Hello guys. I'm worrying with all the info u give me guys, tracking the sites win10 use to query and confirm it has connection. Is a little annoying when users call u and complain about that, even if they have internet access. Part of IT life. Thanks all for your input!!! On Sun, Aug 22, 2021 at 11:55 PM L.P.H. van Belle <belle@xxxxxxxxx> wrote: > > In your windows config. > Remove the ip adres from the gateway and configure your proxy settings. > Without proxy and gateway no internet. > > Or setup SSL proxy > Add something like this in your firewall and you catch all. > > # Redirect HTTP on eth0 from LAN_CIDR to locally installed Squid instance using REDIRECT for intercept mode > iptables -t mangle -A PREROUTING -i eth0 -s 192.168.0.0/24 -p tcp --dport 80 -j REDIRECT --to-port 6080 -m comment --comment "Squid-Intercept 80->6080" > > # Redirect HTTPS on eth0 from CIDR to locally installed Squid instance using REDIRECT for intercept mode > -A PREROUTING -i eth0 -s 192.168.0.0/24 -p tcp --dport 443 -j REDIRECT --to-port 6433 -m comment --comment "Squid-Intercept 443->6433" > > And read : > https://wiki.squid-cache.org/KnowledgeBase/Block%20QUIC%20protocol > > > >The NIC status simply says that *somehow* the Internet is available. > No, windows 10 does a DNS querie to an MS server, block that and and you see "no internet" > Even if you have internet. > > Maybe PiHole is something for you that does most of what you want. > > > Greetz, > > Louis > > > > -----Oorspronkelijk bericht----- > > Van: squid-users > > [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] Namens > > Periko Support > > Verzonden: maandag 23 augustus 2021 7:55 > > Aan: squid-users@xxxxxxxxxxxxxxxxxxxxx > > Onderwerp: Re: Squid v4.45 > > > > On Thu, Aug 19, 2021 at 7:40 PM Amos Jeffries > > <squid3@xxxxxxxxxxxxx> wrote: > > > > > > > > > FYI, there is no such version as Squid 4.45. > > > > Amos sorry, is 4.15 my mistake. > > > > > > What is the output when you run "squid -v" ? > > > > > squid -v > > Squid Cache: Version 4.15 > > Service Name: squid > > > > This binary uses OpenSSL 1.1.1k-freebsd 25 Mar 2021. For legal > > restrictions on distribution see > > https://www.openssl.org/source/license.html > > > > configure options: '--with-default-user=squid' > > '--bindir=/usr/local/sbin' '--sbindir=/usr/local/sbin' > > '--datadir=/usr/local/etc/squid' > > '--libexecdir=/usr/local/libexec/squid' '--localstatedir=/var' > > '--sysconfdir=/usr/local/etc/squid' '--with-logdir=/var/log/squid' > > '--with-pidfile=/var/run/squid/squid.pid' > > '--with-swapdir=/var/squid/cache' '--without-gnutls' > > '--with-included-ltdl' '--enable-auth' '--enable-zph-qos' > > '--enable-build-info' '--enable-loadable-modules' > > '--enable-removal-policies=lru heap' '--disable-epoll' > > '--disable-linux-netfilter' '--disable-linux-tproxy' > > '--disable-translation' '--disable-arch-native' > > '--disable-strict-error-checking' '--enable-eui' > > '--enable-cache-digests' '--enable-delay-pools' '--disable-ecap' > > '--disable-esi' '--enable-follow-x-forwarded-for' > > '--with-mit-krb5=/usr/local' 'CFLAGS=-I/usr/local/include -O2 -pipe > > -I/usr/local/include -I/usr/local/include -fstack-protector-strong > > -DLDAP_DEPRECATED -fno-strict-aliasing ' 'LDFLAGS=-L/usr/local/lib > > -L/usr/local/lib -L/usr/local/lib -pthread -L/usr/local/lib > > -lpcreposix -lpcre -Wl,-rpath,/usr/local/lib:/usr/lib > > -fstack-protector-strong ' 'LIBS=-lkrb5 -lgssapi_krb5 ' > > 'KRB5CONFIG=/usr/local/bin/krb5-config' > > 'krb5_config=/usr/local/bin/krb5-config' '--enable-htcp' > > '--enable-icap-client' '--enable-icmp' '--enable-ident-lookups' > > '--enable-ipv6' '--enable-kqueue' '--with-large-files' > > '--enable-http-violations' '--without-nettle' '--enable-snmp' > > '--enable-ssl' '--with-openssl=/usr' > > '--enable-security-cert-generators=file' > > 'LIBOPENSSL_CFLAGS=-I/usr/include' 'LIBOPENSSL_LIBS=-lcrypto -lssl' > > '--enable-ssl-crtd' '--disable-stacktraces' > > '--disable-ipf-transparent' '--disable-ipfw-transparent' > > '--enable-pf-transparent' '--with-nat-devpf' '--disable-forw-via-db' > > '--enable-wccp' '--enable-wccpv2' '--enable-auth-basic=LDAP SASL DB > > SMB_LM NCSA PAM POP3 RADIUS fake getpwnam NIS' > > '--enable-auth-digest=eDirectory LDAP file' > > '--enable-external-acl-helpers=LDAP_group eDirectory_userip > > file_userip unix_group delayer kerberos_ldap_group' > > '--enable-auth-negotiate=kerberos wrapper' '--enable-auth-ntlm=fake > > SMB_LM' '--enable-storeio=aufs diskd ufs' > > '--enable-disk-io=DiskThreads DiskDaemon AIO Blocking IpcIo Mmapped' > > '--enable-log-daemon-helpers=file DB' > > '--enable-url-rewrite-helpers=fake LFS' > > '--enable-storeid-rewrite-helpers=file' > > '--enable-security-cert-validators=fake' '--prefix=/usr/local' > > '--mandir=/usr/local/man' '--disable-silent-rules' > > '--infodir=/usr/local/share/info/' '--build=amd64-portbld-freebsd12.2' > > 'build_alias=amd64-portbld-freebsd12.2' 'CC=cc' > > 'CPPFLAGS=-I/usr/local/include -I/usr/local/include' 'CXX=c++' > > 'CXXFLAGS=-O2 -pipe -I/usr/local/include -I/usr/local/include > > -fstack-protector-strong -DLDAP_DEPRECATED -fno-strict-aliasing ' > > 'CPP=cpp' --enable-ltdl-convenience > > > On 19/08/21 4:12 am, Periko Support wrote: > > > > Hello guys. > > > > > > > > I have been searching the issue I have with windows 10 > > and the ugly > > > > job he do to put the NIC "Internet access" and went we have squid > > > > behind "no internet". > > > > > > > > > > The NIC status simply says that *somehow* the Internet is available. > > > that means DNS resolution, TCP connectivity, HTTP > > transactions and HTTPS > > > transactions are all fully working and producing responses. > > > > Windows 10 if for some reason cannot reach the internet will > > say "no internet". > > > > I had sniff the communication and I just found thos 2 sites that looks > > like windows use to check connectivity. > > > > > > > > Break any one and you will get "no internet". Even when the rest > > > continue working fine. So it can tell you when some sort of failure > > > occurs, but is not reliable when it claims success. > > > > > > > > > Please be aware that using your Squid proxy properly is one > > way Windows > > > can receive all those services and claim "Internet Access". > > > > > > > > > > I have sniff logs and I just found this sites went I > > turn on the computer: > > > > > > > > .msftconnecttest.com > > > > .windows.com > > > > > > > > Some has win over this annoying thing with windows 10? > > > > > > > > No-Trans[parent Proxy WPAD. > > > > > > > > > > Check that your firewall does not permit HTTP(S) > > connections directly > > > from clients to the Internet. > > > > I don't allow direct connection to the Internet, all 80/443 must cross > > under squid. > > > > > When; > > > * your network gateway firewall(s) block direct connections (other > > > than from Squid) to HTTP(S), and > > > * your proxy logs show those Win10 connection URLs happening, and > > > * Win10 NIC says "Interent Access" > > > > > > Then you know that the proxy usage is how "Internet Access" happens, > > > that is what you want so no problem. > > > > > > > > > > I still haven't found the solution to this little issue. > > > > Regards!!! > > > > > Amos > > > _______________________________________________ > > > squid-users mailing list > > > squid-users@xxxxxxxxxxxxxxxxxxxxx > > > http://lists.squid-cache.org/listinfo/squid-users > > _______________________________________________ > > squid-users mailing list > > squid-users@xxxxxxxxxxxxxxxxxxxxx > > http://lists.squid-cache.org/listinfo/squid-users > > > > > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
