Well, I was really hoping to not have to fall back to linux. I really believe my problem has something to do with the GRE tunnel. I enabled a kernel option net.inet.gre.wccp=1 which I believe is all I need. When I had just net.inet.gre.allow turned on, I was getting port 47 unreachable. I saw several posts on Google talking about a patch for FreeBSD but no word of such a one for OpenBSD.
Hello Eric,
if this problem is really the GRE issue, I won't help you too much, but may be it is not :-)
If I set the browser proxy to port 80 on the squid box, the redirection to port 3128 is working as well. This is what has lead me to believe it has to be an issue with the GRE encapsulation/unencapsulation.This test only means your Squid serves well as a proxy, but you want to have it in accelerator mode, right?
So, I assume you already have: httpd_accel_uses_host_header on httpd_accel_with_proxy off (on, if you need the proxy mode too) httpd_accel_port 80 httpd_accel_host virtual
Another thought - what is your MTU at your Squid Box? Check whether it is 1500.
I realised just yestereday the WCCP router had to fragment incomming packets because of the GRE encapsulation. So I set the MTU at the Squid box to 1460 and it was really a silly idea :-)
When you are in the intercept mode, WCCP router redirecs TCP packets going to port 80 to the Squid box. But when the MTU of a new connection is being decided, the Squid box is not in the way! This is done by icmp protocol, which does not flow through the Squid box (the router does not redirect this protocol), so IF the Squid box's MTU is the lowest on the path between the WWW client and WWW server, the connection fails.
So, I set it back to 1500 quite quickly :-)
Best regards, Marji
