PfSense/Squid and Cisco WCCPv2 config help
-
Hello,
I'm trying to setup a transparent proxy in Squid with a Cisco router using WCCPv2 via GRE method and need help setting up the pfSense part. Am able to get WCCP redirect working successfully using the Layer 2 method but router will be configured for Zone-based firewall features set and L2 redirect is not supported.
In Squid, custom options are:
wccp2_router <router ip="">wccp2_address <pfsense ip="">wccp2_forwarding_method 1
wccp2_return_method 1
wccp2_service standard 0</pfsense></router>The router sees this Squid box as a peer with the options above with the "show ip wccp summary" command:
**WCCP version 2 enabled, 1 service
Service Clients Routers Assign Redirect Bypass
–----- ------- ------- ------ -------- ------
Default routing table (Router Id: <loopback ip="">):
web-cache 1 1 HASH GRE GRE</loopback>**Have the router's loopback IP set as the WCCP source interface.
Been using this page as a loose guide for the Squid config:
https://wiki.squid-cache.org/Features/Wccp2?highlight=%28wccp%29#Squid_configuration_for_WCCP_version_2The additional GRE configurations in pfSense (GRE config/interface, firewall rule, etc.) is what I'm stuck on. Created a GRE interface, enabled it, and placed an allow any/any rule on the OPT1 (GRE) interface but the client can't load any HTTP page when redirected to the proxy.
Any help would be highly appreciated!