I have a weird problem. SQUID is configured as a transparent proxy. client<-->VPN <-> SQUID <--> internet squid.conf cache deny all forwarded_for on strip_query_terms off cache_effective_user proxy cache_effective_group proxy client_dst_passthru on host_verify_strict off http_port 3130 intercept http_port 3128 <ecap config> http_access allow all http_reply_access allow all iOS client works fine and can connect to VPN and access internet. Android client can connect to VPN but can't access internet (if I disable proxy it can access internet or if I set 'forward routing' in VPN client but that appears to be simply bypassing proxy since I don't see traffic going to proxy) I enabled full log and I couldn't see anything past first request URL. I can ping and traceroute target web site (ex: www.cnn.com) but page just doesn't load. Using IP to access the web page has the same behavior so it's not DNS issue. I see this in the cache log: HTTP Server REQUEST (Server local=<SQUID> remote=157.166.248.11:80) HTTP Server REPLY (Server local=<SQUID> remote=157.166.248.11:80) <I see beginning of page's source code; does log show full source?> HTTP Client REPLY: (local=157.166.248.11:80 remote=<VPN>) persistentConnStatus: local=<SQUID> remote=157.166.248.11:80 FD 20 flags=1 eof=0 persistentConnStatus: persistentConnStatus: content_length=-1 persistentConnStatus: persistentConnStatus: clen=-1 processReplyBody: processReplyBody: INCOMPLETE_MSG from local=<SQUID> remote=157.166.248.11:80 FD 20 flags=1 This last part (which looks wrong, content_length=-1) just keeps repeating. Eventually I see this: clientReadRequest: local=157.166.226.25:80 remote=<VPN> FD 12 flags=33 size 0 clientReadRequest: local=157.166.226.25:80 remote=<VPN> FD 12 flags=33 closed? connFinishedWithConn: local=157.166.226.25:80 remote=<VPN> FD 12 flags=33 closed The strange thing is that this works for iOS. Is there something special with Android? There was a case where someone was trying 2GB file d/l but his content_lenght is not -1. Another case where someone mentions a delay in load time of 30s for each request but I don't even get past 1st request and using IP gives same problem. I am using v3.3.9. Thanks,