Re: skype connection problem

Yuri Voinov <yvoinov@xxxxxxxxx> · Mon, 24 Oct 2016 22:51:32 +0600



    -----BEGIN PGP SIGNED MESSAGE----- 

    Hash: SHA256 

     
    24.10.2016 22:28, Nicolas Valera пишет:

    >

      >

      > On 10/24/2016 01:21 PM, Yuri Voinov wrote:

      >>

      >

      > 24.10.2016 22:19, Nicolas Valera пишет:

      > >>> Hi Yuri, thanks for the answer!

      > >>>

      > >>> we don't have the squid in transparent mode in
      this network.

      > So, you route all traffic to proxy box?

      > > Yes, clients do not have direct Internet access

    Here is root of problem. Skype does not always uses HTTP/HTTPS as
    transport. Just pass Skype connections with proxy bypass and it will
    work.

    
    In transparent environment non-HTTP/HTTPS connections not route to
    proxy.

    >

      > >>> the squid configuration is very basic. here is
      the conf:

      > >>>

      > >>>
-------------------------------------------------------------------------

      > >>> http_port 1280 connection-auth=off

      > >>> forwarded_for delete

      > >>> httpd_suppress_version_string on

      > >>> client_persistent_connections off

      > >>>

      > >>> cache_mem 16 GB

      > >>> maximum_object_size_in_memory 8 MB

      > >>>

      > >>> url_rewrite_program /usr/bin/squidGuard

      > >>> url_rewrite_children 10

      > >>> url_rewrite_access allow all

      > >>>

      > >>> acl numeric_IPs dstdom_regex

      >
^(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9a-f]+)?:([0-9a-f:]+)?:([0-9a-f]+|0-9\.]+)?\])):443

      > >>> acl Skype_UA browser ^skype

      > >>>

      > >>> acl SSL_ports port 443 563 873 1445 2083 8000
      8088 10017 8443 5443

      > 7443 50001

      > >>> acl Safe_ports port 80 82 88 182 210 554 591 777
      873 1001 21 443 70

      > 280 488

      > >>> acl Safe_ports port 1025-65535  # unregistered
      ports

      > >>>

      > >>> acl CONNECT method CONNECT

      > >>> acl safe_method method GET

      > >>> acl safe_method method PUT

      > >>> acl safe_method method POST

      > >>> acl safe_method method HEAD

      > >>> acl safe_method method CONNECT

      > >>> acl safe_method method OPTIONS

      > >>> acl safe_method method PROPFIND

      > >>> acl safe_method method REPORT

      > >>> acl safe_method method MERGE

      > >>> acl safe_method method MKACTIVITY

      > >>> acl safe_method method CHECKOUT

      > >>>

      > >>> http_access deny !Safe_ports

      > >>> http_access allow CONNECT localnet numeric_IPS
      Skype_UA

      > >>> http_access deny CONNECT !SSL_ports

      > >>> http_access deny !safe_method

      > >>> http_access allow localnet

      > >>> http_access allow localhost

      > >>> http_access deny all

      > >>>

      > >>> refresh_pattern ^ftp:        1440    20%   
      10080

      > >>> refresh_pattern ^gopher:    1440    0%    1440

      > >>> refresh_pattern -i (/cgi-bin/|\?) 0    0%    0

      > >>> refresh_pattern Packages\.tar$ 0       20%   
      4320 refresh-ims

      > ignore-no-cache

      > >>> refresh_pattern Packages\.bz2$ 0       20%   
      4320 refresh-ims

      > ignore-no-cache

      > >>> refresh_pattern Sources\.bz2$  0       20%   
      4320 refresh-ims

      > ignore-no-cache

      > >>> refresh_pattern Release\.gpg$  0       20%   
      4320 refresh-ims

      > >>> refresh_pattern Release$       0       20%   
      4320 refresh-ims

      > >>> refresh_pattern -i

      > microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip)
      4320 80%

      > 43200 reload-into-ims ignore-no-cache

      > >>> refresh_pattern -i

      >
      windowsupdate.com/.*\.(esd|cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip)

      > 4320 80% 43200 reload-into-ims ignore-no-cache

      > >>> refresh_pattern -i

      > windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip)
      4320 80%

      > 43200 reload-into-ims ignore-no-cache

      > >>> refresh_pattern -i

      > live.net/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320
      80% 43200

      > reload-into-ims ignore-no-cache

      > >>> refresh_pattern .        0    20%    4320

      > >>>

      > >>>
-------------------------------------------------------------------------

      > >>>

      > >>> please, can you send me your settings for ssl
      bump?

      > Copy-n-paste unknown configs is very bad idea, Nicolas.

      >

      > > sorry about that!

      > > the only way to make skype works through squid is with
      ssl bump?

    No. Just permit skype TCP traffic bypass proxy.

    >

      > >>>

      > >>> thanks again!

      > >>> nicolás.

      > >>>

      > >>> On 10/23/2016 07:28 PM, Yuri Voinov wrote:

      > >>>>

      > >>>

      > >>>

      > >>> 24.10.2016 4:11, N V пишет:

      > >>> >>> hi there,

      > >>> >>> i've had problems with windows
      skype clients with the only internet

      > >>> connection is through squid. the clients can
      login successful but when

      > >>> they make a call, it hangs after 12 secconds.

      > >>> >>>

      > >>> >>> I checked the client connections
      and see that attempts to connect

      > >>> directly even if the proxy is properly
      configured.

      > >>> Exactly, Skype does not use HTTP to calls. So,
      why you expect it calls

      > >>> should goes via proxy?

      > >>> >>>

      > >>> >>> my squid version is 3.5.12

      > >>> >>> the skype clients have the last
      version available.

      > >>> >>> does anyone have the same issues?

      > >>> >>> any idea?

      > >>> With properly configured ssl bump and
      transparent proxy we have not any

      > >>> problems with skype. I don't know your details.

      > >>> >>>

      > >>> >>> thanks in advance!

      > >>> >>> Nicolás.

      > >>> >>>

      > >>> >>> pd. sorry about my english

      > >>> >>>

      > >>> >>>

      > >>> >>>

      > >>> >>>
      _______________________________________________

      > >>> >>> squid-users mailing list

      > >>> >>> squid-users@xxxxxxxxxxxxxxxxxxxxx

      > >>> >>>
      http://lists.squid-cache.org/listinfo/squid-users

      > >>>

      > >>>>

      > >>>>

      > >>>>

      > >>>>
      _______________________________________________

      > >>>> squid-users mailing list

      > >>>> squid-users@xxxxxxxxxxxxxxxxxxxxx

      > >>>>
      http://lists.squid-cache.org/listinfo/squid-users

      > >>>>

      > >>> _______________________________________________

      > >>> squid-users mailing list

      > >>> squid-users@xxxxxxxxxxxxxxxxxxxxx

      > >>>
      http://lists.squid-cache.org/listinfo/squid-users

      >

      >>

      >>

      >>

      >> _______________________________________________

      >> squid-users mailing list

      >> squid-users@xxxxxxxxxxxxxxxxxxxxx

      >> http://lists.squid-cache.org/listinfo/squid-users

      >>

      > _______________________________________________

      > squid-users mailing list

      > squid-users@xxxxxxxxxxxxxxxxxxxxx

      > http://lists.squid-cache.org/listinfo/squid-users

    
    - -- 

    Cats - delicious. You just do not know how to cook them.

    -----BEGIN PGP SIGNATURE-----


    Version: GnuPG v2


    iQEcBAEBCAAGBQJYDjwUAAoJENNXIZxhPexGN9EH/3ttH+4Xydg4EnSSfn+2SStI


    MsQeyOY4VNLNfwg7Gul/JZ8/9dl03Bzpn5U3/vSFL1RHu3syRVsH9CkROsO1u9ui


    MaEtdOYnY53AYAnW5xbppV+TaBgBGlRH6pYFPJ55uKPmTBYPnDO2TIrZnaGT1bZF


    TAWbSinZ7R0I0dRVm+Bm2CYFkyDJxkeTxf0dgYNtLAeI9wyH0lwN7YO6lpOAMhzA


    JAX7mz2prV8NPxVp21UkzA0Nj6My4iVeyOK87AMX9Z+mkZMwhqnSPXp4bsCNCL9l


    WZl7If88PgZVqh/CxPV9T09S7zAtsqMNPzabRi0XGC2DoEuof+azqx+uAuX5aSA=


    =g0h2


    -----END PGP SIGNATURE-----


Attachment:
0x613DEC46.asc

Description: application/pgp-keys
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users