Configuration for Squid + RADIUS in CARP environment?



  • When using Squid in a CARP failsafe environment, I'd have Squid listening to the CARP VIP, yes? Since the package's GUI only allows setting listen to the IP numbers of the interfaces, I added advanced configuration

    http_port 192.168.10.1:3128; http_port 192.168.30.1:3128; http_port 192.168.40.1:3128
    

    Where .10.0/24, .30.0/24, .40.0/24 stand for my VLAN networks. .10.1, 30.1, .40.1 are my CARP VIPs and .10.2, 30.2, .40.2 are my interface's real IPs on the master.

    [2.3.2-RELEASE][root@pfSense.office.curesec.com]/root: sockstat -l4 | grep squid
    squid    squid      36870 8  udp4 6 *:52425               *:*
    squid    squid      36870 9  udp4   *:15299               *:*
    squid    squid      36870 12 tcp4   192.168.10.2:3128     *:*
    squid    squid      36870 15 tcp4   192.168.30.2:3128     *:*
    squid    squid      36870 17 tcp4   192.168.40.2:3128     *:*
    squid    squid      36870 19 tcp4   192.168.10.1:3128     *:*
    squid    squid      36870 20 tcp4   192.168.30.1:3128     *:*
    squid    squid      36870 21 tcp4   192.168.40.1:3128     *:*
    
    

    I want Squid accessible from all VLANs

    The question I have now is, what exactly Squid has to listen to, and what Squid's client-IP might be so that I can set that IP as a NAS client in the FreeRADIUS configuration. For some reasons, RADIUS refuses to answer to requests from Squid, when I set the NAS Client IP to the CARP VIP .10.1 - but when I set .10.2 as the NAS client IP and the RADIUS config is synced, that IP number won't exist on the backup system since their real interface IP is .3 instead of .2

    Can you tell me how I'd have to setup RADIUS and Squid so that this works in a CARP environment?


Log in to reply