On 15/11/2013 8:19 a.m., WorkingMan wrote:
> I have a weird problem. SQUID is configured as a transparent proxy.
> client<-->VPN <-> SQUID <--> internet
>
> squid.conf
> cache deny all
> forwarded_for on
> strip_query_terms off
>
> cache_effective_user proxy
> cache_effective_group proxy
> client_dst_passthru on
> host_verify_strict off
> http_port 3130 intercept
> http_port 3128
> <ecap config>
> http_access allow all
> http_reply_access allow all
>
>
>
> iOS client works fine and can connect to VPN and access internet.
>
> Android client can connect to VPN but can't access internet (if I disable
> proxy it can access internet or if I set 'forward routing' in VPN client but
> that appears to be simply bypassing proxy since I don't see traffic going to
> proxy)
>
> I enabled full log and I couldn't see anything past first request URL. I can
> ping and traceroute target web site (ex: www.cnn.com) but page just doesn't
> load. Using IP to access the web page has the same behavior so it's not DNS
> issue.
>
> I see this in the cache log:
>
> HTTP Server REQUEST (Server local=<SQUID> remote=157.166.248.11:80)
> HTTP Server REPLY (Server local=<SQUID> remote=157.166.248.11:80)
> <I see beginning of page's source code; does log show full source?>
No only the part which comes in with the same I/O cycle as the end of
headers.
> HTTP Client REPLY: (local=157.166.248.11:80 remote=<VPN>)
> persistentConnStatus: local=<SQUID> remote=157.166.248.11:80 FD 20 flags=1
> eof=0
> persistentConnStatus: persistentConnStatus: content_length=-1
> persistentConnStatus: persistentConnStatus: clen=-1
-1 for those means "unknown length" object is being transferred.
> processReplyBody: processReplyBody: INCOMPLETE_MSG from local=<SQUID>
> remote=157.166.248.11:80 FD 20 flags=1
"INCOMPLETE_MSG" is pretty self-describing.
>
> This last part (which looks wrong, content_length=-1) just keeps repeating.
> Eventually I see this:
>
> clientReadRequest: local=157.166.226.25:80 remote=<VPN> FD 12
> flags=33 size 0
> clientReadRequest: local=157.166.226.25:80 remote=<VPN> FD 12 flags=33
> closed?
> connFinishedWithConn: local=157.166.226.25:80 remote=<VPN> FD 12 flags=33
> closed
>
Sounds like expected behaviour for an unknown-length object being
transferred ollowed by the client disconnecting.
>
> The strange thing is that this works for iOS. Is there something special
> with Android?
It would seem so from this evidence. It is too new a problem to say
exactly what though.
Amos
Received on Fri Nov 15 2013 - 01:55:48 MST
This archive was generated by hypermail 2.2.0 : Mon Nov 18 2013 - 12:00:05 MST