PfSense/Squid and Cisco WCCPv2 config help

zonda

Hello,

I'm trying to setup a transparent proxy in Squid with a Cisco router using WCCPv2 via GRE method and need help setting up the pfSense part.  Am able to get WCCP redirect working successfully using the Layer 2 method but router will be configured for Zone-based firewall features set and L2 redirect is not supported.

In Squid, custom options are:

wccp2_router <router ip="">wccp2_address <pfsense ip="">wccp2_forwarding_method 1
wccp2_return_method 1
wccp2_service standard 0</pfsense></router>

The router sees this Squid box as a peer with the options above with the "show ip wccp summary" command:

**WCCP version 2 enabled, 1 service

Service    Clients  Routers  Assign      Redirect  Bypass   
–-----    -------  -------  ------      --------  ------   
Default routing table (Router Id: <loopback ip="">):
web-cache  1        1        HASH        GRE        GRE</loopback>**

Have the router's loopback IP set as the WCCP source interface.

Been using this page as a loose guide for the Squid config:
https://wiki.squid-cache.org/Features/Wccp2?highlight=%28wccp%29#Squid_configuration_for_WCCP_version_2

The additional GRE configurations in pfSense (GRE config/interface, firewall rule, etc.) is what I'm stuck on.  Created a GRE interface, enabled it, and placed an allow any/any rule on the OPT1 (GRE) interface but the client can't load any HTTP page when redirected to the proxy.

Any help would be highly appreciated!