On Sun, Oct 21, 2012 at 9:14 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > Do you have any info on how far into the system the packets supposedly going > to Google get before the hang? and what happens (or not) to cause hang? Thanks; that was enough to get me thinking about this a bit differently. I ran Wireshark on my Squid box monitoring the bridge interface and the issue seems to be MTU related. The MTU on my HE.net tunnel (all my IPv6 traffic) is 1280 on my edge router. The Wireshark capture of attempting to access google.com showed frames going through larger than that, followed by the ICMPv6 too big message listing the 1280 MTU. The too big messages were from the LAN side of my edge router directed to my client machine. The other test website I tried was ipv6.whatismyipv6.com which only had one or two packets with a too big error after which the MTU was respected. A cursory Google search (after shutting down my v6 on my client) only found one similar instance but it was related to a buggy VMware driver, and impacted all v6 traffic. Google is really the only site I can reliably repeat this failure over v6 on, and prior to redirecting my v6 traffic through Squid (same network layout otherwise) I did not have this issue. I tried enabling httpd_accel_no_pmtu_disc and had the same results, so I'm not certain where else to go with this but am happy to provide any further details needed. > Please upgrade your Squid. 3.1.2 is very old now and Debian ships with > 3.1.20. Debian (stable) actually ships with 3.1.6, I had to install from the testing branch to get 3.1.20. Here is the packages link: http://packages.debian.org/search?suite=all&searchon=names&keywords=squid3 And also package details from my own box: aptitude -t stable show squid3 Package: squid3 State: not installed Automatically installed: no Version: 3.1.6-1.2+squeeze2 aptitude -t testing show squid3 Package: squid3 State: installed Automatically installed: no Version: 3.1.20-1 Debian moves at a snail's pace for package updates and releases unlike Ubuntu's rapid cycle. I'm not involved in any of the Debian packaging process, so I can't speak to how active the Squid maintainer is, but he would be the POC to drive more current versions into Debian sooner. If we can isolate my issue due to a bux already fixed in newer Squid builds I have no problems compiling from source, but would prefer to stick with the packaged versions otherwise. > NP: the rest of my comments below are just on configuration security and > performance tweaks. Probably not related to your problem. Thank you. I'll review and update these. I haven't had any issues other than this IPv6 problem until now, but I appreciate the free audit of my config.