Squid3 com https liberar Skype Centos6

stefaniobrunhara
(usa CentOS)

Enviado em 31/10/2016 - 13:57h

Ola, Não estou conseguindo funcionar o Skype junto com squid3, encontrei vários links aqui no fórum e em outros fóruns, mas ainda não conseguir resolver meu problema, meu squid esta funcionando normal para qualquer outros sites. A única diferença que vejo e que o meu squid é, ele esta com https transparente ativado. Estou usando uma configuração reduzida do squid.conf para facilitar o entendimento.



vim /etc/squid/squid.conf

http_port 3128 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/ssl/certs/squidMyCA.pem
https_port 3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/ssl/certs/squidMyCA.pem
sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/ssl_db -M 4 MB
always_direct allow all
ssl_bump stare all
ssl_bump bump all
sslproxy_cert_error allow all
sslproxy_capath /var/lib/ssl_db/
sslproxy_flags DONT_VERIFY_PEER
sslcrtd_children 20 startup=5 idle=1
#
coredump_dir /var/spool/squid
cache_mgr suporte@sangiovanne.com.br
visible_hostname 192.168.0.254
ipcache_size 1024
shutdown_lifetime 5 seconds
cache_mem 512 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 40096 KB
cache_dir aufs /var/spool/squid 2048 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
coredump_dir /var/spool/squid
cache_effective_user squid
cache_effective_group squid
# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
#
acl SSL_ports port 443
acl SSL_ports port 9759
acl SSL_ports port 1138
acl Safe_ports port 9759 # skype
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

acl numeric_IPs dstdom_regex ^(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9af]+)?:([0-9af:]+)?:([0-9af]+)?\])):443
acl Skype_UA browser ^skype

http_access allow CONNECT localhost localnet numeric_IPS Skype_UA

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports !Safe_ports
http_access allow localnet
http_access allow localhost


Parte do final do log
1477928789.374 60748 192.168.0.1 TAG_NONE/200 0 CONNECT 90.195.108.187:443 - ORIGINAL_DST/90.195.108.187 -
1477928789.374 60718 192.168.0.1 TAG_NONE/200 0 CONNECT 117.214.81.167:443 - ORIGINAL_DST/117.214.81.167 -
1477928794.807 60235 192.168.0.1 TAG_NONE/200 0 CONNECT 46.250.17.110:443 - ORIGINAL_DST/46.250.17.110 -
1477928794.833 1136 192.168.0.1 TCP_MISS/200 766 GET https://login.skype.com/ifexists? - ORIGINAL_DST/91.190.218.78 application/javascript
1477928794.949 142 192.168.0.1 TCP_MISS/200 420 POST https://mobile.pipe.aria.microsoft.com/Collector/3.0/ - ORIGINAL_DST/40.117.145.132 -
1477928795.074 207 192.168.0.1 TCP_MISS/302 1936 GET https://login.live.com/oauth20_logout.srf? - ORIGINAL_DST/131.253.61.100 text/html
1477928795.340 176 192.168.0.1 TCP_MISS/200 366 GET http://ping.chartbeat.net/ping? - ORIGINAL_DST/50.17.240.15 image/gif
1477928795.799 665 192.168.0.1 TAG_NONE/200 0 CONNECT 131.253.61.100:443 - ORIGINAL_DST/131.253.61.100 -
1477928796.023 189 192.168.0.1 TCP_MISS/200 522 GET https://login.live.com/oauth20_desktop.srf? - ORIGINAL_DST/131.253.61.100 text/html
1477928796.683 643 192.168.0.1 TAG_NONE/200 0 CONNECT 131.253.61.100:443 - ORIGINAL_DST/131.253.61.100 -
1477928796.983 176 192.168.0.1 TCP_MISS/200 420 POST https://mobile.pipe.aria.microsoft.com/Collector/3.0/ - ORIGINAL_DST/40.117.145.132 -
1477928797.077 386 192.168.0.1 TCP_MISS/200 21652 GET https://login.live.com/oauth20_authorize.srf? - ORIGINAL_DST/131.253.61.100 text/html
1477928798.947 139 192.168.0.1 TCP_MISS/200 420 POST https://mobile.pipe.aria.microsoft.com/Collector/3.0/ - ORIGINAL_DST/40.117.145.132 -
1477928800.390 60854 192.168.0.1 TAG_NONE/200 0 CONNECT 31.50.63.175:443 - ORIGINAL_DST/31.50.63.175 -
1477928800.390 60826 192.168.0.1 TAG_NONE/200 0 CONNECT 27.143.12.249:443 - ORIGINAL_DST/27.143.12.249 -
1477928803.412 59683 192.168.0.1 TAG_NONE/200 0 CONNECT 92.96.223.89:443 - ORIGINAL_DST/92.96.223.89 -
1477928803.412 59654 192.168.0.1 TAG_NONE/200 0 CONNECT 86.14.198.11:443 - ORIGINAL_DST/86.14.198.11 -
1477928803.414 50217 192.168.0.1 TCP_MISS/200 471 GET https://edge-chat.facebook.com/pull? - ORIGINAL_DST/157.240.3.19 application/json
1477928804.229 647 192.168.0.1 TAG_NONE/200 0 CONNECT 131.253.61.100:443 - ORIGINAL_DST/131.253.61.100 -
1477928804.503 236 192.168.0.1 TCP_MISS/302 5234 POST https://login.live.com/ppsecure/post.srf? - ORIGINAL_DST/131.253.61.100 text/html
1477928805.237 644 192.168.0.1 TAG_NONE/200 0 CONNECT 131.253.61.100:443 - ORIGINAL_DST/131.253.61.100 -
1477928805.440 194 192.168.0.1 TCP_MISS/200 522 GET https://login.live.com/oauth20_desktop.srf? - ORIGINAL_DST/131.253.61.100 text/html
1477928806.260 643 192.168.0.1 TAG_NONE/200 0 CONNECT 131.253.61.100:443 - ORIGINAL_DST/131.253.61.100 -
1477928806.486 217 192.168.0.1 TCP_MISS/200 1760 POST https://login.live.com/oauth20_token.srf - ORIGINAL_DST/131.253.61.100 application/json
1477928807.062 254 192.168.0.1 TCP_MISS/200 420 POST https://mobile.pipe.aria.microsoft.com/Collector/3.0/ - ORIGINAL_DST/40.117.145.132 -
1477928807.135 645 192.168.0.1 TAG_NONE/200 0 CONNECT 131.253.61.100:443 - ORIGINAL_DST/131.253.61.100 -
1477928807.358 215 192.168.0.1 TCP_MISS/200 1748 POST https://login.live.com/oauth20_token.srf - ORIGINAL_DST/131.253.61.100 application/json
1477928809.324 59780 192.168.0.1 TAG_NONE/200 0 CONNECT 92.232.79.82:443 - ORIGINAL_DST/92.232.79.82 -
1477928809.324 59751 192.168.0.1 TAG_NONE/200 0 CONNECT 37.11.179.137:443 - ORIGINAL_DST/37.11.179.137 -
1477928810.024 1217 192.168.0.1 TCP_MISS/200 420 POST https://mobile.pipe.aria.microsoft.com/Collector/3.0/ - ORIGINAL_DST/40.117.145.132 -
1477928813.710 60003 192.168.0.1 TAG_NONE/200 0 CONNECT 65.34.221.220:443 - ORIGINAL_DST/65.34.221.220 -
1477928813.710 59975 192.168.0.1 TAG_NONE/200 0 CONNECT 178.153.38.217:443 - ORIGINAL_DST/178.153.38.217 -
1477928815.350 29 192.168.0.1 TAG_NONE/200 0 CONNECT 192.168.0.254:3129 - HIER_NONE/- -
1477928820.361 60811 192.168.0.1 TAG_NONE/200 0 CONNECT 151.229.60.117:443 - ORIGINAL_DST/151.229.60.117 -
1477928820.361 60781 192.168.0.1 TAG_NONE/200 0 CONNECT 5.165.31.182:443 - ORIGINAL_DST/5.165.31.182 -
1477928820.396 35 192.168.0.1 TAG_NONE/200 0 CONNECT 192.168.0.254:3129 - HIER_NONE/- -
1477928823.781 28 192.168.0.1 TAG_NONE/200 0 CONNECT 192.168.0.254:3129 - HIER_NONE/- -
1477928827.542 15442 192.168.0.1 TAG_NONE/200 0 CONNECT 91.190.218.40:443 - ORIGINAL_DST/91.190.218.40 -
1477928828.404 28 192.168.0.1 TAG_NONE/200 0 CONNECT 192.168.0.254:3129 - HIER_NONE/- -
1477928831.757 0 192.168.0.1 TAG_NONE/400 4492 NONE error:invalid-request - HIER_NONE/- text/html
1477928831.787 28 192.168.0.1 TAG_NONE/200 0 CONNECT 192.168.0.254:3129 - HIER_NONE/- -
1477928832.593 15453 192.168.0.1 TAG_NONE/200 0 CONNECT 91.190.216.17:443 - ORIGINAL_DST/91.190.216.17 -
1477928833.394 28 192.168.0.1 TAG_NONE/200 0 CONNECT 192.168.0.254:3129 - HIER_NONE/- -
1477928836.722 0 192.168.0.1 TAG_NONE/400 4608 NONE error:invalid-request - HIER_NONE/- text/html
1477928836.751 28 192.168.0.1 TAG_NONE/200 0 CONNECT 192.168.0.254:3129 - HIER_NONE/- -
1477928838.361 29 192.168.0.1 TAG_NONE/200 0 CONNECT 192.168.0.254:3129 - HIER_NONE/- -
1477928840.417 270 192.168.0.1 TAG_NONE/200 0 CONNECT 84.0.135.56:443 - ORIGINAL_DST/84.0.135.56 -
1477928840.451 0 192.168.0.1 TAG_NONE/400 4610 NONE error:invalid-request - HIER_NONE/- text/html
1477928840.481 28 192.168.0.1 TAG_NONE/200 0 CONNECT 192.168.0.254:3129 - HIER_NONE/- -
1477928841.728 0 192.168.0.1 TAG_NONE/400 4645 NONE error:invalid-request - HIER_NONE/- text/html
1477928841.757 28 192.168.0.1 TAG_NONE/200 0 CONNECT 192.168.0.254:3129 - HIER_NONE/- -
1477928846.744 0 192.168.0.1 TAG_NONE/400 4673 NONE error:invalid-request - HIER_NONE/- text/html
1477928846.774 28 192.168.0.1 TAG_NONE/200 0 CONNECT 192.168.0.254:3129 - HIER_NONE/- -
1477928846.845 0 192.168.0.1 TAG_NONE/400 4551 NONE error:invalid-request - HIER_NONE/- text/html
1477928846.874 28 192.168.0.1 TAG_NONE/200 0 CONNECT 192.168.0.254:3129 - HIER_NONE/- -
1477928848.484 29 192.168.0.1 TAG_NONE/200 0 CONNECT 192.168.0.254:3129 - HIER_NONE/- -
1477928853.402 28 192.168.0.1 TAG_NONE/200 0 CONNECT 192.168.0.254:3129 - HIER_NONE/- -
1477928853.434 31 192.168.0.1 TAG_NONE/200 0 CONNECT 192.168.0.254:3129 - HIER_NONE/- -
1477928853.501 29 192.168.0.1 TAG_NONE/200 0 CONNECT 192.168.0.254:3129 - HIER_NONE/- -
1477928853.688 50263 192.168.0.1 TCP_MISS/200 471 GET https://edge-chat.facebook.com/pull? - ORIGINAL_DST/157.240.3.19 application/json
1477928858.398 28 192.168.0.1 TAG_NONE/200 0 CONNECT 192.168.0.254:3129 - HIER_NONE/- -
1477928858.492 28 192.168.0.1 TAG_NONE/200 0 CONNECT 192.168.0.254:3129 - HIER_NONE/- -
1477928860.672 15439 192.168.0.1 TAG_NONE/200 0 CONNECT 91.190.218.40:443 - ORIGINAL_DST/91.190.218.40 -
1477928861.736 0 192.168.0.1 TAG_NONE/400 4566 NONE error:invalid-request - HIER_NONE/- text/html
1477928861.766 28 192.168.0.1 TAG_NONE/200 0 CONNECT 192.168.0.254:3129 - HIER_NONE/- -
1477928863.376 29 192.168.0.1 TAG_NONE/200 0 CONNECT 192.168.0.254:3129 - HIER_NONE/- -
1477928865.007 198 192.168.0.1 TCP_MISS/200 420 POST https://mobile.pipe.aria.microsoft.com/Collector/3.0/ - ORIGINAL_DST/40.117.145.132 -
1477928865.293 479 192.168.0.1 TAG_NONE/200 0 CONNECT 40.117.145.132:443 - ORIGINAL_DST/40.117.145.132 -
1477928865.478 142 192.168.0.1 TCP_MISS/200 420 POST https://mobile.pipe.aria.microsoft.com/Collector/3.0/ - ORIGINAL_DST/40.117.145.132 -
1477928865.699 15447 192.168.0.1 TAG_NONE/200 0 CONNECT 91.190.216.17:443 - ORIGINAL_DST/91.190.216.17 -
1477928866.756 0 192.168.0.1 TAG_NONE/400 4633 NONE error:invalid-request - HIER_NONE/- text/html
1477928866.785 28 192.168.0.1 TAG_NONE/200 0 CONNECT 192.168.0.254:3129 - HIER_NONE/- -

showd07
(usa Debian)

Enviado em 04/11/2016 - 17:05h

Ola,
se voce acessar o site do skype ou tentar fazer o download do instalador do skype ele funciona?
só nao esta logando no aplicativo skype?
entre em contato cmg contato@aftechsolucoesti.com.br skype showd.dota ou 41 9865-7434.

stefaniobrunhara
(usa CentOS)

Enviado em 05/11/2016 - 16:16h

Não estou fazendo download do instalador, já tenho ele instalado.

Ele loga, mas não envia e não recebe mensagem.

Este email e telefone que você postou, é propaganda !

showd07
(usa Debian)

Enviado em 06/11/2016 - 00:46h

Ele loga, vc vê seus contatos online e tals, mas nao envia msg e nao recebe tbm?
Retira essa parte aqui:

acl numeric_IPs dstdom_regex ^(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9af]+)?:([0-9af:]+)?:([0-9af]+)?\])):443
acl Skype_UA browser ^skype

http_access allow CONNECT localhost localnet numeric_IPS Skype_UA

e testa de novo.

stefaniobrunhara
(usa CentOS)

Enviado em 06/11/2016 - 20:46h

Tentei e não funciona!

Vc já configurou alguma vez o squid3 com certificado?

showd07
(usa Debian)

Enviado em 07/11/2016 - 18:59h

com certificado não cheguei a configurar não.
como que esta teu iptables?
porque o squid esta normal acredito, não era pra bloquear nada do skype dessa forma.
e perguntei do site ou aplicativo do skype para fazer o teste de que se o site ele abre ou bloqueia também.

stefaniobrunhara
(usa CentOS)

Enviado em 07/11/2016 - 19:55h

Não tem iptables, ou seja, quero q o Skype passe 100% pelo squid, se tiver que usar regras do iptables não faz sentido usar o proxy!

drferumbras
(usa CentOS)

Enviado em 11/11/2016 - 13:56h

Desisti do cliente Skype pelo mesmo motivo, migrei todo mundo pro Skype for Web e ainda poupei recurso das estações.

stefaniobrunhara
(usa CentOS)

Enviado em 11/11/2016 - 18:06h

Quando você desistiu do cliente do Skype você estava usando o squid3 com https?

drferumbras
(usa CentOS)

Enviado em 18/11/2016 - 12:09h

Sim, porém o meu Squid não é transparente...