[squid-users] Squid with wccp and gre return

Yogesh Gawankar yogesh_dg at yahoo.com
Sun Nov 2 01:41:37 UTC 2014


Hello Amos
Thanks for your reply.I don't think I explained my problem well 

With wccp gre redirection, when the tcp syn reaches the cisco router that is set up for wccp redirection , it redirects it to the CE using  wccp gre. Squid will respond with syn-ack and send it back to the router again via wccp-gre. However this is not happening. it sends it back using regular Gre (same as wccp-gre but with no wccp header)


Please refer to my attached capture  .I need to get squid to put that wccp header on the return packet.In squid.conf I already specified gre return.
Are  you saying squid (too!) cannot do gre return for return traffic and does normal ip forwarding?

I got squid version 3 running on ubuntu.

 Thanks and regards

Yogesh Gawankar
 

     On Sunday, November 2, 2014 6:52 AM, Amos Jeffries <squid3 at treenet.co.nz> wrote:
   

 -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2/11/2014 7:05 a.m., Yogesh Gawankar wrote:
> Hello
> 
> 
> I am trying to get squid to send return traffic to the cisco
> router via  a gre tunnel. I am observing that squid returns traffic
> in gre tunnel  this is ip in ip gre not wccp-gre . The firewall is
> dropping this packet as expected. I have gone through many posts
> online so kindly respond if you know how to get it to send return
> traffic via wccp-gre (not standard gre) or if you had any
> suggestions for me in terms of linux  kernel change.

WCCP-GRE is for transmitting WCCP protocol control packets informing
the router whether the proxy is still available or not. That is all.

The HTTP traffic from router to Squid (wccp_forwarding_method) goes
through the GRE as if it were regular GRE.

The HTTP traffic from Squid to router (wccp_return_method and regular
Squid->Internet connections) is normal traffic and needs routing as
such instead of dropping or diverting back towards Squid.

Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUVYcUAAoJELJo5wb/XPRjYAwH/RQXc3S7bH5w/5lYdLyYRQ/H
Y2GT88IdeM8gz067OMkGR7lTwzIMK4EVmb9GEQJYhLNznZB8hFDYnNDmSL3spB9F
mxHYZ4BVlDTlMLi4qHf05mrpsdEodrhF9A3H8YmzXLWHx5sxyukLfR/R7UJlP14K
S9xZa3KhKE/SERNM8iwPggNdtzdjrBhs6U2AUhmpeNjEgEiOgkgT7XRm724hMj21
9CH5kgGt4qiE5plPfSqTdyiJSBbQF5NL50g8/NSrQ4bRilTD9Fdf+kVRoSnscrAF
ViQKzc5L8s+3YMmVmXyynM0s4YPy5bj9Qgqi5nWjQG9gSBRLeedsyK1rdlcQmbQ=
=CQHA
-----END PGP SIGNATURE-----
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20141102/1cb6c79f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Sample.pcap
Type: application/octet-stream
Size: 880 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20141102/1cb6c79f/attachment.obj>


More information about the squid-users mailing list