After much testing and pondering, my attempts to get this working have
failed. I have FreeBSD 4.9-Stable and a 2611 router. This used to work
perfectly with FreeBSD 4.6. Once I get the GRE tunnel up I can ping
between the hosts no problem. When I activate WCCP it sees squid and
forwards packets, but that's where I am stuck. I am not getting any hits
on my IPFW redirect. When I point the browser directly to the gre
interface, port 80, it works though. Here is what a failed WCCP req
looks like at the proxy interface...

root@dome Sat 07 10:16:56[/]# tcpdump -nvpi gre0
tcpdump: listening on gre0
10:18:28.525760 192.168.201.1 > 192.168.201.2: gre gre-proto-0x883E (ttl
255, id 12, len 72)
10:18:30.681303 192.168.201.1 > 192.168.201.2: gre gre-proto-0x883E (ttl
255, id 13, len 72)
10:18:32.128585 192.168.201.2.2048 > 192.168.201.1.2048: [udp sum ok]
udp 52 (ttl 64, id 60324, len 80)
10:18:32.131244 192.168.201.1.2048 > 192.168.201.2.2048: [udp sum ok]
udp 64 (ttl 255, id 20220, len 92)
10:18:33.645334 192.168.201.1 > 192.168.201.2: gre gre-proto-0x883E (ttl
255, id 14, len 72)
10:18:39.580227 192.168.201.1 > 192.168.201.2: gre gre-proto-0x883E (ttl
255, id 15, len 72)
10:18:42.578353 192.168.201.2.2048 > 192.168.201.1.2048: [udp sum ok]
udp 52 (ttl 64, id 60330, len 80)
10:18:42.580954 192.168.201.1.2048 > 192.168.201.2.2048: [udp sum ok]
udp 64 (ttl 255, id 20223, len 92)
10:18:52.698008 192.168.201.2.2048 > 192.168.201.1.2048: [udp sum ok]
udp 52 (ttl 64, id 60337, len 80)
10:18:52.700669 192.168.201.1.2048 > 192.168.201.2.2048: [udp sum ok]
udp 64 (ttl 255, id 20225, len 92)

Then I just get "Page cannot be displayed". I recall seeing that GRE was
broke on 4.9 which is the only explanation I can come up with as I have
tried everything. Or am I missing something? Here are the config
details:


FReeBSD info:

ifconfig gre0 destroy
ifconfig gre0 create
ifconfig gre0 192.168.201.2 192.168.201.1 netmask 255.255.255.252 link1
ifconfig gre0 tunnel 192.168.200.2 192.168.200.1 up

gre0: flags=b051 mtu 1476
inet 192.168.201.2 --> 192.168.201.1 netmask 0xfffffffc
inet6 fe80::208:c7ff:fed9:cb83%gre0 prefixlen 64 scopeid 0x8


root@dome Sat 07 10:14:39[/]# ping 192.168.201.1
PING 192.168.201.1 (192.168.201.1): 56 data bytes
64 bytes from 192.168.201.1: icmp_seq=0 ttl=255 time=2.000 ms
64 bytes from 192.168.201.1: icmp_seq=1 ttl=255 time=2.027 ms
64 bytes from 192.168.201.1: icmp_seq=2 ttl=255 time=2.084 ms

Note: GRE on isolated /30.

root@dome Sat 07 10:16:35[/]# ipfw -d show
00030 44724 19062106 allow ip from any to any via lo0
00031 162542 53667451 allow ip from any to any via fxp0
00041 90 8148 allow udp from 192.168.201.1 to any in recv gre0
00042 95 8700 allow udp from 192.168.201.2 to any out xmit gre0
00043 67 4808 allow gre from 192.168.201.1 to any in recv gre0
00044 0 0 fwd 127.0.0.1,3128 tcp from any to any dst-port 80
via gre0 in


Squid info:

wccp_router 192.168.201.1
wccp_version 4


root@dome Sat 07 10:13:25[/]# /usr/local/etc/rc.d/squid.sh start
squidroot@dome Sat 07 10:13:27[/]# Feb 7 10:13:27 dome squid[14101]:
Squid Parent: child process 14103 started
Feb 7 10:13:28 dome squid[14103]: Starting Squid Cache version
2.5.STABLE4 for i386-unknown-freebsd4.9...
Feb 7 10:13:28 dome squid[14103]: Process ID 14103
Feb 7 10:13:28 dome squid[14103]: With 3584 file descriptors available
Feb 7 10:13:28 dome squid[14103]: Performing DNS Tests...
Feb 7 10:13:28 dome squid[14103]: Successful DNS name lookup tests...
Feb 7 10:13:28 dome squid[14103]: DNS Socket created at 0.0.0.0, port
2830, FD 5
Feb 7 10:13:28 dome squid[14103]: Adding nameserver 127.0.0.1 from
squid.conf
Feb 7 10:13:28 dome squid[14103]: Unlinkd pipe opened on FD 10
Feb 7 10:13:28 dome squid[14103]: Swap maxSize 512000 KB, estimated
39384 objects
Feb 7 10:13:28 dome squid[14103]: Target number of buckets: 1969
Feb 7 10:13:28 dome squid[14103]: Using 8192 Store buckets
Feb 7 10:13:28 dome squid[14103]: Max Mem size: 8192 KB
Feb 7 10:13:28 dome squid[14103]: Max Swap size: 512000 KB
Feb 7 10:13:28 dome squid[14103]: Rebuilding storage in /var/webcache
(CLEAN)
Feb 7 10:13:28 dome squid[14103]: Using Least Load store dir selection
Feb 7 10:13:28 dome squid[14103]: Current Directory is
/usr/local/squid/var/logs
Feb 7 10:13:28 dome squid[14103]: Loaded Icons.
Feb 7 10:13:28 dome squid[14103]: Accepting HTTP connections at
0.0.0.0, port 3128, FD 12.
Feb 7 10:13:28 dome squid[14103]: Accepting ICP messages at 0.0.0.0,
port 3130, FD 13.
Feb 7 10:13:28 dome squid[14103]: Accepting WCCP messages on port 2048,
FD 14.
Feb 7 10:13:28 dome squid[14103]: Ready to serve requests.


2611 info:

ip wccp version 1
ip wccp web-cache redirect-list 1

interface ATM0/0.1 point-to-point
ip address 10.100.1.56 255.255.0.0
ip access-group 105 in
ip nat outside
ip wccp web-cache redirect out
pvc 8/35
encapsulation aal5snap

interface Tunnel0
ip address 192.168.201.1 255.255.255.252
tunnel source 192.168.200.1
tunnel destination 192.168.200.2

access-list 1 remark Permit-Local-Nets
access-list 1 permit 192.168.200.0 0.0.0.255


#sh ip wccp
Global WCCP information:
Router information:
Router Identifier: 192.168.201.1
Protocol Version: 1.0

Service Identifier: web-cache
Number of Cache Engines: 1
Number of routers: 1
Total Packets Redirected: 66
Redirect access-list: 1
Total Packets Denied Redirect: 0
Total Packets Unassigned: 0
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0

#sh ip wccp web-cache detail
WCCP Cache-Engine information:
IP Address: 192.168.201.2
Protocol Version: 0.4
State: Usable
Initial Hash Info: 00000000000000000000000000000000
00000000000000000000000000000000
Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Hash Allotment: 256 (100.00%)
Packets Redirected: 7
Connect Time: 00:02:29

#sh int tun0
Tunnel0 is up, line protocol is up
Hardware is Tunnel
Internet address is 192.168.201.1/30
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 192.168.200.1, destination 192.168.200.2
Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled
Checksumming of packets disabled, fast tunneling enabled
Last input 00:00:09, output 00:00:09, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/0, 1 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
800 packets input, 108454 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
1540 packets output, 170431 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out

#ping 192.168.201.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.201.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms


This looks good from BSD...


root@dome Sat 07 10:31:10[/]# tcpdump -nvpi gre0 icmp
tcpdump: listening on gre0
10:31:20.347169 192.168.201.1 > 192.168.201.2: icmp: echo request (ttl
255, id 40, len 100)
10:31:20.347205 192.168.201.2 > 192.168.201.1: icmp: echo reply (ttl 64,
id 61500, len 100)
10:31:20.351173 192.168.201.1 > 192.168.201.2: icmp: echo request (ttl
255, id 41, len 100)
10:31:20.351189 192.168.201.2 > 192.168.201.1: icmp: echo reply (ttl 64,
id 61502, len 100)
10:31:20.354802 192.168.201.1 > 192.168.201.2: icmp: echo request (ttl
255, id 42, len 100)
10:31:20.354818 192.168.201.2 > 192.168.201.1: icmp: echo reply (ttl 64,
id 61504, len 100)
10:31:20.358599 192.168.201.1 > 192.168.201.2: icmp: echo request (ttl
255, id 43, len 100)
10:31:20.358616 192.168.201.2 > 192.168.201.1: icmp: echo reply (ttl 64,
id 61506, len 100)
10:31:20.362212 192.168.201.1 > 192.168.201.2: icmp: echo request (ttl
255, id 44, len 100)
10:31:20.362228 192.168.201.2 > 192.168.201.1: icmp: echo reply (ttl 64,
id 61508, len 100)