Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense/Squid and Cisco WCCPv2 config help

    Scheduled Pinned Locked Moved Cache/Proxy
    1 Posts 1 Posters 655 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      zonda
      last edited by

      Hello,

      I'm trying to setup a transparent proxy in Squid with a Cisco router using WCCPv2 via GRE method and need help setting up the pfSense part.  Am able to get WCCP redirect working successfully using the Layer 2 method but router will be configured for Zone-based firewall features set and L2 redirect is not supported.

      In Squid, custom options are:

      wccp2_router <router ip="">wccp2_address <pfsense ip="">wccp2_forwarding_method 1
      wccp2_return_method 1
      wccp2_service standard 0</pfsense></router>

      The router sees this Squid box as a peer with the options above with the "show ip wccp summary" command:

      **WCCP version 2 enabled, 1 service

      Service    Clients  Routers  Assign      Redirect  Bypass   
      –-----    -------  -------  ------      --------  ------   
      Default routing table (Router Id: <loopback ip="">):
      web-cache  1        1        HASH        GRE        GRE</loopback>**

      Have the router's loopback IP set as the WCCP source interface.

      Been using this page as a loose guide for the Squid config:
      https://wiki.squid-cache.org/Features/Wccp2?highlight=%28wccp%29#Squid_configuration_for_WCCP_version_2

      The additional GRE configurations in pfSense (GRE config/interface, firewall rule, etc.) is what I'm stuck on.  Created a GRE interface, enabled it, and placed an allow any/any rule on the OPT1 (GRE) interface but the client can't load any HTTP page when redirected to the proxy.

      Any help would be highly appreciated!

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.