Re: [squid-users] Problem with WCCP on OpenBSD

From: Martin Marji Cermak <[email protected]>
Date: Thu, 09 Dec 2004 12:26:42 +0800

> Well, I was really hoping to not have to fall back to linux. I really
> believe my problem has something to do with the GRE tunnel. I enabled a
> kernel option net.inet.gre.wccp=1 which I believe is all I need. When I
> had just net.inet.gre.allow turned on, I was getting port 47
> unreachable. I saw several posts on Google talking about a patch for
> FreeBSD but no word of such a one for OpenBSD.

Hello Eric,
if this problem is really the GRE issue, I won't help you too much, but
may be it is not :-)

> If I set the browser proxy to port 80 on the squid box, the redirection
> to port 3128 is working as well. This is what has lead me to believe it
> has to be an issue with the GRE encapsulation/unencapsulation.
This test only means your Squid serves well as a proxy, but you want to
have it in accelerator mode, right?

So, I assume you already have:
httpd_accel_uses_host_header on
httpd_accel_with_proxy off (on, if you need the proxy mode too)
httpd_accel_port 80
httpd_accel_host virtual

Another thought - what is your MTU at your Squid Box? Check whether it
is 1500.
I realised just yestereday the WCCP router had to fragment incomming
packets because of the GRE encapsulation. So I set the MTU at the Squid
box to 1460 and it was really a silly idea :-)
When you are in the intercept mode, WCCP router redirecs TCP packets
going to port 80 to the Squid box. But when the MTU of a new connection
is being decided, the Squid box is not in the way! This is done by icmp
protocol, which does not flow through the Squid box (the router does not
redirect this protocol), so IF the Squid box's MTU is the lowest on the
path between the WWW client and WWW server, the connection fails.

So, I set it back to 1500 quite quickly :-)

Best regards,
Marji
Received on Wed Dec 08 2004 - 21:26:14 MST

This archive was generated by hypermail pre-2.1.9 : Sat Jan 01 2005 - 12:00:02 MST