Project

General

Profile

Actions

Bug #5168

closed

squid doesn't function during/after HA failover

Added by Adam Thompson about 9 years ago. Updated almost 4 years ago.

Status:
Resolved
Priority:
High
Category:
Squid
Target version:
-
Start date:
09/18/2015
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Affected Version:
All
Affected Plus Version:
Affected Architecture:

Description

Per #2591, there is no spported way for squid to listen to a CARP VIP interface.
This means that HA isn't really HA for any scenario that enforces the use of a built-in proxy.

Per "Kill Bill"'s dismissive "use WPAD or whatever" answer, that solution ONLY works for desktop browsers that support WPAD "or whatever". Most non-browser software (e.g. pfsense itself!) requires a static proxy to be configured.

Simple solution: allow squid to service a VIP that fails over during a firewall failover event. Alternative solutions welcomed.

Without a way to do this, it is impossible (or rather, pointless!) to deploy pfSense as a high-availability solution in any environment that blocks direct outbound HTTP & HTTP/S. This is a bug, not a missing feature - it's equivalent to saying "HA works fine, just change your default gateway setting on every device".

Actions

Also available in: Atom PDF