On 14.02.2012 10:49, zongo saiba wrote:
Greetings,
I have squid 3.1.18 running very smoothly at the moment and
management wants to add a vpn on the top.
Squid be running on dedicated box and vpn be running on another
dedicated box. Same network with NAT.
I did a run test with "tcp_outgoing_address"; outgoing to vpn but got
error "cant bind socket". I understand that traffic from squid cant
bind to socket of vpn server but is there another way around ? Is it
at all feasible ?
Yes, there are two ways.
either 1) the Squid box need to be a member of the VPN subnet with an
allocated IP from there same as any other machine in it.
That IP is what tcp_outgoing_address uses for VPN traffic.
or, 2) Squid set tcp_outgoing_tos on requests intended for the VPN.
In both cases the system routing picks up the TOS or IP value and
routes those packets through the VPN. This may also involve some
firewall changes.
PS. if you have a disk cache please upgrade to 3.1.19 ASAP and wipe
swap.state (or whole cache) during the upgrade process. There is a
swap.state corruption issue in 3.1.17 - 3.1.18.
Amos
