--- On Mon, 11/15/10, Landy Landy <landysaccount@xxxxxxxxx> wrote: > From: Landy Landy <landysaccount@xxxxxxxxx> > Subject: Re: Problems with hotmail and facebook - rev > To: squid-users@xxxxxxxxxxxxxxx, "Amos Jeffries" <squid3@xxxxxxxxxxxxx> > Date: Monday, November 15, 2010, 8:20 AM > > --- On Sun, 11/14/10, Amos Jeffries <squid3@xxxxxxxxxxxxx> > wrote: > > > From: Amos Jeffries <squid3@xxxxxxxxxxxxx> > > Subject: Re: Problems with hotmail and > facebook - rev > > To: squid-users@xxxxxxxxxxxxxxx > > Date: Sunday, November 14, 2010, 10:19 PM > > On Sun, 14 Nov 2010 18:38:06 -0800 > > (PST), Landy Landy > > <landysaccount@xxxxxxxxx> > > wrote: > > > --- On Sun, 11/14/10, Amos Jeffries <squid3@xxxxxxxxxxxxx> > > wrote: > > > > > >> From: Amos Jeffries <squid3@xxxxxxxxxxxxx> > > >> Subject: Re: Problems with > hotmail > > and facebook > > >> To: "Landy Landy" <landysaccount@xxxxxxxxx> > > >> Cc: squid-users@xxxxxxxxxxxxxxx > > >> Date: Sunday, November 14, 2010, 8:27 PM > > >> On Sun, 14 Nov 2010 17:04:10 -0800 > > >> (PST), Landy Landy > > >> <landysaccount@xxxxxxxxx> > > >> wrote: > > >> > --- On Sun, 11/14/10, Amos Jeffries > <squid3@xxxxxxxxxxxxx> > > >> wrote: > > >> > > > >> >> From: Amos Jeffries <squid3@xxxxxxxxxxxxx> > > >> >> Subject: Re: Problems > with > > hotmail > > >> and facebook > > >> >> To: "Landy Landy" <landysaccount@xxxxxxxxx> > > >> >> Cc: squid-users@xxxxxxxxxxxxxxx > > >> >> Date: Sunday, November 14, 2010, > 7:42 PM > > >> >> On Sun, 14 Nov 2010 16:19:41 -0800 > > >> >> (PST), Landy Landy > > >> >> <landysaccount@xxxxxxxxx> > > >> >> wrote: > > >> >> > Someone suggested to disable > pmtu on > > squid > > >> and on the > > >> >> linux gw. > > >> >> > > > >> >> > I was able to disable it on > linux: > > >> >> > > > >> >> > echo 1 > > > >> /proc/sys/net/ipv4/ip_no_pmtu_disc > > >> >> > > > >> >> > That hasn't change anything. > > >> >> > > > >> >> > Now, do I really need to > disable it > > on squid > > >> in order > > >> >> to work? I read > > >> >> this: > > >> >> > > > >> >> > disable-pmtu-discovery= > > >> >> > Control Path-MTU discovery > usage: > > >> >> > off lets OS decide on what to > do > > (default). > > >> >> > transparent disable PMTU > discovery > > when > > >> transparent > > >> >> support is enabled. > > >> >> > always disable always PMTU > > discovery. > > >> >> > > > >> >> > In many setups of > transparently > > intercepting > > >> proxies > > >> >> Path-MTU > > >> >> > discovery can not work on > traffic > > towards the > > >> clients. > > >> >> This is > > >> >> > the case when the intercepting > > device does > > >> not fully > > >> >> track > > >> >> > connections and fails to > forward > > ICMP must > > >> fragment > > >> >> messages > > >> >> > to the cache server. If you > have > > such setup > > >> and > > >> >> experience that > > >> >> > certain clients sporadically > hang or > > never > > >> complete > > >> >> requests set > > >> >> > disable-pmtu-discovery option > to > > >> 'transparent'. > > >> >> > > > >> >> > but, that option is > "unrecognized" > > by squid. > > >> Is it > > >> >> really necessary to > > >> >> > disable it on squid? If so, > how? > > >> >> > > >> >> Strange. That option is accepted in > all > > 3.0 and > > >> later > > >> >> releases. > > >> >> http_port ... > > disable-pmtu-discovery=off > > >> >> > > >> >> Being the default it should not need > to > > be set. > > >> But wont > > >> >> hurt for > > >> >> debugging. > > >> >> > > >> >> > > >> > Amos. > > >> > > > >> > I've tried with both 3.0.24 and 3.1.9: > > >> > > > >> > 2010/11/14 20:57:24| cache_cf.cc(363) > > >> parseOneConfigFile: squid.conf:406 > > >> > unrecognized: > 'disable-pmtu-discovery=off' > > >> > optimum-router:/home/landysaccount# > > >> /usr/local/squid3/sbin/squid > > >> > > > >> > 2010/11/14 20:58:30| cache_cf.cc(363) > > >> parseOneConfigFile: squid.conf:406 > > >> > unrecognized: > 'disable_pmtu_discovery=off' > > >> > > > >> > > > >> > 2010/11/14 21:00:38| cache_cf.cc(363) > > >> parseOneConfigFile: squid.conf:406 > > >> > unrecognized: 'disable-pmtu-discovery' > > >> > > > >> > > >> Ah, it is a flag on http_port lines. Not a > line by > > itself. > > >> I don't think its related to the problem > though. > > The > > >> details so far given > > >> have been that the reply is broken and not > being > > processed > > >> well. PMTU > > >> breakage leads to a "zero sized reply" > error. > > >> > > >> > I'm going crazy with this hotmail > problem > > can't get it > > >> working again. I > > >> > had to disable squid and just forward > all > > traffic, > > >> even though it works, > > >> I > > >> > need squid running in the middle. > > >> > > > >> > What do you suggest??? > > >> > > > >> > > >> Can you grab a tcpdump of one of these > failing > > replies > > >> please? > > >> > > >> Amos > > >> > > > Amos. > > > > > > I ran two tcpdump and they are at: > > > > > > www.optimumrd.com/dumpresult1 > > > and > > > www.optimumrd.com/dumpresult2 > > > also my squid.conf is at: > > > www.optimumrd.com/squid.conf > > > > I'm getting deja vu looking at that trace. Did you > send me > > one earlier? > > > > > > > > When I access hotmail.com the logon screen comes > up. > > Next, I input my > > > credentials and it gets submited and thats when > it > > hangs on "Waiting for > > > mail.live.com" and get this: > > > > > > ERROR > > > > > > El URL solicitado no se ha podido conseguir > > > > > > Mientras se intentaba traer el URL: http://mail.live.com/default.aspx? > > > > > > Ha ocurrido el siguiente problema: > > > > > > Error de lectura > > > El sistema ha devuelto el siguiente mensaje: > > > > > > (104) Connection reset by > > peer > > > Ha ocurrido algún problema mientras se leían > datos > > de la red. Por favor, > > > inténtelo de nuevo. > > > > This is a different error to the one earlier. The > hotmail > > server(s) are > > blocking/rejecting your access. > > > > I think this particular one is due to their HTTPS > > authentication checking > > IPs. The workaround to that is tproxy or not proxying > for > > hotmail. > > > > Amos > > > Has hotmail.com/live.com changed their authentication > checking? Does anyone knows anything about that since things > were working fine for a while. Could they be blocking my ip, > don't think so, I reboot my modems to check and the problem > still persists. Don't know what to do, everyday that passes > by I get more and more calls which = a lot of frustration. > Just discovered another site I can't log on to. Is my bank's website. Looks like theres a problem with https and squid I can't discover. Sorry to insist on this issue but, please understand my frustration. Thanks.