negotiating
bject: Re: [squid-users] Skype makes Squid with ssl_bump crash
Em 09/06/2016 19:36, Amos Jeffries escreveu:
On 10/06/2016 7:20 a.m., Bruno de Paula Larini wrote:
Hi list.
I'm experiencing some crashes on Squid workers and eventually on the
parent process while using a mixed authenticated/i
972-5-28704261
Email: elie...@ngtech.co.il
-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf
Of Bruno de Paula Larini
Sent: Saturday, June 11, 2016 12:34 AM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Skype makes Squid with ssl
Em 09/06/2016 19:36, Amos Jeffries escreveu:
On 10/06/2016 7:20 a.m., Bruno de Paula Larini wrote:
Hi list.
I'm experiencing some crashes on Squid workers and eventually on the
parent process while using a mixed authenticated/intercepted ssl_bump +
Skype (7.21.0.100). After searching for some c
On 10/06/2016 7:20 a.m., Bruno de Paula Larini wrote:
> Hi list.
>
> I'm experiencing some crashes on Squid workers and eventually on the
> parent process while using a mixed authenticated/intercepted ssl_bump +
> Skype (7.21.0.100). After searching for some clues, I've found this:
>
> Changes to
Hi list.
I'm experiencing some crashes on Squid workers and eventually on the
parent process while using a mixed authenticated/intercepted ssl_bump +
Skype (7.21.0.100). After searching for some clues, I've found this:
Changes to squid-3.5.9 (17 Sep 2015):
...
- Bug 4309: crash during
Thank you Amos, really. I own you a wine (?)
Have a nice day
Cheers
Jonathan
El 04/06/15 a las 11:01, Amos Jeffries escibió:
On 5/06/2015 1:26 a.m., Jonathan Filogna wrote:
And if i want to make exceptions to memberships on AD, how can i do it?
That's what i need.
You can do it two ways.
A
Amos, i'll test it
Thank you very, very much
El 04/06/15 a las 11:01, Amos Jeffries escibió:
On 5/06/2015 1:26 a.m., Jonathan Filogna wrote:
And if i want to make exceptions to memberships on AD, how can i do it?
That's what i need.
You can do it two ways.
A) place the "!administrador" test
On 5/06/2015 1:26 a.m., Jonathan Filogna wrote:
> And if i want to make exceptions to memberships on AD, how can i do it?
> That's what i need.
You can do it two ways.
A) place the "!administrador" test on the end of each of the skype deny
lines.
B) place an "allow administrador" line above the
And if i want to make exceptions to memberships on AD, how can i do it?
That's what i need.
El 04/06/15 a las 10:08, Amos Jeffries escibió:
On 5/06/2015 12:05 a.m., rocaembole wrote:
here's my squid.conf
##NTLM
#
##DECLARED
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.
On 5/06/2015 12:05 a.m., rocaembole wrote:
> here's my squid.conf
>
> ##NTLM
> #
> ##DECLARED
> auth_param ntlm program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5
> auth_param ntlm keep_alive on
>
> external_acl_type ntlm_group ttl=f3600 children=100 %LOGI
here's my squid.conf
##NTLM
#
##DECLARED
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5
auth_param ntlm keep_alive on
external_acl_type ntlm_group ttl=f3600 children=100 %LOGIN
/usr/lib/squid3/wbinfo_group.pl
##SRC
acl administrador ext
On 4/06/2015 6:34 a.m., rocaembole wrote:
> Hey guys, here from Argentina, i am having the same issue.
>
> when Skype is trying to log in, this is what i've found at access.log
>
> 1433357138.206 31 10.0.0.110 TCP_DENIED/403 3437 CONNECT
> 157.55.130.161:443 - NONE/- text/html
> 1433357139.21
Hey guys, here from Argentina, i am having the same issue.
when Skype is trying to log in, this is what i've found at access.log
1433357138.206 31 10.0.0.110 TCP_DENIED/403 3437 CONNECT
157.55.130.161:443 - NONE/- text/html
1433357139.216 30 10.0.0.110 TCP_DENIED/403 3437 CONNECT
157.55.1
On 12/12/2014 02:31 AM, Yu-Hsuan Liao wrote:
> I'm trying to using Squid 3.5's new feature peek-and-splice to bypass
> Skype connection
> I'm a little confused about ssl_bump steps,
> the wiki says that
>
> peek Receive client (step SslBump1) or server (step SslBump2)
> certificate while preservi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 17/12/2014 10:52 p.m., Yu-Hsuan Liao wrote:
>> Only if "skype_list" matches the TCP packet IP address (without
>> rDNS being looked up) will the peek happen.
>
>> I think you need to add at_step ACL test to peek always at
>> step1, then do the oth
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 17/12/2014 10:52 p.m., Yu-Hsuan Liao wrote:
The peek at step1 should be detecting that non-TLS/SSL is occuring.
For the non-HTTP over TLS/SSL... IF you bumped it Squid can still
fallback to tunnel I think, but a slower way than splice normally
wo
> Only if "skype_list" matches the TCP packet IP address (without rDNS
> being looked up) will the peek happen.
> I think you need to add at_step ACL test to peek always at step1, then
> do the other actions at step2 once SNI (domain name) is possibly
> available.
Hello Amos,
What if a non-SSL o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/12/2014 10:31 p.m., Yu-Hsuan Liao wrote:
> Hello everyone,
>
> I'm trying to using Squid 3.5's new feature peek-and-splice to
> bypass Skype connection I'm a little confused about ssl_bump
> steps, the wiki says that
>
> peek Receive client (st
Hello everyone,
I'm trying to using Squid 3.5's new feature peek-and-splice to bypass
Skype connection
I'm a little confused about ssl_bump steps,
the wiki says that
peek Receive client (step SslBump1) or server (step SslBump2)
certificate while preserving the possibility of splicing the
connecti
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 21/10/2014 6:25 p.m., Riccardo Castellani wrote:
> I'm using Squid and it's unique access to go out to Internet. I
> created rules for Skype traffic but I'd like to understand how to
> set its ports because my unique access way to Intenret is proxy
I'm using Squid and it's unique access to go out to Internet.
I created rules
for Skype traffic but I'd like to understand how to set its ports because my
unique access way to Intenret is proxy on 3128.
I have firewall which is block
all ports.
My settings:
Use port X for incoming connecti
98 matches
Mail list logo
