Bug #10741
closedFails with CARP VIP Status - SQUID
0%
Description
Tests with CARP protocol, using CARP VIP option Squid status activated, the CARP IP type does not assume in the secondary pfsense.
CARP VIP Status: "Used to determine the HA MASTER/BACKUP status. Squid will be stopped when the chosen VIP is in BACKUP status, and started in MASTER status."
real tests simulating unavailability of the primary pfsense:
example: 192.168.0.30 --> CARP IP
pfsense 1:
[2.4.5-RELEASE][root@pf1.local]/root: sockstat -4l | grep 3128
squid squid 14930 36 tcp4 192.168.0.31:3128 :*
squid squid 14930 37 tcp4 127.0.0.1:3128 *:
squid squid 14930 38 tcp4 192.168.0.30:3128 *:*
cat /usr/local/etc/squid/squid.conf | grep 3128
/usr/local/etc/squid/squid.conf
http_port 192.168.0.31:3128
http_port 127.0.0.1:3128
http_port 192.168.0.30:3128
pfsense 2:
[2.4.5-RELEASE][root@pf2.alfaws1.com.br]/root: sockstat -4l | grep 3128
squid squid 44189 49 tcp4 192.168.0.32:3128 :*
squid squid 44189 50 tcp4 127.0.0.1:3128 *:
/usr/local/etc/squid/squid.conf
http_port 192.168.0.31:3128
http_port 127.0.0.1:3128
The CARP IP of the LAN changes temporarily in the secondary pfsense in a few seconds, then the squid service for navigation stops working.
Because it stops listening on the proxy port for IP CARP in pfsense 2.
[2.4.5-RELEASE][root@pf2.local]/root: sockstat -4l | grep 3128
squid squid 59281 53 tcp4 192.168.0.32:3128 :*
squid squid 59281 54 tcp4 127.0.0.1:3128 *:
squid squid 59281 55 tcp4 192.168.0.30:3128 *:
[2.4.5-RELEASE][root@pf2.local]/root: sockstat -4l | grep 3128
squid squid 59281 66 tcp4 192.168.0.32:3128 *:
squid squid 59281 67 tcp4 127.0.0.1:3128 *:*