This guide will show you how to setup a transparent Squid proxy with HTTPS support directly on DD-WRT. Let’s dive right in!<\/p>\n
NOTE:<\/strong> Links will open in a new tab\\window.<\/p>\n The\u00a0only requirements are that you\u00a0have a SSH connection and a working Optware installation. Visit the DD-WRT Optware<\/a>1<\/sup> page for additional information on installing Optware. In short, you need to mount \/opt<\/strong> and run the bootstrap<\/strong> command. (Bootstrap may only be available in Kong builds.) How you mount \/opt<\/strong> does not matter as long as the user nobody<\/strong> has read and write access. I won’t go into too much detail but, I have\u00a0used a CIFS mount for mine:<\/p>\n NOTE:<\/strong>\u00a0fscache.ko<\/em> must be loaded before<\/strong> cifs.ko<\/em>.<\/p>\n Once you have an SSH connection and Optware is properly functioning, install Squid. You may also want to install nano if you prefer nano over vi like I do:<\/p>\n Now that we have Squid installed, we need to create a few directories before Squid will run. The default installation is a bit broken and needs the following directories to be created:<\/p>\n IMPORTANT:<\/span> As previously mentioned, make sure the user nobody<\/strong> has read and write access to all directories in \/opt<\/strong>. If you are mounting via CIFS, ensure you use uid=nobody<\/strong> in your mount options. This will save you a lot of headaches.<\/p>\n My device does not create the \/dev\/shm\/<\/strong> directory so I create it and change the owner to nobody<\/strong>. You should check your device to see if the directory exists before doing this.<\/p>\n Now that we have our directories created, we need to initialize the certificate cache:<\/p>\n Next you will need to generate a self-signed root certificate and copy the certificate and key to \/opt\/etc\/squid\/ssl\/<\/strong>. There are plenty of guides on how to generate your own certificate so, I will not be going into detail on this. However, if you need a place to start, you may visit the Squid Dynamic SSL Certificate Generation<\/a>2<\/sup> page where you can find a few clues as to the correct commands to use. Just be sure to have the certificate and key separated or change the Squid configuration file to point to a combined certificate and key file.<\/p>\n Squid doesn’t come with any Global Root Certificates by default so you’ll need to copy our own into \/opt\/etc\/squid\/ssl\/cacerts\/<\/strong>. There are several ways you can obtain Root Certificates. The easiest method is to copy them from \/etc\/ssl\/certs\/<\/strong> on a Debian based system. You may also download them from Curl’s CA Extract<\/a>4<\/sup> page.<\/p>\n Once you have your Root Certificate generated, create a DER certificate and import it into your web browser. Visit the Squid Dynamic SSL Certificate Generation<\/a>2<\/sup> page for additional information on creating the DER certificate.<\/p>\n It’s a good idea to generate a DH\/EDH cipher and copy it to \/opt\/etc\/squid\/ssl\/<\/strong>. This will help to harden your Squid connections. If you have a version of Squid less than 3.5.27, you may need to use a different directive in the Squid configuration file. Visit the link above to obtain the relevant directive.<\/p>\n Visit the Squid Modern DH\/EDH Ciphers<\/a>3<\/sup> page for additional information.<\/p>\n If you don’t want to use a modern cipher then you can skip this section but, be sure to change the Squid configuration file accordingly.<\/p>\n Add the following configuration directives to the end of \/opt\/etc\/squid\/squid.conf<\/strong>:<\/p>\n The important parts here are the cache size, ports, rules and file paths. Ensure they are what you expect them to be before continuing. As there are so many possible configuration directives, I will not be going into further detail about the configuration directives and what they do. Visit the Squid Configuration Directives Documentation<\/a>5<\/sup> page for additional information.<\/p>\n Next, build the cache that Squid will use:<\/p>\n You should receive similar output to the following:<\/p>\n If you do not get the above output, ensure that file permissions are correct and that \/opt\/var\/cache\/squid\/<\/strong> exists. REMEMBER:<\/strong> The user nobody<\/strong> must have read and write access.<\/p>\n Now it is finally time to try to start Squid. Let’s start Squid in a special debugging mode so that we can see what is happening in case something goes wrong.<\/p>\n You should receive output similar to the following:<\/p>\n Issue the following command to check if Squid has successfully started:<\/p>\n This will give you output similar to:<\/p>\n If you do not get any output other than the grep line, then something is wrong with Squid. You should check the output from the previous squid -d 1<\/strong> command for clues as to what went wrong.<\/p>\n NOTE:<\/strong> If you don’t want to setup Squid to be a transparent proxy, then skip this step and configure your web browser’s proxy settings to send traffic to port 3128. (You still need to open the port with the first iptables line from below.) You may also want to remove the relevant http_port\/https_port lines from your configuration file for the other ports. Be aware that you’ll lose the HTTPS proxy function as browsers do not yet have good support for direct communication to an HTTPS proxy. Hence why you should only be using one port with this type of configuration.<\/p>\n Now that we have Squid up and running, we can redirect our traffic to the correct port so that Squid can receive it. Be sure your configured ports match the redirection rule’s ports. If you forward non-https traffic to Squid’s https port, it will be refused. Also, make sure that you are using the correct interface — in this case br0<\/strong>.<\/p>\n Issue the following commands to add the redirect rules using iptables:<\/p>\n You made it! Congratulations, you should now be able to happily browse the Internet at decent first-page-load speeds and blazing fast subsequent-page-load speeds. If you are unable to pleasantly browse the worldwide inter-webs, scroll to the Notes and Comments<\/em> section at the end of this article for some useful hints.<\/p>\n At this point, you should have a fully functioning Squid installation. The only problem is, it is temporary<\/strong>. When you restart your router, Squid will not be started automatically and special directories will once again be missing.<\/p>\n To fix this, add the following to your startup script by opening your router’s DD-WRT configuration page (usually at http:\/\/192.168.0.1<\/a>) and navigating to the Administration Tab<\/strong> -> Commands Tab<\/strong>.<\/p>\n Input the following into the Command Shell<\/strong> field:<\/p>\n Click on Save Startup<\/span><\/strong> to save your changes.<\/p>\n NOTE:<\/strong> If you are using a CIFS mount, you should add the relevant commands from the top of this article to your startup script as well.<\/p>\n After you have saved the startup script, input the following into the Command Shell<\/strong> field to add the iptables commands to the firewall script:<\/p>\n Click on Save Firewall<\/span><\/strong> to save your changes.<\/p>\n Now it is time reboot and marvel at your work. If all is good, you should be able to browse the Internet without problems but, we still need to verify the proxy is actually working.<\/p>\n To do this, visit https:\/\/example.com<\/a> in your web browser. Open the properties for the certificate of the website and look for your Root Certificate’s information to be populated under the Issued by<\/em> field. If your Root Certificate’s information is not present, then your traffic is not being proxied correctly.<\/p>\n You’ll also want to visit https:\/\/www.ssllabs.com\/ssltest\/viewMyClient.html<\/a>6. This site can tell you a lot about your connection to the outside world when it comes to certificate support. Visit https:\/\/wiki.squid-cache.org\/ConfigExamples\/Intercept\/SslBumpExplicit#Hardening<\/a>7<\/sup> for additional information on what to expect.<\/sup><\/sup><\/p>\n Some fine tuning needs to be done after you have a working installation. You’ll probably want to change the acl directives at the end of your Squid configuration file to be what you want.<\/p>\n Specifically, you need to change .example.org<\/em> in the acl line to a banking website or a website that you do not want to be included in the proxy. You may add additional acl lines to exclude multiple sites.<\/p>\n You may also want to enable logging. To do this, edit the configuration file and remove the following lines:<\/p>\n Create the \/opt\/var\/logs\/<\/strong> directory:<\/p>\n Next, add a cronjob to rotate the logs by visiting your router’s DD-WRT configuration page (usually at http:\/\/192.168.0.1<\/a>) and navigating to Administration Tab<\/strong> -> Management Tab<\/strong>.<\/p>\n Input the following into the Cron<\/strong> section:<\/p>\n Click on Save<\/strong> to save your changes. Reboot the router or run squid -k reconfigure<\/strong> to make your changes immediate.<\/p>\n The following commands are very useful when troubleshooting:<\/p>\n squid -k reconfigure The following are only useful if you have logging enabled:<\/p>\n tail -n 50 -f \/opt\/var\/logs\/access.log If your browser displays warnings about the certificate not being trusted, you need to install your Self-Signed Root Certificate into the browser.<\/p>\n Issue the following command to allow a device to bypass the proxy altogether (you must replace [IPADDRESS]<\/strong>):<\/p>\n Delete an iptables entry by first viewing the list:<\/p>\n Then issue the following (you must replace # with the number of the rule you want to delete):<\/p>\n Some errors Squid spits out are a little vague. If you receive a segmentation fault of any kind, it is most likely due to missing directories or incorrect permissions. Here is a list of errors I have ran across while installing Squid and the solutions to each:<\/p>\n Check that the \/var\/cache\/squid\/<\/strong> directory exists and that the user nobody<\/strong> has read and write access to it. Run squid -z<\/strong> if the directory is empty.<\/p>\n Check that the \/dev\/shm\/<\/strong> directory exists and that the user nobody<\/strong> has read and write access to it.<\/p>\n For any errors similar to this one, check that Squid is not already running and that no other process is using any of Squid’s ports (3128, 3129, 3130).<\/p>\n These error messages regard the ping utility. They can be safely ignored.<\/p>\n I’m not sure what this was about. It happened once when I issued the squid -k restart<\/strong> command. Regardless, the restart never works so, I just don’t use it. I use squid -k shutdown<\/strong> instead and bring Squid back up with squid<\/strong> after about 30 seconds. (Squid waits 30 seconds before shutting down during a clean shutdown.)<\/p>\n I’m not sure of the cause of this error either. I received it when posting to the DD-WRT forums along with messages about the queue being overloaded and to increase the number of ssl_crtd processes in the configuration file. I did so to no avail and the Squid process finally died one of the times I attempted to issue the squid -k reconfigure<\/strong> command. For now, I deleted and rebuilt the ssl_db<\/strong> directory, then rebooted. The error seems to be gone.<\/p>\n Thanks for reading!<\/p>\n Links in this Article<\/strong> Links of Interest<\/strong> This guide will show you how to setup a transparent Squid proxy with HTTPS support directly on DD-WRT. Let’s dive right in! NOTE: Links will open in a new tab\\window. Prerequisites The\u00a0only requirements are that you\u00a0have a SSH connection and …<\/p>\nPrerequisites<\/h3>\n
\r\n\/sbin\/insmod \/lib\/modules\/`uname -r`\/kernel\/crypto\/md4.ko\r\n\/sbin\/insmod \/lib\/modules\/`uname -r`\/kernel\/crypto\/md5.ko\r\n\/sbin\/insmod \/lib\/modules\/`uname -r`\/kernel\/crypto\/des_generic.ko\r\n\/sbin\/insmod \/lib\/modules\/`uname -r`\/kernel\/fs\/fscache\/fscache.ko\r\n\/sbin\/insmod \/lib\/modules\/`uname -r`\/kernel\/fs\/cifs\/cifs.ko\r\n\/bin\/mount.cifs \/\/192.168.x.x\/ddwrt \/opt -o uid=nobody,username=user,password=pass\r\n<\/pre>\n
Getting Started<\/h3>\n
\r\nopkg install squid\r\nopkg install nano\r\n<\/pre>\n
Create Missing Directories<\/h3>\n
\r\nmkdir \/dev\/shm\r\nchown nobody \/dev\/shm\r\nmkdir \/opt\/var\/run\/\r\nmkdir \/opt\/etc\/squid\/ssl\r\nmkdir \/opt\/etc\/squid\/ssl\/cacerts\r\n<\/pre>\n
Certificates, Certificates and more Certificates<\/h3>\n
\r\n\/opt\/lib\/squid\/ssl_crtd -c -s \/opt\/etc\/squid\/ssl\/ssl_db\/\r\n<\/pre>\n
Modern Ciphers<\/h3>\n
Squid Configuration File<\/h3>\n
\r\n# If you have 64 MB device RAM you can use 16 MB cache_mem, default is 8 MB\r\ncache_mem 8 MB\r\nmaximum_object_size_in_memory 100 KB\r\nmaximum_object_size 32 MB\r\n\r\n# Leave coredumps in the first cache dir\r\ncoredump_dir \/opt\/var\/cache\/squid\r\n\r\n# Set the cache directory location and size\r\ncache_dir aufs \/opt\/var\/cache\/squid 500 16 256\r\n\r\n# Listen on port 3130 for https\r\nhttps_port 3130 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=\/opt\/etc\/squid\/ssl\/cert.pem key=\/opt\/etc\/squid\/ssl\/key.pem tls-dh=prime256v1:\/opt\/etc\/squid\/ssl\/tls-dh.pem\r\n\r\n# Listen on port 3129 for http\r\nhttp_port 3129 intercept\r\n\r\n# Squid normally listens to port 3128 for direct browser connections\r\n# Squid refuses to run if port 3128 is missing - giving a \"no forwarding proxy configured\" error\r\nhttp_port 3128\r\n\r\n# Visit https:\/\/wiki.squid-cache.org\/ConfigExamples\/Intercept\/SslBumpExplicit#Troubleshooting for additional information on the following version differences\r\n# For Squid 3.5.x only\r\nsslcrtd_program \/opt\/lib\/squid\/ssl_crtd -s \/opt\/etc\/squid\/ssl\/ssl_db -M 4MB\r\nsslcrtd_children 5\r\n\r\n# For Squid 4 and newer\r\n#tls_outgoing_options options=NO_SSLv3,SINGLE_DH_USE,SINGLE_ECDH_USE\r\n\r\nsslproxy_options NO_SSLv2,NO_SSLv3,SINGLE_ECDH_USE\r\nsslproxy_cipher EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS\r\nsslproxy_capath \/opt\/etc\/squid\/ssl\/cacerts\r\n\r\n# Replace this section with your own ssl_bump and acl rules\r\n# Visit https:\/\/wiki.squid-cache.org\/Features\/SslPeekAndSplice for additional information\r\n# NOTE: You should splice banking websites\r\nacl step1 at_step SslBump1\r\nacl excludeServerFromProxy ssl::server_name .example.org\r\nssl_bump peek step1\r\nssl_bump splice excludeServerFromProxy\r\nssl_bump stare all\r\n<\/pre>\n
Cache Building<\/h3>\n
\r\nsquid -z\r\n<\/pre>\n
\r\n2019\/01\/05 15:43:09 kid1| Set Current Directory to \/opt\/var\/cache\/squid\r\n2019\/01\/05 15:43:09 kid1| Creating missing swap directories\r\n2019\/01\/05 15:43:09 kid1| \/opt\/var\/cache\/squid exists\r\n2019\/01\/05 15:43:09 kid1| Making directories in \/opt\/var\/cache\/squid\/00\r\n2019\/01\/05 15:43:09 kid1| Making directories in \/opt\/var\/cache\/squid\/01\r\n2019\/01\/05 15:43:10 kid1| Making directories in \/opt\/var\/cache\/squid\/02\r\n2019\/01\/05 15:43:10 kid1| Making directories in \/opt\/var\/cache\/squid\/03\r\n2019\/01\/05 15:43:10 kid1| Making directories in \/opt\/var\/cache\/squid\/04\r\n2019\/01\/05 15:43:11 kid1| Making directories in \/opt\/var\/cache\/squid\/05\r\n2019\/01\/05 15:43:11 kid1| Making directories in \/opt\/var\/cache\/squid\/06\r\n2019\/01\/05 15:43:11 kid1| Making directories in \/opt\/var\/cache\/squid\/07\r\n2019\/01\/05 15:43:12 kid1| Making directories in \/opt\/var\/cache\/squid\/08\r\n2019\/01\/05 15:43:12 kid1| Making directories in \/opt\/var\/cache\/squid\/09\r\n2019\/01\/05 15:43:12 kid1| Making directories in \/opt\/var\/cache\/squid\/0A\r\n2019\/01\/05 15:43:13 kid1| Making directories in \/opt\/var\/cache\/squid\/0B\r\n2019\/01\/05 15:43:13 kid1| Making directories in \/opt\/var\/cache\/squid\/0C\r\n2019\/01\/05 15:43:13 kid1| Making directories in \/opt\/var\/cache\/squid\/0D\r\n2019\/01\/05 15:43:14 kid1| Making directories in \/opt\/var\/cache\/squid\/0E\r\n2019\/01\/05 15:43:14 kid1| Making directories in \/opt\/var\/cache\/squid\/0F\r\n<\/pre>\n
The Virgin Voyage<\/h3>\n
\r\nsquid -d 1\r\n<\/pre>\n
\r\n2019\/01\/05 15:44:30 kid1| Set Current Directory to \/opt\/var\/cache\/squid\r\n2019\/01\/05 15:44:30 kid1| Starting Squid Cache version 3.5.27 for arm-openwrt-linux-gnu...\r\n2019\/01\/05 15:44:30 kid1| Service Name: squid\r\n2019\/01\/05 15:44:30 kid1| Process ID 23227\r\n2019\/01\/05 15:44:30 kid1| Process Roles: worker\r\n2019\/01\/05 15:44:30 kid1| With 1024 file descriptors available\r\n2019\/01\/05 15:44:30 kid1| Initializing IP Cache...\r\n2019\/01\/05 15:44:30 kid1| DNS Socket created at 0.0.0.0, FD 6\r\n2019\/01\/05 15:44:30 kid1| Adding nameserver 192.168.x.x from \/etc\/resolv.conf\r\n2019\/01\/05 15:44:30 kid1| helperOpenServers: Starting 5\/5 'ssl_crtd' processes\r\n2019\/01\/05 15:44:30 kid1| Local cache digest enabled; rebuild\/rewrite every 3600\/3600 sec\r\n2019\/01\/05 15:44:30 kid1| Logfile: opening log stdio:\/dev\/null\r\n2019\/01\/05 15:44:30 kid1| Swap maxSize 51200000 + 262144 KB, estimated 3958626 objects\r\n2019\/01\/05 15:44:30 kid1| Target number of buckets: 197931\r\n2019\/01\/05 15:44:30 kid1| Using 262144 Store buckets\r\n2019\/01\/05 15:44:30 kid1| Max Mem size: 262144 KB\r\n2019\/01\/05 15:44:30 kid1| Max Swap size: 51200000 KB\r\n2019\/01\/05 15:44:30 kid1| Rebuilding storage in \/opt\/var\/cache\/squid (no log)\r\n2019\/01\/05 15:44:30 kid1| Using Least Load store dir selection\r\n2019\/01\/05 15:44:30 kid1| Set Current Directory to \/opt\/var\/cache\/squid\r\n2019\/01\/05 15:44:30 kid1| Finished loading MIME types and icons.\r\n2019\/01\/05 15:44:30 kid1| HTCP Disabled.\r\n2019\/01\/05 15:44:30 kid1| Pinger socket opened on FD 25\r\n2019\/01\/05 15:44:30 kid1| Squid plugin modules loaded: 0\r\n2019\/01\/05 15:44:30 kid1| Adaptation support is off.\r\n2019\/01\/05 15:44:30 kid1| Accepting NAT intercepted HTTP Socket connections at local=0.0.0.0:3129 remote=[::] FD 21 flags=41\r\n2019\/01\/05 15:44:30 kid1| Accepting HTTP Socket connections at local=0.0.0.0:3128 remote=[::] FD 22 flags=9\r\n2019\/01\/05 15:44:30 kid1| Accepting NAT intercepted SSL bumped HTTPS Socket connections at local=0.0.0.0:3130 remote=[::] FD 23 flags=41\r\n2019\/01\/05 15:44:34 kid1| Done scanning \/opt\/var\/cache\/squid dir (0 entries)\r\n2019\/01\/05 15:44:34 kid1| Finished rebuilding storage from disk.\r\n2019\/01\/05 15:44:34 kid1| 0 Entries scanned\r\n2019\/01\/05 15:44:34 kid1| 0 Invalid entries.\r\n2019\/01\/05 15:44:34 kid1| 0 With invalid flags.\r\n2019\/01\/05 15:44:34 kid1| 0 Objects loaded.\r\n2019\/01\/05 15:44:34 kid1| 0 Objects expired.\r\n2019\/01\/05 15:44:34 kid1| 0 Objects cancelled.\r\n2019\/01\/05 15:44:34 kid1| 0 Duplicate URLs purged.\r\n2019\/01\/05 15:44:34 kid1| 0 Swapfile clashes avoided.\r\n2019\/01\/05 15:44:34 kid1| Took 4.61 seconds ( 0.00 objects\/sec).\r\n2019\/01\/05 15:44:34 kid1| Beginning Validation Procedure\r\n2019\/01\/05 15:44:34 kid1| Completed Validation Procedure\r\n2019\/01\/05 15:44:34 kid1| Validated 0 Entries\r\n2019\/01\/05 15:44:34 kid1| store_swap_size = 0.00 KB\r\n2019\/01\/05 15:44:35 kid1| storeLateRelease: released 0 objects\r\n<\/pre>\n
\r\nps | grep -i squid\r\n<\/pre>\n
\r\n23225 root 11236 S squid -d 1\r\n23227 nobody 16680 S {squid} (squid-1) -d 1\r\n23229 nobody 3452 S {ssl_crtd} (ssl_crtd) -s \/opt\/etc\/squid\/ssl\/ssl_db -M 4MB\r\n23230 nobody 3364 S {ssl_crtd} (ssl_crtd) -s \/opt\/etc\/squid\/ssl\/ssl_db -M 4MB\r\n23231 nobody 3364 S {ssl_crtd} (ssl_crtd) -s \/opt\/etc\/squid\/ssl\/ssl_db -M 4MB\r\n23232 nobody 3364 S {ssl_crtd} (ssl_crtd) -s \/opt\/etc\/squid\/ssl\/ssl_db -M 4MB\r\n23233 nobody 3364 S {ssl_crtd} (ssl_crtd) -s \/opt\/etc\/squid\/ssl\/ssl_db -M 4MB\r\n23277 root 1196 S grep squid\r\n<\/pre>\niptables (Yay!)<\/h3>\n
\r\niptables -I INPUT -p tcp --dport 3128 -j ACCEPT\r\niptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT --to-port 3129\r\niptables -I INPUT -p tcp --dport 3129 -j ACCEPT\r\niptables -t nat -A PREROUTING -i br0 -p tcp --dport 443 -j REDIRECT --to-port 3130\r\niptables -I INPUT -p tcp --dport 3130 -j ACCEPT\r\n<\/pre>\n
Lift off!<\/h3>\n
Making it Permanent<\/h3>\n
\r\n\/bin\/mkdir \/dev\/shm\r\n\/bin\/chown nobody \/dev\/shm\r\n\/opt\/sbin\/squid &\r\n<\/pre>\n
\r\niptables -I INPUT -p tcp --dport 3128 -j ACCEPT\r\niptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT --to-port 3129\r\niptables -I INPUT -p tcp --dport 3129 -j ACCEPT\r\niptables -t nat -A PREROUTING -i br0 -p tcp --dport 443 -j REDIRECT --to-port 3130\r\niptables -I INPUT -p tcp --dport 3130 -j ACCEPT\r\n<\/pre>\n
Finish Line!<\/h3>\n
Fine Tuning<\/h3>\n
\r\naccess_log none\r\ncache_log \/dev\/null\r\ncache_store_log stdio:\/dev\/null\r\nlogfile_rotate 0\r\nlogfile_daemon \/dev\/null\r\n<\/pre>\n
\r\nmkdir \/opt\/var\/logs\r\n<\/pre>\n
\r\n0 0 * * * \/usr\/local\/squid\/bin\/squid -k rotate\r\n<\/pre>\n
Notes and Comments<\/h3>\n
\nsquid -k shutdown
\nps | grep -i squid
\nkillall squid<\/p>\n
\ntail -n 50 -f \/opt\/var\/logs\/cache.log<\/p>\n\r\niptables -t nat -I PREROUTING -i br0 -s [IPADDRESS] -j ACCEPT\r\n<\/pre>\n
\r\niptables -t nat --list --line-numbers\r\n<\/pre>\n
\r\niptables -t nat -D PREROUTING #\r\n<\/pre>\n
\r\nFATAL: Failed to verify one of the swap directories, Check cache.log\r\nfor details. Run 'squid -z' to create swap directories\r\nif needed, or if running Squid for the first time.\r\n<\/pre>\n
\r\nFATAL: Ipc::Mem::Segment::create failed to shm_open(\/squid-cf__metadata.shm): (2) No such file or directory\r\n<\/pre>\n
\r\nFATAL: Unable to open HTTPS Socket\r\n<\/pre>\n
\r\npinger: Initialising ICMP pinger ...\r\nicmp_sock: (1) Operation not permitted\r\npinger: Unable to start ICMP pinger.\r\nicmp_sock: (97) Address family not supported by protocol\r\npinger: Unable to start ICMPv6 pinger.\r\nFATAL: pinger: Unable to open any ICMP sockets.\r\n<\/pre>\n
\r\nFATAL: Received Segment Violation...dying.\r\n<\/pre>\n
\r\nBUG: Unexpected state while connecting to a cache_peer or origin server\r\n<\/pre>\n
\nhttps:\/\/wiki.dd-wrt.com\/wiki\/index.php\/Optware<\/a>1<\/sup>
\nhttps:\/\/wiki.squid-cache.org\/Features\/DynamicSslCert<\/a>2<\/sup>
\nhttps:\/\/wiki.squid-cache.org\/ConfigExamples\/Intercept\/SslBumpExplicit#Modern_DH.2FEDH_ciphers_usage<\/a>3<\/sup>
\nhttps:\/\/curl.haxx.se\/docs\/caextract.html<\/a>4<\/sup>
\nhttp:\/\/www.squid-cache.org\/Doc\/config\/<\/a>5<\/sup>
\nhttps:\/\/www.ssllabs.com\/ssltest\/viewMyClient.html<\/a>6<\/sup>
\nhttps:\/\/wiki.squid-cache.org\/ConfigExamples\/Intercept\/SslBumpExplicit#Hardening7<\/sup><\/p>\n
\nhttps:\/\/wiki.squid-cache.org\/ConfigExamples\/Intercept\/SslBumpExplicit#Hardening<\/a>
\nhttps:\/\/wiki.dd-wrt.com\/wiki\/index.php\/Squid_Transparent_Proxy<\/a>
\nhttps:\/\/forum.dd-wrt.com\/phpBB2\/viewtopic.php?t=80678&postdays=0&postorder=asc&start=30&sid=f60feaf2c1f415edc4e5a1e9382e45a3<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"