Configuration for Squid + RADIUS in CARP environment?
-
When using Squid in a CARP failsafe environment, I'd have Squid listening to the CARP VIP, yes? Since the package's GUI only allows setting listen to the IP numbers of the interfaces, I added advanced configuration
http_port 192.168.10.1:3128; http_port 192.168.30.1:3128; http_port 192.168.40.1:3128Where .10.0/24, .30.0/24, .40.0/24 stand for my VLAN networks. .10.1, 30.1, .40.1 are my CARP VIPs and .10.2, 30.2, .40.2 are my interface's real IPs on the master.
[2.3.2-RELEASE][root@pfSense.office.curesec.com]/root: sockstat -l4 | grep squid squid squid 36870 8 udp4 6 *:52425 *:* squid squid 36870 9 udp4 *:15299 *:* squid squid 36870 12 tcp4 192.168.10.2:3128 *:* squid squid 36870 15 tcp4 192.168.30.2:3128 *:* squid squid 36870 17 tcp4 192.168.40.2:3128 *:* squid squid 36870 19 tcp4 192.168.10.1:3128 *:* squid squid 36870 20 tcp4 192.168.30.1:3128 *:* squid squid 36870 21 tcp4 192.168.40.1:3128 *:*I want Squid accessible from all VLANs
The question I have now is, what exactly Squid has to listen to, and what Squid's client-IP might be so that I can set that IP as a NAS client in the FreeRADIUS configuration. For some reasons, RADIUS refuses to answer to requests from Squid, when I set the NAS Client IP to the CARP VIP .10.1 - but when I set .10.2 as the NAS client IP and the RADIUS config is synced, that IP number won't exist on the backup system since their real interface IP is .3 instead of .2
Can you tell me how I'd have to setup RADIUS and Squid so that this works in a CARP environment?