Hi Eliezer,
I'm not using SSL-Bump, I have a 100Mbit/s fiber connection and an SDSL 4Mbit/s.
By default, all traffic goes through the SDSL except traffic to our production and VPN site-to-site.
Squid running on the same box where I use shorewall to route marked packets and is directly connected to internet.
Now, I want to mark packets with squid regarding dstdomain ACLs in order to "route" them on the 100Mb/s link.
It works as expected with http but not for https (CONNECT)
Best Regard,
Sebastien
________________________________________
De : Eliezer Croitoru [eliezer@ngtech.co.il]
Date d'envoi : mardi 11 décembre 2012 17:37
Ŕ : squid-users@squid-cache.org
Objet : Re: [squid-users] tcp_outgoing_mark + https
Hey Sebastien,
Are you using ssl-bump at all? or just plain CONNECT requests?
Else then the problem If you can explain more about the situation or the
goal in more the just ROUTE web traffic over WAN connections.
Do you have preference for specific routes? maybe you just want to
load-balance?
Maybe your approach is not in the right direction anyway?
Regards,
Eliezer
On 12/11/2012 4:00 PM, Sébastien WENSKE wrote:
> Hi List,
>
> I'm trying the "tcp_outgoing_mark" feature with dstdomain acls in order to
> "route" web traffic on several WAN links, but I noticed that it doesn't
> works with https requests.
>
> Does someone know how to achieve this?
>
> Many Thanks.
> Sebastien
>
--
Eliezer Croitoru
https://www1.ngtech.co.il
sip:ngtech@sip2sip.info
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il
Received on Tue Dec 11 2012 - 17:50:27 MST
This archive was generated by hypermail 2.2.0 : Wed Dec 12 2012 - 12:00:04 MST