Issues with WPAD not working for me.

cewjr9842

I configured WPAD in DHCP settings and the DNS resolver as well.

with this config:

**function FindProxyForURL(url, host)
{
    if (isPlainHostName(host) ||
        shExpMatch(host, "*.local") ||
        isInNet(dnsResolve(host), "192.168.1.1",  "255.255.255.0"))
        return "DIRECT";

return "PROXY 192.168.1.1:3128";
}**
and in DHCP settings its configured :

number: 252 type: string value: "http://wpad/wpad.dat"
number: 252 type: string value: "http://wpad/wpad.da"
number: 252 type: string value: "http://wpad/proxy.pac"

and in DNS resolver :

Host: wpad
Domain: my domain name
IP Address: 192.168.1.1
Description: WPAD Autoconfigure Host

For some reason I can not download the files when i browse to them in chrome.

When i do a nslookup wpad i get this below :
**C:\Users\cw>nslookup wpad
Server:  pfsense.local

*** pfsense.local can't find wpad: Non-existent domain**

Also when i Curl i get this error below:
[2.3.3-RELEASE][admin@CaesarsNetwork.CEEsNETHOME]/root: curl http://wpad/proxy.pac
curl: (6) Could not resolve host: wpad

I also updated the mime types just to be safe even though  i dont think i needed to.

I still can not get this to work to be ale to block HTTP and HTTPs traffic via squid-guard. Any help or a place to look and see what is going on would surely be appreciated.

C0RR0SIVE

Where are you placing the wpad files..?  It's probably best to serve wpad files from a webserver other than the one on PFSense.

aGeekhere

function FindProxyForURL(url, host)
{
    if (isPlainHostName(host) ||
        shExpMatch(host, "*.local") ||
        isInNet(dnsResolve(host), "192.168.1.1",  "255.255.255.0"))
        return "DIRECT";

return "PROXY 192.168.1.1:3128";
}

try

function FindProxyForURL(url, host) 
{ 
    if (isPlainHostName(host) ||
        shExpMatch(host, "*.local") ||
        isInNet(dnsResolve(host), "192.168.1.0",  "255.255.255.0"))
        return "DIRECT";

    return "PROXY 192.168.1.1:3128";
} 

have a read though here https://forum.pfsense.org/index.php?topic=112335.0

cewjr9842

Corrosive: I placed the files here :  /usr/local/www.

aGeekHere: I am updating the files right now and will update you once its done.

KOM

IIRC, WPAD doesn't work with HTTPS so if you're using pfSense to serve them then you should be running WebGUI in HTTP mode.

cewjr9842

@KOM:

IIRC, WPAD doesn't work with HTTPS so if you're using pfSense to serve them then you should be running WebGUI in HTTP mode.

i understand that. My WEBGUI is on port 8800/HTTP.

it still is not working after going through you guide exactly given from Ageekhere.

Also just FYI. I notice the files all are able to be downloaded in the browser, when i use my external windows 2016 webserver that I run on my VM, but im not sure of the configuration after that for http and https blocking in pfsense.
i am wondering if its something going on somehwere else when trying to use pfsense as the webserver.

cewjr9842

one thing I am noticing is that when i go to http://192.168.1.30/wpad.dat in my browser it downloads, but when i access http://wpad/wpad.dat it seems to not work. Could this be an issue with DNS resolver?

marcelloc

why do you need the host as wpad? on most setups, the wpad url includes the ip address.

cewjr9842

I was following the steps in the guide created by ageekhere to be able to filter HTTPS traffic.

https://forum.pfsense.org/index.php?topic=112335.0

One thing that is happening is when i enable the DNS host override it will not block any sites.
I wanted to do the WPAD  so I would not have to do the MITM setup in the proxy. but at this point all I can get to work is the WPAD disabled with Transparent proxy enabled but of course its not blocking HTTPS traffic.

aGeekhere

One thing that is happening is when i enable the DNS host override it will not block any sites.

The DNS override on it's own does not block sites.

but at this point all I can get to work is the WPAD disabled with Transparent proxy enabled

Did you follow all the steps? it should work.

cewjr9842

I followed every step to the T!

its crazy even when i try to browse to : http://192.168.1.1/wpad.dat or .da , or the proxy.pac file they are not downloading at all in chrome or IE.

aGeekhere

Do you have auto configure enabled in internet options?

jopeme

Have you tried setting dns suffix on windows client?

cewjr9842

I got it working now. I had to use the unofficial WPAD package marcelloc created using nginx and it actually started working as it should. Thanks fellows!