PfSense 2.1 Floating rules for Multi Wan doesn't work.

hyrol · Apr 11, 2014, 3:43 AM

Has anyone tried pfSense 2.1.2 Release with Squid Proxy for Multi-Wan Load-Balacing.

georgio777 · Apr 21, 2014, 5:49 PM

Has anyone tried pfSense 2.1.2 Release with Squid Proxy for Multi-Wan Load-Balacing.

I am on the latest version on pfSense and there has not been a fix yet to the issue. Still suffering from the same problem.

timthetortoise · Apr 21, 2014, 8:14 PM

If you're only looking for failover capabilities, here's a workaround.

hyrol · Apr 22, 2014, 5:59 AM

@georgio777:

@hyrol:

Has anyone tried pfSense 2.1.2 Release with Squid Proxy for Multi-Wan Load-Balacing.

I am on the latest version on pfSense and there has not been a fix yet to the issue. Still suffering from the same problem.

Hi georgio777 thanks for info.

georgio777 · Apr 22, 2014, 3:48 PM

@timthetortoise:

If you're only looking for failover capabilities, here's a workaround.

By any chance do you know if it is possible to maintain Load Balancing for all traffic except HTTP traffic and use Failover for HTTP? The reason is that if the default gateway is down, Squid will stop working, if I can take the advantages of Failover only for the Squid traffic without stop using Load Balancing, that will be great.

Thanks!

timthetortoise · Apr 22, 2014, 4:04 PM

You should be able to use standard gateways like normal for everything but HTTP. Floating rules are not broken, as evidenced by setting a rule for any source to any destination HTTP with the active gateway being something other than the default gateway. At this point squid is unable to pass traffic because it's trying to push it out the default gateway and it's actually being sent out another.

As long as you have default gateway switching enabled, squid will switch to that gateway when it is restarted. I've tested this and it's working great.

Daouid · Aug 5, 2014, 4:57 PM

Hello !
Any news?
I test an upgrade from 2.0.x to 2.1.4 and it don't work. Squid is very slow, and the http port don't work.
We can't update pfsense :-(

Thanks a lot

arclegna · Sep 2, 2014, 1:36 PM

Same question here, im on pfsense 2.1.4 and wondering if any solution yet to squid (no transparency) + loadbalance + failover, thanks in advance.

klazoid · Oct 2, 2014, 12:33 PM

I came back hoping that after one year there would be a fix but :'(
Wasting 2 lines atm as long as the default gateway doesn't go down.

Smithes · Oct 30, 2014, 8:55 PM

I setup Multi-WAN like shown in the official tutorial…. Works only for Connections without squid. And works very fine. But I also need squid. So I installed the squid 3.3-dev package from the package-list, because squid supports the "radom" command since 3.2.
I know it is a dev-package, but I run it on a wlan-network with 5000 Users on peek and its runs very fine. Also with squidguard.
I also know that there is no failover for squid, if one of the lines will be offline, but that is not important for me, because the two lines are from the same provider and come over the same cable. It’s a cable internet connection from unitymedia(Germany).

I added these lines, for split the traffic to two lines. *1

acl fiftyPercent random 0.5
tcp_outgoing_address 192.0.2.1 fiftyPercent
tcp_outgoing_address 192.0.2.2

*1: The information’s found here: http://wiki.squid-cache.org/Features/AclRandom
greets Smithes

thanhk43 · Nov 24, 2014, 7:58 AM

i am using 2.1.5-RELEASE and squid 2.7.9 pkg v.4.3.4 and have the same issue, squid only work with defaul gateway, anyone have any idea ?

Kababayan · Dec 29, 2014, 4:38 AM

Work around will be too easy if you are using virtual, in fact there are lot of ways with virtual setup.

alxbob · Mar 12, 2015, 12:13 PM

Does acl random provide failover if one gateway is down?

firatnemis · Mar 26, 2015, 3:00 PM

If all the modems has got the same speed what should write custom options for equal speed ?

@ruggero:

first install squid3-dev from available packages.

++++++in this way you can use configuration directive acl random .
from squid doc :
changes in 3.2 acl : random

New type random. Pseudo-randomly match requests based on a configured probability .

now you can do all the configuration you need for multiwan in Custom options - Custom setting of proxy server.

in my situation ( 3 wan ) :

"
acl venticinque random 1/4
acl settantacinquediv2 random 0.5

tcp_outgoing_address 192.168.4.254 venticinque

tcp_outgoing_address 192.168.3.254 settantacinquediv2

tcp_outgoing_address 192.168.2.254

"

192.168.4.254 = ipv4 address wan 1
192.168.3.254 = ipv4 address wan 2
192.168.2.254 = ipv4 address wan 3

random 1/4 = 25 % = wan1 25% of traffic
random 0.5 = (100-25)/2 = wan2 37,5 % of traffic
else = wan3 37,5 % of traffic

i do this because my 3 wan are not equal.

in case of 2 wan :

"
acl cinquanta random 0.5

tcp_outgoing_address 192.168.4.254 cinquanta

tcp_outgoing_address 192.168.2.254

"

you do not need extra rule on firewall ( floating rule ) .
Also it bypass gateway groups.

mesro09 · May 13, 2015, 8:57 PM

hello Everybody
is there anyone to help with explanation about multiwan with squid 3.4 non transparent (working with wpad)
many thanks