plugins icon indicating copy to clipboard operation
plugins copied to clipboard
verified publisher icon opnsense

Upgrade to OPNsense Business Version 25.4.1 - OS-SQUID Segmentation fault without any changes

Open WAG-Adm opened this issue 7 months ago • 1 comments

Important notices Before you add a new report, we ask you kindly to acknowledge the following:

  • [x ] I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
  • [x] I have searched the existing issues, open and closed, and I'm convinced that mine is new.
  • [x ] The title contains the plugin to which this issue belongs

Describe the bug A clear and concise description of what the bug is, including last known working version (if any).

We have upgraded our Opnsense Deciso (OPNSense Deciso 3862) appliance version 25.1 to the Business version 25.4.1 of OPNsense. After the reboot of the appliance Squid-Proxy doesn't work anymore. "segmentation fault" The proxy is set up in transparent mode.

Tip: to validate your setup was working with the previous version, use opnsense-revert (https://docs.opnsense.org/manual/opnsense_tools.html#opnsense-revert)

To Reproduce Steps to reproduce the behavior:

  1. Go to 'System' -> 'Firmware' -> 'Status'
  2. Click on 'Check for updates'
  3. Scroll down in 'Firmware status' to 'update'
  4. After the reboot
  5. the service 'squid' isn't started
  6. On 'Services' -> 'Squid Web Proxy' -> 'Administration'
  7. Click on the green button with the arrow to start the service
  8. There is a load error window with segmentation fault
  9. The service is started but no one can use internet and squid is blocking every single website.

before the upgrade the service was restarted without any problem many time. We are executing the upgrade only during the monthly maintenance.

Expected behavior Squid-Proxy is active and filter the web surf of the colleagues.

Screenshots If applicable, add screenshots to help explain your problem.

Relevant log files template reload Deciso/Proxy: OK template reload OPNsense/ProxySSO: OK Segmentation fault Performing sanity check on squid configuration. 2025/06/05 08:30:13| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0) 2025/06/05 08:30:13| Starting Authentication on port 127.0.0.1:3128 2025/06/05 08:30:13| Disabling Authentication on port 127.0.0.1:3128 (interception enabled) 2025/06/05 08:30:13| Starting Authentication on port [::1]:3128 2025/06/05 08:30:13| Disabling Authentication on port [::1]:3128 (interception enabled) 2025/06/05 08:30:13| Starting Authentication on port 127.0.0.1:3129 2025/06/05 08:30:13| Disabling Authentication on port 127.0.0.1:3129 (interception enabled) 2025/06/05 08:30:13| Starting Authentication on port [::1]:3129 2025/06/05 08:30:13| Disabling Authentication on port [::1]:3129 (interception enabled) 2025/06/05 08:30:19| Processing Configuration File: /usr/local/etc/squid/pre-auth/20-negotiate.auth.conf (depth 1) 2025/06/05 08:30:19| Processing Configuration File: /usr/local/etc/squid/pre-auth/40-snmp.conf (depth 1) 2025/06/05 08:30:19| Processing Configuration File: /usr/local/etc/squid/pre-auth/dummy.conf (depth 1) 2025/06/05 08:30:19| Processing Configuration File: /usr/local/etc/squid/pre-auth/parentproxy.conf (depth 1) 2025/06/05 08:30:19| Processing Configuration File: /usr/local/etc/squid/auth/10-opnproxy-ext.auth.conf (depth 1) 2025/06/05 08:30:19| Processing Configuration File: /usr/local/etc/squid/auth/dummy.conf (depth 1) 2025/06/05 08:30:19| Processing Configuration File: /usr/local/etc/squid/post-auth/dummy.conf (depth 1) 2025/06/05 08:30:19| WARNING: use of 'reload-into-ims' in 'refresh_pattern' violates HTTP 2025/06/05 08:30:19| WARNING: HTTP requires the use of Via 2025/06/05 08:30:19| Set Current Directory to /var/squid/cache Segmentation fault

In the Browser ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: https://XX.XX.XX.XX/* Access Denied. Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect. Your cache administrator is

Additional context The proxy is set up in transparent mode. Nothing was changed but the upgrade from the version 25.1 to the version 25.4.1 with UI only.

Environment Software version used and hardware type if relevant. e.g.:

OPNsense 25.4.1 (amd64). AMD EPYC 3201 8-Core Processor (8 cores, 8 threads) OPNSense Deciso 3862

WAG-Adm avatar Jun 05 '25 14:06 WAG-Adm

Dear OPNsense-Development Team. It seems that the upgrade of the OPNsense Business system has broken the transparent proxy function of squid. If I activate the proxy configuration on all my clients, it will work again. It's quite difficult because, we have a hybrid environnement with multiple login types and it will be hard to deploy the proxy parameters everywhere. Regards, Joel.

WAG-Adm avatar Jun 06 '25 06:06 WAG-Adm

Should be fixed in 25.4.2:

https://forum.opnsense.org/index.php?topic=45502.msg245954#msg245954

fichtner avatar Aug 29 '25 12:08 fichtner