Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Weird issue with squid / routing and multiwan vpn ...

    Cache/Proxy
    2
    3
    373
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      maba
      last edited by maba

      Hello !
      I have a very weird problem with squid and multiwan setup on a pfsense esxi vm.

      my goal is simple : set the defaut gateway (no vpn) to my wan on pfsense , and set squid outgoing tcp to the vpn gateway.

      With this setup, squid hang to deliver webpages .... i use squidclient "to see" what is going on ... squid client start to download the webpage ... if the webpage is small it's ok ... but if the webpage is longer it retrieve the begining and hang at the middle ... (weird)

      In the other way,
      if i set defaut gateway on pfsense to VPNgateway (or enable vpn client to "automatically add routes and leave defaut gateway to wan (0.0.0.0 route is added by vpn client)) and set firewall rules to redirect my LAN traffic (except local networks) to a specific gateway (the normal WAN gateway in this case ! ) ... all is working as intended and squid don't hang.

      In this "working" setup, if i set proxy on my lan client pc , my web browsing go to vpn , and if i unset it the traffic go to normal wan ... it's what i want.

      I have try to enable verbose on the vpn client ... but it didn't help , the access.log of squid didn't help too ... the system log doesn't show problem ...
      maybe there is an option to enable verbose on squid ? where can i search to help me to resolve this issue ?

      Thanks for any help ! ;)

      H 1 Reply Last reply Reply Quote 0
      • H
        heper @maba
        last edited by

        @maba

        https://forum.netgate.com/topic/97328/work-in-progress-squid-failover-and-load-balancing-for-pfsense/14

        https://forum.netgate.com/topic/130703/updating-squid-tcp_outgoing_address
        conclusion: it doesn't work out of the box ... and it's a pain

        why use squid at all in your usecase ? you could just use policy-routing to force a specific client-ip to a certain gateway.
        if you want to move your client to a specific gateway on-the-fly, just change the client-ip address.
        or broadcast multiple SSID's that reside on a different vlan & just change ssid

        1 Reply Last reply Reply Quote 0
        • M
          maba
          last edited by

          thanks for your infos heper,
          swithcing on/off proxy to use the vpn is so easy ;) switching ip is more "hardcore" ... i don't want to end up in my limited guest vlan2 ;)

          Anyways, i just give up for the moment and set the defaut routing to the vpn and exclude to it all outbound traffic of LAN, squid use the "auto" interface in this case ... i just put a failover to wan if the vpn fail ... i have spend days to try to understand what's going on !!!!

          The only difference between theses 2 setup is the default gateway of the pfsense .... i just don't get it !
          i have check everything ... nat outbound to vpn / routing table , switching on/off netgates auto rules etc ...

          for me it's clearly a problem of routing ... but why squid start to retrieve the begining of the webpage and just hang ? it's not cache related i have disable it for testing .... if the webpage is small it success to download it ! but if it's longer it hang at the middle !!!

          i want to know why ! WHY !!! WHYYYYYYYYYYY !!!!!!!!!!
          it's more a problem of understanding ;)

          have nice days ;)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.