squid ssl connect timeout wpi interface

D

dkovacevic

I am getting ssl connect timeouts when using squid on a FreeBSD 9.3 (GENERIC) system.

I do not get the timeouts when using the wired interface; only the wireless interface (wpi). Non-ssl port 80 traffic works fine.

Some general suggestions would be nice- I have no idea where to begin troubleshooting. (The interfaces are on the same router / network, so that isn't the issue).
 
The first thing to do is testing the reliability of the wireless connection.

First test no https connections. If long distance is suspected to be a problem make the tests in locations where you have a good signal. Testing can be done by downloading some large files simultaneously.

When all this works as it should make the same tests with SSL connections. First without any proxy, then with proxy.

A bad wireless signal is often a problem resulting in timeouts. So check this first before thinking about messing with the otherwise working squid configuration.
 
That's a good suggestion regarding the large file downloads.

Thing is, the behavior is very consistent. SSL through the proxy absolutely does not work when on the wireless interface.
 
I'm not sure if you got my point which is: Start from where things are working step by step to the point where failure begins. Also look into logfiles.
 
I got the point. :)

I checked the log files (squid/access.log and squid/cache.log); nothing is logged on SSL attempts (through the entire duration of the connection attempt up to and including the timeout), which suggests to me that squid never even receives the connection attempt.

The behavior was the same when the system was configured as a "router" (gateway mode enabled, squid listening on all interfaces): port 80 traffic worked, 443 timed out.

I work four tens on night shift, so I won't be testing this again for another day or so. When that attempt is made, I will do as you've suggested with the SSL file download (any suggestions on a place to download large SSL files from?), and I will also do some tcpdump analysis, which I should have thought of in the first place.

Thanks again.
 
You must log in or register to reply here.
Back
Top