Unofficial WPAD package for pfSense software
-
Here are install instructions for UNOFFICIAL wpad package for pfSense(R) software 2.3.x
It's based on forum tutorials to configure a second nginx instance to host pac file(s) in http and leave gui on https.
Under console/ssh, fetch the install script, check what it does if you want and then execute it.
Install
You can enable Unoffical repo creating or downloading the file below:2.3 AMD64
fetch -q -o /usr/local/etc/pkg/repos/Unofficial.conf https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/Unofficial.conf2.3 I386
fetch -q -o /usr/local/etc/pkg/repos/Unofficial.conf https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/Unofficiali386.conf2.4
fetch -q -o /usr/local/etc/pkg/repos/Unofficial.conf https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/Unofficial.24.confAfter fetching the repo file, you can see these packages under System -> Package Manager
Without enabling Unofficial repo, you can add it using console/ssh with
cd /root fetch https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/pkg-wpad/files/install_wpad_23.sh sh ./install_wpad_23.shManual Remove/uninstall
pkg delete pfSense-pkg-WpadOnce it finishes, all must be in place. If you do not see the menu after it finishes, try to install any pfSense package from GUI, like cron for example.
WARNING
Use it at your own risk.
This script does not install packages from freebsd.
-
This is amazing! Finally I can revert my web configurator back to HTTPS. I'll test this soon! :D
Thanks again for all the brilliant work Marcello <3
-
This is amazing! Finally I can revert my web configurator back to HTTPS. I'll test this soon! :D
Thanks again for all the brilliant work Marcello <3
Thanks! ;D
I did a small update right know to copy sgerror.php file(if exists) to the new nginx wpad instance dir.
-
Hi,
I have set this up. I am using squid transparent proxy. Unauthenticated users can access the internet by entering the squid proxy:port on all devices. Do you have a fix for this?
Thanks!
-
I have set this up. I am using squid transparent proxy. Unauthenticated users can access the internet by entering the squid proxy:port on all devices. Do you have a fix for this?
wpad will send squid proxy:port to the clients. You have to configure an authentication under squid to deny unauthenticated users to access the internet.
This is more a squid question then a wpad one. It's better to open a specific topic for it.
-
Should I set the webgui to https before running the script or it will make the change for me?
-
Should I set the webgui to https before running the script or it will make the change for me?
It seems that does not do the change for me. I had to do it manually.
Anyway, I am missing something, because I cant find the file on my browser.
I saw that the file is created in /usr/local/www/wpad0/ folder. It is named proxy.pac but has symlinks to wpad.dat and wpad.da
I tried to download the file by entering in the browser "http://pfsense/wpad0/wpad.dat" and tried "http://pfsense/wpad.dat", but get a "File Not Found" error in the browser.
-
Should I set the webgui to https before running the script or it will make the change for me?
Manual. Set it to https and disable web gui redirect
-
I tried to download the file by entering in the browser "http://pfsense/wpad0/wpad.dat" and tried "http://pfsense/wpad.dat", but get a "File Not Found" error in the browser.
Http://pfsense/proxy.pac without the wpad0 dir
-
I tried to download the file by entering in the browser "http://pfsense/wpad0/wpad.dat" and tried "http://pfsense/wpad.dat", but get a "File Not Found" error in the browser.
Http://pfsense/proxy.pac without the wpad0 dir
Right now I cant test it, but why enter http twice?
In debian webserver I dont have to do that to download the file -
Right now I cant test it, but why enter http twice?
Cellphone keyboard trying to be smart
-
Right now I cant test it, but why enter http twice?
Cellphone keyboard trying to be smart
Machine is turn off. Have to wait.
-
I tried to download the file by entering in the browser "http://pfsense/wpad0/wpad.dat" and tried "http://pfsense/wpad.dat", but get a "File Not Found" error in the browser.
Http://pfsense/proxy.pac without the wpad0 dir
Just tried to do http://Http://pfsense/proxy.pac. Did not work. Tried http://pfsense/proxy.pac, this worked. So the problem are the symlinks.
-
I tried to download the file by entering in the browser "http://pfsense/wpad0/wpad.dat" and tried "http://pfsense/wpad.dat", but get a "File Not Found" error in the browser.
Http://pfsense/proxy.pac without the wpad0 dir
Just tried to do http://Http://pfsense/proxy.pac. Did not work. Tried http://pfsense/proxy.pac, this worked. So the problem are the symlinks.
Since this was a test VM I went back before installing the wpad pkg. Make the webgui https before installing wpad. Installed wpad and did the config for one proxy.pac.
Tried again with http://pfsense/wpad.dat and it worked.
So actually is important to make the webgui https before installing.
Maybe there should be an abort message in the script making the advice to do the change before running the script in full.
-
The package will install but will not enable if you have https and redirect checkbox selected under advanced settings.
I'll include a test for http only configured firewall even if package description says it's useful to keep gui on https and have wpad on http.
-
@ Marcelloc, the package will not install after i run the : sh ./install_wpad_23.sh.
I get this when I run : sh ./install_wpad_23.sh fromthe root directory:
/root: sh ./install_wpad_23.sh
amd64 system
pkg: https://github.com/marcelloc/Unofficial-pfSense-packages/raw/master/repo/pfSense-pkg-Wpad-0.2.3.txz: Not FoundI am on 2.3.4(amd64). Am i doing something wrong?
-
I am on 2.3.4(amd64). Am i doing something wrong?
No. The package info on topic was updated before I had time to update the repo.
https://github.com/marcelloc/Unofficial-pfSense-packages/commit/97a00996dfa0ef4b8dc60e48e9ddbe399eebb7d8
I did it right now, so you can run the install script again.
-
Thank you marcelloc for creating this package. I've been keeping the vhost package alive on my box just for this purpose.
Question, do you know of a quick way to suppress logging to the syslog? Notice its getting filled up as clients are accessing it for the wpad file. I need to dig deeper (wireshark) to see what is really causing it but figured I'd ask since I'm not familiar with nginx
Jun 1 21:04:36 pfsense.home.lan nginx: 2017/06/01 21:04:36 [error] 48243#100253: accept4() failed (53: Software caused connection abort) Jun 1 21:04:00 pfsense.home.lan nginx: 2017/06/01 21:04:00 [error] 48243#100253: accept4() failed (53: Software caused connection abort) Jun 1 21:03:45 pfsense.home.lan nginx: 2017/06/01 21:03:45 [error] 48243#100253: accept4() failed (53: Software caused connection abort) Jun 1 21:03:20 pfsense.home.lan nginx: 2017/06/01 21:03:20 [error] 48243#100253: accept4() failed (53: Software caused connection abort) Jun 1 21:03:11 pfsense.home.lan nginx: 2017/06/01 21:03:11 [error] 48243#100253: accept4() failed (53: Software caused connection abort) Jun 1 21:02:55 pfsense.home.lan nginx: 2017/06/01 21:02:55 [error] 48243#100253: accept4() failed (53: Software caused connection abort) -
Thank you marcelloc for creating this package. I've been keeping the vhost package alive on my box just for this purpose.
Thanks Cino! :)
Question, do you know of a quick way to suppress logging to the syslog?
Take a look on /usr/local/pkg/wpad_nginx.template file. Change the log destination to a local file for example.
# nginx configuration file user root wheel; worker_processes {$wpad_workers}; pid /var/run/nginx_wpad{$wpad_index}.pid; error_log syslog:server=unix:/var/run/log,facility=local5; events { worker_connections 1024; } . . .https://www.digitalocean.com/community/tutorials/how-to-configure-logging-and-log-rotation-in-nginx-on-an-ubuntu-vps
-
thank you sir!
Would it be possible to insert the application/x-ns-proxy-autoconfig MIME?
/usr/local/etc/nginx/mime.types
application/x-ns-proxy-autoconfig pac; application/x-ns-proxy-autoconfig dat; application/x-ns-proxy-autoconfig da;
