PROXY x PROXY TRANSPARENTE
-
Folks,
I have a network of 100 computers where the vast majority are notebooks that users using in the company and also take in travel and homeoficce ...
I would like to use transparent proxy so I do not get to set the ip of the proxy and then remember to take it when I do not have it in the company ...
But I hit the question of SSL filter that in transparent proxy only handles via certificate and still has to do the import on the machine ..It would have some other simpler form:
- do not need to set the proxy in the browser
- no need to set / import certificate
- that you can block site https
- and integrate into squidguard
-
WPAD
https://doc.pfsense.org/index.php/WPAD_Autoconfigure_for_Squid
Note that some devices do not use WPAD and so they cannot auto-detect the proxy on their own. Android phones and tablets are bad for this, but Windows-based laptops should be fine.
-
You should use WPAD.
Try with these steps.Package creator pkg-wpad: marcelloc
Official info: https://github.com/marcelloc/Unofficial-pfSense-packages/tree/master/pkg-wpad
Author description: Distribute Web Proxy Auto-Discovery Protocol configuration scripts on a seperate NGINX directory, process and port to the webconfigurator. In order to run webconfigurator on secure HTTPS, while maintaining functional WPAD capabilities for your devices on HTTP.
Last update: Mayo 2018Steps to follows:
1 - Enter console or terminal ssh (Putty)
2 - Select option: 8) Shell
3 - Enter cd /root
4 - Enter uname -rs (to know FreeBSD version installed)
5 - Enter uname -m (to know pfsense architecture installed , amd64 or i386)
6 - Data from steps 4 and 5 , execute pgk command as appropriate:FreeBSD:10:amd64
pkg add https://github.com/marcelloc/Unofficial-pfSense-packages/raw/master/repo/FreeBSD:10:amd64/pfSense-pkg-WPAD-0.3.0.2.txzFreeBSD:10:i386
pkg add https://github.com/marcelloc/Unofficial-pfSense-packages/raw/master/repo/FreeBSD:10:i386/pfSense-pkg-WPAD-0.3.0.2.txzFreeBSD:11:amd64
pkg add https://github.com/marcelloc/Unofficial-pfSense-packages/raw/master/repo/FreeBSD:11:amd64/pfSense-pkg-WPAD-0.3.0.2.txz7 - Now into GUI interface of pfsense , new option WPAD in Services for configuration.
-
WPAD files need to be served from an HTTP server, not HTTPS. My method will work if you have an HTTP server, or pfSense WebGU running in HTTP mode. Chicago_cs's method will work if you do not have any HTTP server at all to use, so it installs nginx on your pfSense box and uses that to server the wpad files.
-
@massao said in PROXY x PROXY TRANSPARENTE:
Folks,
I have a network of 100 computers where the vast majority are notebooks that users using in the company and also take in travel and homeoficce ...
I would like to use transparent proxy so I do not get to set the ip of the proxy and then remember to take it when I do not have it in the company ...
But I hit the question of SSL filter that in transparent proxy only handles via certificate and still has to do the import on the machine ..It would have some other simpler form:
- do not need to set the proxy in the browser
- no need to set / import certificate
- that you can block site https
- and integrate into squidguard
Do you have DHCP server ? Or Active Directory?
-
I have yes DHCP but in mikrotik, and Active Directory in windows 2012 R2.
The structure looks like this: 2 Internet link arriving in Mikrotik, and mikrotik connected pfsense and AD -
@massao said in PROXY x PROXY TRANSPARENTE:
I have yes DHCP but in mikrotik, and Active Directory in windows 2012 R2.
The structure looks like this: 2 Internet link arriving in Mikrotik, and mikrotik connected pfsense and ADok .
Use your AD to host wpad file via IIS.
Use DHCP to serve wpad files.
all machine should be configured with "automatic detect settings" this can be done via AD too.Refer below link : https://findproxyforurl.com/deploying-wpad/
