[squid-users] Android has issue with transparent proxy from WorkingMan on 2013-11-14 (squid-users)

From: WorkingMan <signup_mail2002_at_yahoo.com>
Date: Thu, 14 Nov 2013 19:19:51 +0000 (UTC)

I have a weird problem. SQUID is configured as a transparent proxy.
client<-->VPN <-> SQUID <--> internet

squid.conf
cache deny all
forwarded_for on
strip_query_terms off

cache_effective_user proxy
cache_effective_group proxy
client_dst_passthru on
host_verify_strict off
http_port 3130 intercept
http_port 3128
<ecap config>
http_access allow all
http_reply_access allow all

iOS client works fine and can connect to VPN and access internet.

Android client can connect to VPN but can't access internet (if I disable
proxy it can access internet or if I set 'forward routing' in VPN client but
that appears to be simply bypassing proxy since I don't see traffic going to
proxy)

I enabled full log and I couldn't see anything past first request URL. I can
ping and traceroute target web site (ex: www.cnn.com) but page just doesn't
load. Using IP to access the web page has the same behavior so it's not DNS
issue.

I see this in the cache log:

HTTP Server REQUEST (Server local=<SQUID> remote=157.166.248.11:80)
HTTP Server REPLY (Server local=<SQUID> remote=157.166.248.11:80)
<I see beginning of page's source code; does log show full source?>
HTTP Client REPLY: (local=157.166.248.11:80 remote=<VPN>)
persistentConnStatus: local=<SQUID> remote=157.166.248.11:80 FD 20 flags=1
eof=0
persistentConnStatus: persistentConnStatus: content_length=-1
persistentConnStatus: persistentConnStatus: clen=-1
processReplyBody: processReplyBody: INCOMPLETE_MSG from local=<SQUID>
remote=157.166.248.11:80 FD 20 flags=1

This last part (which looks wrong, content_length=-1) just keeps repeating.
Eventually I see this:

clientReadRequest: local=157.166.226.25:80 remote=<VPN> FD 12
flags=33 size 0
clientReadRequest: local=157.166.226.25:80 remote=<VPN> FD 12 flags=33
closed?
connFinishedWithConn: local=157.166.226.25:80 remote=<VPN> FD 12 flags=33
closed

The strange thing is that this works for iOS. Is there something special
with Android? There was a case where someone was trying 2GB file d/l but his
content_lenght is not -1. Another case where someone mentions a delay in
load time of 30s for each request but I don't even get past 1st request and
using IP gives same problem.

I am using v3.3.9.

Thanks,
Received on Thu Nov 14 2013 - 19:20:19 MST

This archive was generated by hypermail 2.2.0 : Fri Nov 15 2013 - 12:00:04 MST