Issues with WPAD not working for me.

cewjr9842 · May 18, 2017, 11:05 PM

I configured WPAD in DHCP settings and the DNS resolver as well.

with this config:

**function FindProxyForURL(url, host)
{
if (isPlainHostName(host) ||
shExpMatch(host, "*.local") ||
isInNet(dnsResolve(host), "192.168.1.1", "255.255.255.0"))
return "DIRECT";

return "PROXY 192.168.1.1:3128";
}**
and in DHCP settings its configured :

number: 252 type: string value: "http://wpad/wpad.dat"
number: 252 type: string value: "http://wpad/wpad.da"
number: 252 type: string value: "http://wpad/proxy.pac"

and in DNS resolver :

Host: wpad
Domain: my domain name
IP Address: 192.168.1.1
Description: WPAD Autoconfigure Host

For some reason I can not download the files when i browse to them in chrome.

When i do a nslookup wpad i get this below :
**C:\Users\cw>nslookup wpad
Server: pfsense.local

*** pfsense.local can't find wpad: Non-existent domain**

Also when i Curl i get this error below:
[2.3.3-RELEASE][admin@CaesarsNetwork.CEEsNETHOME]/root: curl http://wpad/proxy.pac
curl: (6) Could not resolve host: wpad

I also updated the mime types just to be safe even though i dont think i needed to.

I still can not get this to work to be ale to block HTTP and HTTPs traffic via squid-guard. Any help or a place to look and see what is going on would surely be appreciated.

C0RR0SIVE · May 19, 2017, 12:17 AM

Where are you placing the wpad files..? It's probably best to serve wpad files from a webserver other than the one on PFSense.

aGeekhere · May 19, 2017, 1:05 AM

function FindProxyForURL(url, host)
{
if (isPlainHostName(host) ||
shExpMatch(host, "*.local") ||
isInNet(dnsResolve(host), "192.168.1.1", "255.255.255.0"))
return "DIRECT";

return "PROXY 192.168.1.1:3128";
}

try


function FindProxyForURL(url, host) 
{ 
    if (isPlainHostName(host) ||
        shExpMatch(host, "*.local") ||
        isInNet(dnsResolve(host), "192.168.1.0",  "255.255.255.0"))
        return "DIRECT";

    return "PROXY 192.168.1.1:3128";
}

have a read though here https://forum.pfsense.org/index.php?topic=112335.0

cewjr9842 · May 19, 2017, 12:47 PM

Corrosive: I placed the files here : /usr/local/www.

aGeekHere: I am updating the files right now and will update you once its done.

KOM · May 19, 2017, 1:49 PM

IIRC, WPAD doesn't work with HTTPS so if you're using pfSense to serve them then you should be running WebGUI in HTTP mode.

cewjr9842 · May 19, 2017, 1:54 PM

@KOM:

IIRC, WPAD doesn't work with HTTPS so if you're using pfSense to serve them then you should be running WebGUI in HTTP mode.

i understand that. My WEBGUI is on port 8800/HTTP.

it still is not working after going through you guide exactly given from Ageekhere.

Also just FYI. I notice the files all are able to be downloaded in the browser, when i use my external windows 2016 webserver that I run on my VM, but im not sure of the configuration after that for http and https blocking in pfsense.
i am wondering if its something going on somehwere else when trying to use pfsense as the webserver.

cewjr9842 · May 22, 2017, 7:42 PM

one thing I am noticing is that when i go to http://192.168.1.30/wpad.dat in my browser it downloads, but when i access http://wpad/wpad.dat it seems to not work. Could this be an issue with DNS resolver?

marcelloc · May 22, 2017, 10:11 PM

why do you need the host as wpad? on most setups, the wpad url includes the ip address.

cewjr9842 · May 24, 2017, 3:26 PM

I was following the steps in the guide created by ageekhere to be able to filter HTTPS traffic.

https://forum.pfsense.org/index.php?topic=112335.0

One thing that is happening is when i enable the DNS host override it will not block any sites.
I wanted to do the WPAD so I would not have to do the MITM setup in the proxy. but at this point all I can get to work is the WPAD disabled with Transparent proxy enabled but of course its not blocking HTTPS traffic.

aGeekhere · May 25, 2017, 12:29 AM

One thing that is happening is when i enable the DNS host override it will not block any sites.

The DNS override on it's own does not block sites.

but at this point all I can get to work is the WPAD disabled with Transparent proxy enabled

Did you follow all the steps? it should work.

cewjr9842 · May 31, 2017, 7:31 PM

I followed every step to the T!

its crazy even when i try to browse to : http://192.168.1.1/wpad.dat or .da , or the proxy.pac file they are not downloading at all in chrome or IE.

aGeekhere · Jun 2, 2017, 11:50 PM

Do you have auto configure enabled in internet options?

jopeme · Jun 4, 2017, 7:18 PM

Have you tried setting dns suffix on windows client?

cewjr9842 · Jun 6, 2017, 7:22 PM

I got it working now. I had to use the unofficial WPAD package marcelloc created using nginx and it actually started working as it should. Thanks fellows!