PfSense/Squid and Cisco WCCPv2 config help



  • Hello,

    I’m trying to setup a transparent proxy in Squid with a Cisco router using WCCPv2 via GRE method and need help setting up the pfSense part.  Am able to get WCCP redirect working successfully using the Layer 2 method but router will be configured for Zone-based firewall features set and L2 redirect is not supported.

    In Squid, custom options are:

    wccp2_router <router ip="">wccp2_address <pfsense ip="">wccp2_forwarding_method 1
    wccp2_return_method 1
    wccp2_service standard 0</pfsense></router>

    The router sees this Squid box as a peer with the options above with the “show ip wccp summary” command:

    **WCCP version 2 enabled, 1 service

    Service    Clients  Routers  Assign      Redirect  Bypass   
    –-----    -------  -------  ------      --------  ------   
    Default routing table (Router Id: <loopback ip="">):
    web-cache  1        1        HASH        GRE        GRE</loopback>**

    Have the router’s loopback IP set as the WCCP source interface.

    Been using this page as a loose guide for the Squid config:
    https://wiki.squid-cache.org/Features/Wccp2?highlight=(wccp)#Squid_configuration_for_WCCP_version_2

    The additional GRE configurations in pfSense (GRE config/interface, firewall rule, etc.) is what I’m stuck on.  Created a GRE interface, enabled it, and placed an allow any/any rule on the OPT1 (GRE) interface but the client can’t load any HTTP page when redirected to the proxy.

    Any help would be highly appreciated!


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy