On 15/11/2013 8:19 a.m., WorkingMan wrote: > I have a weird problem. SQUID is configured as a transparent proxy. > client<-->VPN <-> SQUID <--> internet > > squid.conf > cache deny all > forwarded_for on > strip_query_terms off > > cache_effective_user proxy > cache_effective_group proxy > client_dst_passthru on > host_verify_strict off > http_port 3130 intercept > http_port 3128 > <ecap config> > http_access allow all > http_reply_access allow all > > > > iOS client works fine and can connect to VPN and access internet. > > Android client can connect to VPN but can't access internet (if I disable > proxy it can access internet or if I set 'forward routing' in VPN client but > that appears to be simply bypassing proxy since I don't see traffic going to > proxy) > > I enabled full log and I couldn't see anything past first request URL. I can > ping and traceroute target web site (ex: www.cnn.com) but page just doesn't > load. Using IP to access the web page has the same behavior so it's not DNS > issue. > > I see this in the cache log: > > HTTP Server REQUEST (Server local=<SQUID> remote=157.166.248.11:80) > HTTP Server REPLY (Server local=<SQUID> remote=157.166.248.11:80) > <I see beginning of page's source code; does log show full source?> No only the part which comes in with the same I/O cycle as the end of headers. > HTTP Client REPLY: (local=157.166.248.11:80 remote=<VPN>) > persistentConnStatus: local=<SQUID> remote=157.166.248.11:80 FD 20 flags=1 > eof=0 > persistentConnStatus: persistentConnStatus: content_length=-1 > persistentConnStatus: persistentConnStatus: clen=-1 -1 for those means "unknown length" object is being transferred. > processReplyBody: processReplyBody: INCOMPLETE_MSG from local=<SQUID> > remote=157.166.248.11:80 FD 20 flags=1 "INCOMPLETE_MSG" is pretty self-describing. > > This last part (which looks wrong, content_length=-1) just keeps repeating. > Eventually I see this: > > clientReadRequest: local=157.166.226.25:80 remote=<VPN> FD 12 > flags=33 size 0 > clientReadRequest: local=157.166.226.25:80 remote=<VPN> FD 12 flags=33 > closed? > connFinishedWithConn: local=157.166.226.25:80 remote=<VPN> FD 12 flags=33 > closed > Sounds like expected behaviour for an unknown-length object being transferred ollowed by the client disconnecting. > > The strange thing is that this works for iOS. Is there something special > with Android? It would seem so from this evidence. It is too new a problem to say exactly what though. Amos
