Project

General

Profile

Actions
Copy link

Bug #10741

closed

Fails with CARP VIP Status - SQUID

Added by Thiago Orico almost 4 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Squid
Target version:
-
Start date:
07/08/2020
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
2.4.5-p1
Affected Plus Version:
Affected Architecture:
amd64

Description

Tests with CARP protocol, using CARP VIP option Squid status activated, the CARP IP type does not assume in the secondary pfsense.

CARP VIP Status: "Used to determine the HA MASTER/BACKUP status. Squid will be stopped when the chosen VIP is in BACKUP status, and started in MASTER status."

real tests simulating unavailability of the primary pfsense:

example: 192.168.0.30 --> CARP IP
pfsense 1:
[2.4.5-RELEASE][]/root: sockstat -4l | grep 3128
squid squid 14930 36 tcp4 192.168.0.31:3128 :*
squid squid 14930 37 tcp4 127.0.0.1:3128 *:
squid squid 14930 38 tcp4 192.168.0.30:3128 *:*

cat /usr/local/etc/squid/squid.conf | grep 3128

/usr/local/etc/squid/squid.conf
http_port 192.168.0.31:3128
http_port 127.0.0.1:3128
http_port 192.168.0.30:3128

pfsense 2:
[2.4.5-RELEASE][]/root: sockstat -4l | grep 3128
squid squid 44189 49 tcp4 192.168.0.32:3128 :*
squid squid 44189 50 tcp4 127.0.0.1:3128 *:

/usr/local/etc/squid/squid.conf
http_port 192.168.0.31:3128
http_port 127.0.0.1:3128

The CARP IP of the LAN changes temporarily in the secondary pfsense in a few seconds, then the squid service for navigation stops working.

Because it stops listening on the proxy port for IP CARP in pfsense 2.

[2.4.5-RELEASE][]/root: sockstat -4l | grep 3128
squid squid 59281 53 tcp4 192.168.0.32:3128 :*
squid squid 59281 54 tcp4 127.0.0.1:3128 *:
squid squid 59281 55 tcp4 192.168.0.30:3128 *:
[2.4.5-RELEASE][]/root: sockstat -4l | grep 3128
squid squid 59281 66 tcp4 192.168.0.32:3128 *:
squid squid 59281 67 tcp4 127.0.0.1:3128 *:*

Actions
Copy link

Also available in: Atom PDF