Re: FreeBSD 6.x / GRE / WCCP / Squid

Hello Cezar,

On Tue, 2005-12-06 at 19:48 +0200, Cezar Fistik wrote:
> Just a couple of thoughts.
> Do you realy need that tunnel? Try if it will work without it, maybe
> there's a problem with it.

I've not really got a tunnel. It's just setup as per the Squid docs to
have FreeBSD think it is. The Cisco just sends the packets encapsulated
in gre to the FreeBSD squid box. The tunnel is setup so FreeBSD will
strip the gre headers and present the system with the original
encapsulated packet on the gre0 interface.

I can see the encapsulated packets via tcpdump on gre0, and I can also
see the packets hitting my ipfw fwd rule when I turn logging on for that
rule. But I never see the forwarded packets, they just disappear!

> Second, can you see your squid in show ip
> wcccp web-cache detail from the cisco?

Yes, the Cisco happily sends the packets and sees the cache.

> Does you squid work without
> wccp?

Yes, the cache works perfectly without issue.

> I mean setting up the host explicitly to use the proxy? I don't
> remember precisely, I did it a long ago, but I think you should use
> wccp version 2 in order to run wccp with squid.

I've not tried version 2, but I will try it now.

> Hope that helps.

Thanks,

Alan.

_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: FreeBSD 6.x / GRE / WCCP / Squid
    ... Do you realy need that tunnel? ... can you see your squid in show ip ... wccp version 2 in order to run wccp with squid. ... Best regards, ...
    (freebsd-questions)
  • Re: RV042 - Does anyone understand it? Documentation?
    ... if one is using an RV042 for VPN, then what affect does the routing table have on the VPN packets? ... When the packet is received at the other end of the tunnel, it will still be destined for a "foreign" private subnet. ... In other words the range of IP's you are trying to reach and the range of IP's the traffic is coming from MUST be included in the subnets for the encrypted tunnel. ...
    (comp.dcom.vpn)
  • Re: RV042 - Does anyone understand it? Documentation?
    ... Launch a packet destined for a "foreign" private subnet. ... Route such packets at their source to the LAN address of the RV042 VPN ... When the packet is received at the other end of the tunnel, ... i.e. the packet is destined neither for the local nor the remote subnet. ...
    (comp.dcom.vpn)
  • Re: Odd NAT/IPSEC question -- help! :-)
    ... The packets are coming from the OTHER END'S native IP number! ... If I point the DNS server at the external gateway IP in the strongswan ... It looks like contrary to my previous expectations the tunnel address is ...
    (freebsd-net)
  • Problem with IPSec tunnel, using IPv6 addresses, between Two FreeBSD systems...?
    ... I need to establish an IPSec tunnel between two ... packets transmitted, 0 packets received, 100% packet ...
    (FreeBSD-Security)