Unofficial WPAD package for pfSense software
-
Here are install instructions for UNOFFICIAL wpad package for pfSense(R) software 2.3.x
It's based on forum tutorials to configure a second nginx instance to host pac file(s) in http and leave gui on https.
Under console/ssh, fetch the install script, check what it does if you want and then execute it.
Install
You can enable Unoffical repo creating or downloading the file below:2.3 AMD64
fetch -q -o /usr/local/etc/pkg/repos/Unofficial.conf https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/Unofficial.conf2.3 I386
fetch -q -o /usr/local/etc/pkg/repos/Unofficial.conf https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/Unofficiali386.conf2.4
fetch -q -o /usr/local/etc/pkg/repos/Unofficial.conf https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/Unofficial.24.confAfter fetching the repo file, you can see these packages under System -> Package Manager
Without enabling Unofficial repo, you can add it using console/ssh with
cd /root fetch https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/pkg-wpad/files/install_wpad_23.sh sh ./install_wpad_23.shManual Remove/uninstall
pkg delete pfSense-pkg-WpadOnce it finishes, all must be in place. If you do not see the menu after it finishes, try to install any pfSense package from GUI, like cron for example.
WARNING
Use it at your own risk.
This script does not install packages from freebsd.
-
This is amazing! Finally I can revert my web configurator back to HTTPS. I'll test this soon! :D
Thanks again for all the brilliant work Marcello <3
-
This is amazing! Finally I can revert my web configurator back to HTTPS. I'll test this soon! :D
Thanks again for all the brilliant work Marcello <3
Thanks! ;D
I did a small update right know to copy sgerror.php file(if exists) to the new nginx wpad instance dir.
-
Hi,
I have set this up. I am using squid transparent proxy. Unauthenticated users can access the internet by entering the squid proxy:port on all devices. Do you have a fix for this?
Thanks!
-
I have set this up. I am using squid transparent proxy. Unauthenticated users can access the internet by entering the squid proxy:port on all devices. Do you have a fix for this?
wpad will send squid proxy:port to the clients. You have to configure an authentication under squid to deny unauthenticated users to access the internet.
This is more a squid question then a wpad one. It's better to open a specific topic for it.
-
Should I set the webgui to https before running the script or it will make the change for me?
-
Should I set the webgui to https before running the script or it will make the change for me?
It seems that does not do the change for me. I had to do it manually.
Anyway, I am missing something, because I cant find the file on my browser.
I saw that the file is created in /usr/local/www/wpad0/ folder. It is named proxy.pac but has symlinks to wpad.dat and wpad.da
I tried to download the file by entering in the browser "http://pfsense/wpad0/wpad.dat" and tried "http://pfsense/wpad.dat", but get a "File Not Found" error in the browser.
-
Should I set the webgui to https before running the script or it will make the change for me?
Manual. Set it to https and disable web gui redirect
-
I tried to download the file by entering in the browser "http://pfsense/wpad0/wpad.dat" and tried "http://pfsense/wpad.dat", but get a "File Not Found" error in the browser.
Http://pfsense/proxy.pac without the wpad0 dir
-
I tried to download the file by entering in the browser "http://pfsense/wpad0/wpad.dat" and tried "http://pfsense/wpad.dat", but get a "File Not Found" error in the browser.
Http://pfsense/proxy.pac without the wpad0 dir
Right now I cant test it, but why enter http twice?
In debian webserver I dont have to do that to download the file -
Right now I cant test it, but why enter http twice?
Cellphone keyboard trying to be smart
-
Right now I cant test it, but why enter http twice?
Cellphone keyboard trying to be smart
Machine is turn off. Have to wait.
-
I tried to download the file by entering in the browser "http://pfsense/wpad0/wpad.dat" and tried "http://pfsense/wpad.dat", but get a "File Not Found" error in the browser.
Http://pfsense/proxy.pac without the wpad0 dir
Just tried to do http://Http://pfsense/proxy.pac. Did not work. Tried http://pfsense/proxy.pac, this worked. So the problem are the symlinks.
-
I tried to download the file by entering in the browser "http://pfsense/wpad0/wpad.dat" and tried "http://pfsense/wpad.dat", but get a "File Not Found" error in the browser.
Http://pfsense/proxy.pac without the wpad0 dir
Just tried to do http://Http://pfsense/proxy.pac. Did not work. Tried http://pfsense/proxy.pac, this worked. So the problem are the symlinks.
Since this was a test VM I went back before installing the wpad pkg. Make the webgui https before installing wpad. Installed wpad and did the config for one proxy.pac.
Tried again with http://pfsense/wpad.dat and it worked.
So actually is important to make the webgui https before installing.
Maybe there should be an abort message in the script making the advice to do the change before running the script in full.
-
The package will install but will not enable if you have https and redirect checkbox selected under advanced settings.
I'll include a test for http only configured firewall even if package description says it's useful to keep gui on https and have wpad on http.
-
@ Marcelloc, the package will not install after i run the : sh ./install_wpad_23.sh.
I get this when I run : sh ./install_wpad_23.sh fromthe root directory:
/root: sh ./install_wpad_23.sh
amd64 system
pkg: https://github.com/marcelloc/Unofficial-pfSense-packages/raw/master/repo/pfSense-pkg-Wpad-0.2.3.txz: Not FoundI am on 2.3.4(amd64). Am i doing something wrong?
-
I am on 2.3.4(amd64). Am i doing something wrong?
No. The package info on topic was updated before I had time to update the repo.
https://github.com/marcelloc/Unofficial-pfSense-packages/commit/97a00996dfa0ef4b8dc60e48e9ddbe399eebb7d8
I did it right now, so you can run the install script again.
-
Thank you marcelloc for creating this package. I've been keeping the vhost package alive on my box just for this purpose.
Question, do you know of a quick way to suppress logging to the syslog? Notice its getting filled up as clients are accessing it for the wpad file. I need to dig deeper (wireshark) to see what is really causing it but figured I'd ask since I'm not familiar with nginx
Jun 1 21:04:36 pfsense.home.lan nginx: 2017/06/01 21:04:36 [error] 48243#100253: accept4() failed (53: Software caused connection abort) Jun 1 21:04:00 pfsense.home.lan nginx: 2017/06/01 21:04:00 [error] 48243#100253: accept4() failed (53: Software caused connection abort) Jun 1 21:03:45 pfsense.home.lan nginx: 2017/06/01 21:03:45 [error] 48243#100253: accept4() failed (53: Software caused connection abort) Jun 1 21:03:20 pfsense.home.lan nginx: 2017/06/01 21:03:20 [error] 48243#100253: accept4() failed (53: Software caused connection abort) Jun 1 21:03:11 pfsense.home.lan nginx: 2017/06/01 21:03:11 [error] 48243#100253: accept4() failed (53: Software caused connection abort) Jun 1 21:02:55 pfsense.home.lan nginx: 2017/06/01 21:02:55 [error] 48243#100253: accept4() failed (53: Software caused connection abort) -
Thank you marcelloc for creating this package. I've been keeping the vhost package alive on my box just for this purpose.
Thanks Cino! :)
Question, do you know of a quick way to suppress logging to the syslog?
Take a look on /usr/local/pkg/wpad_nginx.template file. Change the log destination to a local file for example.
# nginx configuration file user root wheel; worker_processes {$wpad_workers}; pid /var/run/nginx_wpad{$wpad_index}.pid; error_log syslog:server=unix:/var/run/log,facility=local5; events { worker_connections 1024; } . . .https://www.digitalocean.com/community/tutorials/how-to-configure-logging-and-log-rotation-in-nginx-on-an-ubuntu-vps
-
thank you sir!
Would it be possible to insert the application/x-ns-proxy-autoconfig MIME?
/usr/local/etc/nginx/mime.types
application/x-ns-proxy-autoconfig pac; application/x-ns-proxy-autoconfig dat; application/x-ns-proxy-autoconfig da; -
Would it be possible to insert the application/x-ns-proxy-autoconfig MIME?
sure! check if new version is fine with mime types.
-
I see what you did there. Smart, it doesn't touch the defaults. Suggestion, remove /t and add 4 spaces. This way its consistent with the rest of the file layout. I dont see any tabs.
-
Hi Marcelloc,
Can you possible give us a full install documentation of this https filtering using wpad. I mean the whole setup. I have not followed this topic since I am new here and I want to know more about this. Thanks
-
Hi Marcelloc,
Can you possible give us a full install documentation of this https filtering using wpad. I mean the whole setup. I have not followed this topic since I am new here and I want to know more about this. Thanks
The first topic has the install instructions. I prefer enabling the Unofficial repo and installing it using GUI, then access services -> wpad and configuring it typing suggested default settings.
-
After configuring wpad it is necessary to configure something more like for example dns host overrides, dhcp, firewall rules or the package takes care of all that?
I am testing it from a subnet called vlan102 and if I configure it in the proxy configuration of url browsers http://pfsense.domain.local/proxy.pac file it works perfectly, but if I activate the autodectection in these browsers then it does not work.
In /usr/local/etc/nginx/nginx_wpad0.conf i see this:server {
listen 10.0.0.1:80;
server_name wpad.localdomain
server name 127.0.0.1
client_max_body_size 200m;I think it is stranger that server name is wpad.localdomain? and 127.0.0.1 ? My lan ip address is 10.0.0.1
These are my rules in this interface (second rule is necessary to load http://pfsense.domain.local/proxy.pac) and all http and https go to 3128 squid port:
Thanks.
-
For autodetect, you need to configure wpad.your.domain.local to resolve fw ip address and also define wpad records on dns.
-
I know how to setting dns records on dns resolver services -> hosts overrides and i write :
host: wpad
domain: domain.local
ip: 10.0.0.1I don't understand what do you mean "you need to configure wpad.your.domain.local to resolve fw ip address". How to ?
Sorry for my english.
Thanks again.
-
That's exactly what you did. Client's browsers will look for proxy.pac file under wpad.you.domain.local/proxy.pac
-
I hope it would have been a full documented setup configuration and not only this unofficial wpad install because subsequently there will be follow up questions related to this setup which will be answered one by one which is unproductive.
ofcourse we do appreciate this wpad easily install.
-
For autodetect, you need to configure wpad.your.domain.local to resolve fw ip address and also define wpad records on dns.
Marcelloc. Please when you have the time, add a note to the Install instructions that we have to make the DNS or DHCP settings for auto-detection. If possible giving an example for the sake of novice users.
-
For autodetect, you need to configure wpad.your.domain.local to resolve fw ip address and also define wpad records on dns.
Marcelloc. Please when you have the time, add a note to the Install instructions that we have to make the DNS or DHCP settings for auto-detection. If possible giving an example for the sake of novice users.
This should help:
https://doc.pfsense.org/index.php/WPAD_Autoconfigure_for_Squid
https://forum.pfsense.org/index.php?topic=112335.0
-
If you would please, we would be very grateful for a more detailed guide.
Thanks. -
Nice! Can you make this package official?
-
Nice! Can you make this package official?
I can submit a pull request to oficial repo. But need core team review to get merged.
-
Nice! Can you make this package official?
I can submit a pull request to oficial repo. But need core team review to get merged.
That would be great!
-
Thanks, great !
-
any news on if this will make it to official package status?
-
Hi,
squid+WPAD bypasses my captive portal. Is there any other way?
Thanks,
Chaz -
Nice! Can you make this package official?
I can submit a pull request to oficial repo. But need core team review to get merged.
Great work here marcelloc. Finally I have wpad hosted with webconfigurator on https.
Any update on the pull request to official repo?
-
Hi, Marcelloc , Is there a step-by-step manual or instuctions for config the GUI of the "wpad" after it is installed?.
Thanks.
