Search squid archive

Re: Android has issue with transparent proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 15/11/2013 8:19 a.m., WorkingMan wrote:
> I have a weird problem. SQUID is configured as a transparent proxy.
> client<-->VPN <-> SQUID <--> internet
> 
> squid.conf
> cache deny all
> forwarded_for on
> strip_query_terms off
> 
> cache_effective_user proxy
> cache_effective_group proxy
> client_dst_passthru on
> host_verify_strict off
> http_port 3130 intercept
> http_port 3128
> <ecap config>
> http_access allow all
> http_reply_access allow all
> 
> 
> 
> iOS client works fine and can connect to VPN and access internet.
> 
> Android client can connect to VPN but can't access internet (if I disable 
> proxy it can access internet or if I set 'forward routing' in VPN client but 
> that appears to be simply bypassing proxy since I don't see traffic going to 
> proxy)
> 
> I enabled full log and I couldn't see anything past first request URL. I can 
> ping and traceroute target web site (ex: www.cnn.com) but page just doesn't 
> load. Using IP to access the web page has the same behavior so it's not DNS 
> issue.
> 
> I see this in the cache log:
> 
> HTTP Server REQUEST (Server local=<SQUID> remote=157.166.248.11:80)
> HTTP Server REPLY   (Server local=<SQUID> remote=157.166.248.11:80)
> <I see beginning of page's source code; does log show full source?>

No only the part which comes in with the same I/O cycle as the end of
headers.


> HTTP Client REPLY: (local=157.166.248.11:80 remote=<VPN>)
> persistentConnStatus: local=<SQUID> remote=157.166.248.11:80 FD 20 flags=1 
> eof=0
> persistentConnStatus: persistentConnStatus: content_length=-1
> persistentConnStatus: persistentConnStatus: clen=-1

-1 for those means "unknown length" object is being transferred.


> processReplyBody: processReplyBody: INCOMPLETE_MSG from local=<SQUID> 
> remote=157.166.248.11:80 FD 20 flags=1

"INCOMPLETE_MSG" is pretty self-describing.


> 
> This last part (which looks wrong, content_length=-1) just keeps repeating. 
> Eventually I see this:
> 
> clientReadRequest: local=157.166.226.25:80 remote=<VPN> FD 12 
> flags=33 size 0
> clientReadRequest: local=157.166.226.25:80 remote=<VPN> FD 12 flags=33 
> closed?
>  connFinishedWithConn: local=157.166.226.25:80 remote=<VPN> FD 12 flags=33 
> closed
> 

Sounds like expected behaviour for an unknown-length object being
transferred ollowed by the client disconnecting.

> 
> The strange thing is that this works for iOS. Is there something special 
> with Android? 

It would seem so from this evidence. It is too new a problem to say
exactly what though.


Amos




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux