用 Squid 把 OneVnet 服务器当上游代理时的问题

xj

unread,

Dec 28, 2017, 2:13:45 AM12/28/17

to OneVnet社区

Hi, 因为公司出口防火墙会对 HTTP/VPN 代理进行封锁，所以没法直接用网站列出来的任何一种方法。

但是我们有个开发环境，是可以访问外网的，所以想在上面用 Squid 转发本地请求到 OneVnet 服务器。

测试下来，访问网页完全没问题（配置里只允许访问网易的内容），但是一旦点网易云音乐里的歌曲或者 MV，都无法播放，Squid 日志里都是 TCP_MISS_ABORTED。可以看到访问 HTML、JSON、JPG 都是正常的。不知道这里有朋友有经验吗？该如何修改配置，谢谢啦。

1514444798.679   1061 10.249.74.191 TCP_MISS/200 21752 GET http://p3.music.126.net/CpU1cLGkIGmU7uGhUznQyA==/18844529788494452.jpg? - FIRSTUP_PARENT/198.13.38.22 image/jpg
1514444806.566   7799 10.249.74.191 TCP_MISS_ABORTED/000 0 GET http://m7.music.126.net/20171228153138/4d938733833130778fd704b4e4886032/ymusic/b4e1/74db/3e1a/b24facd6b5131c8ef7c262b5f64c8a68.mp3 - FIRSTUP_PARENT/198.13.38.22 -
1514444814.565   7799 10.249.74.191 TCP_MISS_ABORTED/000 0 GET http://m7.music.126.net/20171228153138/4d938733833130778fd704b4e4886032/ymusic/b4e1/74db/3e1a/b24facd6b5131c8ef7c262b5f64c8a68.mp3 - FIRSTUP_PARENT/198.13.38.22 -
1514444822.568   7802 10.249.74.191 TCP_MISS_ABORTED/000 0 GET http://m7.music.126.net/20171228153138/4d938733833130778fd704b4e4886032/ymusic/b4e1/74db/3e1a/b24facd6b5131c8ef7c262b5f64c8a68.mp3 - FIRSTUP_PARENT/198.13.38.22 -
1514444827.215    787 10.249.74.191 TCP_MISS/200 1342 POST http://music.163.com/eapi/user/getfollows/1220168 - FIRSTUP_PARENT/198.13.38.22 application/json
1514444828.397    727 10.249.74.191 TCP_MISS/200 1776 POST http://music.163.com/eapi/v1/user/bindings/1220168 - FIRSTUP_PARENT/198.13.38.22 text/plain
1514444828.435    767 10.249.74.191 TCP_MISS/200 2292 POST http://music.163.com/eapi/v1/user/detail/1220168 - FIRSTUP_PARENT/198.13.38.22 application/json
1514444828.915   1242 10.249.74.191 TCP_MISS/200 38105 POST http://music.163.com/eapi/v1/event/get - FIRSTUP_PARENT/198.13.38.22 application/json
1514444829.416    550 10.249.74.191 TCP_MISS/200 1797 GET http://p4.music.126.net/4czn3cz7uRiiC2jsA3peiw==/5684475115698073.jpg? - FIRSTUP_PARENT/198.13.38.22 image/jpg
15144

acl SSL_ports port 443
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow all
http_port 3128
cache_peer XXX.vnet.one parent 143 0 no-query login=x...@gmail.com:123456 default name=onevnet
cache_peer_domain onevnet .163.com
cache_peer_domain onevnet .126.net
cache_peer_domain onevnet .127.net
cache_peer_domain onevnet .netease.com
cache deny all
never_direct allow all
maximum_object_size 64 MB
debug_options ALL,5
coredump_dir /var/spool/squid3
refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
refresh_pattern .		0	20%	4320
quick_abort_max 65535 KB
dns_v4_first on

OneVnet - Support - lues

unread,

Dec 28, 2017, 2:22:47 AM12/28/17

to OneVnet社区

你好，你这种方式没有用过，根据你目前的场景，推荐OpenVPN走http代理的方式，这样可以搞定UDP包的转发。

我怀疑可能网易云音乐播放MV是走UDP的。

另外针对你的问题，可以参考一下这个链接看看问题能否解决呢

https://luvunix.wordpress.com/2017/09/19/squid-proxy-server-error-tcp_miss_aborted000-0-get-hier_direct2404-ipv6/

OneVnet - Support - 晓

unread,

Dec 28, 2017, 10:49:38 AM12/28/17

to OneVnet社区

2楼的方法是个好办法，用你的可以连接公网的服务器搭一个HTTP代理，然后内网的openvpn加一个配置，通过http代理连接到onevnet就可以。

Reply all

Reply to author

Forward