Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Squid on OpenVZ, cannot connect google.com or yahoo.com [SOLVED]
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Squid on OpenVZ, cannot connect google.com or yahoo.com [SOLVED]

bibi2015bibi2015 Member
edited November 2015 in Help

Hi

As the title goes, I can't seem to nail the issue here. Other website connections are okay but google.com/yahoo.com or ajax.googleapis.com can't load. Your views please? Thank you.

Comments

  • How is your Squid setup? Does your server has IPv6? Do you have IPv6?

  • Post your config and firewall rules.

  • bibi2015bibi2015 Member
    edited November 2015

    @Hidden_Refuge said:
    How is your Squid setup? Does your server has IPv6? Do you have IPv6?

    nope

    @black said:
    Post your config and firewall rules.

    can't work with or w/o iptables :(, I've done kvm with similar configuration and works nicely

  • So your server has no IPv6 and neither you? Ok.

    Post your squid.conf please. Use pastebin.com and share the link here.

  • @Hidden_Refuge said:
    So your server has no IPv6 and neither you? Ok.
    Post your squid.conf please. Use pastebin.com and share the link here.

    squid.conf as per your installer :)

  • Which OS are you running on the affected VPS? And which virtualization?

  • @Hidden_Refuge said:
    Which OS are you running on the affected VPS? And which virtualization?

    centos 6.7 64bit openvz

  • Ok. And the issue only happens with Google/Yahoo and ajax.google.com? Are you sure you really no IPv6 on the VPS or at home?

    Have it on one but lacking it on the other side will cause issues because the proxy will try to serve IPv6 to one of the sides or the requests to sites that have IPv6 will go over IPv6 but one of the sides is lacking IPv6 and cannot understand the requests.

  • bibi2015bibi2015 Member
    edited November 2015

    @Hidden_Refuge I see, so if the node has IPv6 but vm doesn't it'll affect too?

    lo        Link encap:Local Loopback  
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:65536  Metric:1
              RX packets:60 errors:0 dropped:0 overruns:0 frame:0
              TX packets:60 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0 
              RX bytes:23418 (22.8 KiB)  TX bytes:23418 (22.8 KiB)
    
    venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
              inet addr:127.0.0.1  P-t-P:127.0.0.1  Bcast:0.0.0.0  Mask:255.255.255.255
              UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
              RX packets:45192 errors:0 dropped:0 overruns:0 frame:0
              TX packets:45451 errors:0 dropped:2089 overruns:0 carrier:0
              collisions:0 txqueuelen:0 
              RX bytes:16842189 (16.0 MiB)  TX bytes:15104704 (14.4 MiB)
    
    venet0:0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
              inet addr:xxx.xxx.xxx.xxx  P-t-P:xxx.xxx.xxx.xxx  Bcast:xxx.xxx.xxx.xxx  Mask:255.255.255.255
              UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
    
  • teknolaizteknolaiz Member
    edited November 2015

    No, this isn't what I meant. Sorry. Let me explain it again.

    Your VPS has no IPv6 but you have IPv6 at home. The problem now is that usually IPv6 is the preferred protocol. So the proxy which has no IPv6 tries to reach the websites over IPv6 because your computer resolved them over IPv6. Why did it? Because Squid is a HTTP proxy and therefore does not proxy DNS requests. That means your DNS server is resolving the domains to IPv6 addresses. The proxy tries to access google.com over its IPv6 address that it got from the DNS server but the proxy server has no IPv6 so no connection can be made. Eventually after a lot of time you will actually see a Squid error page saying that google.com with the IP address "google.com ipv6 address" could not be reached.

    Other sites simply work because they don't have IPv6 DNS records. Try the following. Edit squid.conf and add "dns_v4_first on" at the end. Save the file and restart squid with "service squid restart". Try to access the affected sites after that.

    Edit: Oh, just saw your ifconfig output after I posted this. So I see that the VM has no IPv6. If you have IPv6 at home it's most likely the case that I described. Please just try my solution above and see if it works:

    Here is it again

    Try the following. Edit squid.conf and add "dns_v4_first on" at the end. Save the file and restart squid with "service squid restart". Try to access the affected sites after that.
    Thanked by 14n0nx
  • GM2015GM2015 Member
    edited November 2015

    Or sign up for a tunnelbroker.net account and get ipv6 from there for your vm.

  • @Hidden_Refuge wow, it works now! you're a genius, thank you.

  • Hey, thanks guys for your input

  • teknolaizteknolaiz Member
    edited November 2015

    Well, it's a issue with DNS and the second thing is that Squid is just a HTTP proxy. So if you have IPv6 at home but not on the VPS your DNS servers will resolve IPv6 DNS where possible (whatever has IPv6 entries and Google is one of the companies running everything in dual stack) and therefore will send the IPv6 address to the proxy. The proxy has no IPv6 and does not understand it.

    And because Squid is only a HTTP proxy it does not rely on DNS servers set in the VPS and so your DNS servers set in your computer will resolve domains regardless of what the proxy server supports.

    Edit: Sorry again for the poor explanations. I'm playing Half-Life 2. Aint got no time to write something good :D.

    Thanked by 2GM2015 bibi2015
  • @hidden_refuge
    you are a squid genius :-)
    I still use your squid proxy installer...

  • @teknolaiz said:
    No, this isn't what I meant. Sorry. Let me explain it again.

    Your VPS has no IPv6 but you have IPv6 at home. The problem now is that usually IPv6 is the preferred protocol. So the proxy which has no IPv6 tries to reach the websites over IPv6 because your computer resolved them over IPv6. Why did it? Because Squid is a HTTP proxy and therefore does not proxy DNS requests. That means your DNS server is resolving the domains to IPv6 addresses. The proxy tries to access google.com over its IPv6 address that it got from the DNS server but the proxy server has no IPv6 so no connection can be made. Eventually after a lot of time you will actually see a Squid error page saying that google.com with the IP address "google.com ipv6 address" could not be reached.

    Other sites simply work because they don't have IPv6 DNS records. Try the following. Edit squid.conf and add "dns_v4_first on" at the end. Save the file and restart squid with "service squid restart". Try to access the affected sites after that.

    Edit: Oh, just saw your ifconfig output after I posted this. So I see that the VM has no IPv6. If you have IPv6 at home it's most likely the case that I described. Please just try my solution above and see if it works:

    Here is it again

    Try the following. Edit squid.conf and add "dns_v4_first on" at the end. Save the file and restart squid with "service squid restart". Try to access the affected sites after that.

    >

    i only registered to thank you .... i've searched a weak to find a solution for my problem till i found yours .
    So thank you again , it worked :)

Sign In or Register to comment.