Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Unofficial WPAD package for pfSense software

    Cache/Proxy
    17
    50
    7897
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • marcelloc
      marcelloc last edited by

      Here are install instructions for UNOFFICIAL wpad package for pfSense(R) software 2.3.x

      It's based on forum tutorials to configure a second nginx instance to host pac file(s) in http and leave gui on https.

      Under console/ssh, fetch the install script, check what it does if you want and then execute it.

      Install
      You can enable Unoffical repo creating or downloading the file below:

      2.3 AMD64

      
      fetch -q -o /usr/local/etc/pkg/repos/Unofficial.conf https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/Unofficial.conf
      
      

      2.3 I386

      
      fetch -q -o /usr/local/etc/pkg/repos/Unofficial.conf https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/Unofficiali386.conf
      
      

      2.4

      
      fetch -q -o /usr/local/etc/pkg/repos/Unofficial.conf https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/Unofficial.24.conf
      
      

      After fetching the repo file, you can see these packages under System -> Package Manager

      Without enabling Unofficial repo, you can add it using console/ssh with

      
      cd /root
      fetch https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/pkg-wpad/files/install_wpad_23.sh
      sh ./install_wpad_23.sh
      
      

      Manual Remove/uninstall

      
      pkg delete pfSense-pkg-Wpad
      
      

      Once it finishes, all must be in place. If you do not see the menu after it finishes, try to install any pfSense package from GUI, like cron for example.

      WARNING

      Use it at your own risk.

      This script does not install packages from freebsd.



      V 1 Reply Last reply Reply Quote 0
      • P
        pfsensation last edited by

        This is amazing! Finally I can revert my web configurator back to HTTPS. I'll test this soon! :D

        Thanks again for all the brilliant work Marcello <3

        1 Reply Last reply Reply Quote 0
        • marcelloc
          marcelloc last edited by

          @pfsensation:

          This is amazing! Finally I can revert my web configurator back to HTTPS. I'll test this soon! :D

          Thanks again for all the brilliant work Marcello <3

          Thanks!  ;D

          I did a small update right know to copy sgerror.php file(if exists) to the new nginx wpad instance dir.

          1 Reply Last reply Reply Quote 0
          • X
            xchaz last edited by

            Hi,

            I have set this up. I am using squid transparent proxy. Unauthenticated users can access the internet by entering the squid proxy:port on all devices. Do you have a fix for this?

            Thanks!

            1 Reply Last reply Reply Quote 0
            • marcelloc
              marcelloc last edited by

              @xchaz:

              I have set this up. I am using squid transparent proxy. Unauthenticated users can access the internet by entering the squid proxy:port on all devices. Do you have a fix for this?

              wpad will send squid proxy:port to the clients. You have to configure an authentication under squid to deny unauthenticated users to access the internet.

              This is more a squid question then a wpad one. It's better to open a specific topic for it.

              1 Reply Last reply Reply Quote 0
              • J
                jetberrocal last edited by

                Should I set the webgui to https before running the script or it will make the change for me?

                1 Reply Last reply Reply Quote 0
                • J
                  jetberrocal last edited by

                  @jetberrocal:

                  Should I set the webgui to https before running the script or it will make the change for me?

                  It seems that does not do the change for me.  I had to do it manually.

                  Anyway, I am missing something, because I cant find the file on my browser.

                  I saw that the file is created in /usr/local/www/wpad0/ folder.  It is named proxy.pac but has symlinks to wpad.dat and wpad.da

                  I tried to download the file by entering in the browser "http://pfsense/wpad0/wpad.dat" and tried "http://pfsense/wpad.dat", but get a "File Not Found" error in the browser.

                  1 Reply Last reply Reply Quote 0
                  • marcelloc
                    marcelloc last edited by

                    @jetberrocal:

                    Should I set the webgui to https before running the script or it will make the change for me?

                    Manual. Set it to https and disable web gui redirect

                    1 Reply Last reply Reply Quote 0
                    • marcelloc
                      marcelloc last edited by

                      @jetberrocal:

                      I tried to download the file by entering in the browser "http://pfsense/wpad0/wpad.dat" and tried "http://pfsense/wpad.dat", but get a "File Not Found" error in the browser.

                      Http://pfsense/proxy.pac without the wpad0 dir

                      1 Reply Last reply Reply Quote 0
                      • J
                        jetberrocal last edited by

                        @marcelloc:

                        @jetberrocal:

                        I tried to download the file by entering in the browser "http://pfsense/wpad0/wpad.dat" and tried "http://pfsense/wpad.dat", but get a "File Not Found" error in the browser.

                        Http://pfsense/proxy.pac without the wpad0 dir

                        Right now I cant test it, but why enter http twice?
                        In debian webserver I dont have to do that to download the file

                        1 Reply Last reply Reply Quote 0
                        • marcelloc
                          marcelloc last edited by

                          @jetberrocal:

                          Right now I cant test it, but why enter http twice?

                          Cellphone keyboard trying to be smart

                          1 Reply Last reply Reply Quote 0
                          • J
                            jetberrocal last edited by

                            @marcelloc:

                            @jetberrocal:

                            Right now I cant test it, but why enter http twice?

                            Cellphone keyboard trying to be smart

                            Machine is turn off. Have to wait.

                            1 Reply Last reply Reply Quote 0
                            • J
                              jetberrocal last edited by

                              @marcelloc:

                              @jetberrocal:

                              I tried to download the file by entering in the browser "http://pfsense/wpad0/wpad.dat" and tried "http://pfsense/wpad.dat", but get a "File Not Found" error in the browser.

                              Http://pfsense/proxy.pac without the wpad0 dir

                              Just tried to do http://Http://pfsense/proxy.pac.  Did not work.  Tried http://pfsense/proxy.pac, this worked.  So the problem are the symlinks.

                              1 Reply Last reply Reply Quote 0
                              • J
                                jetberrocal last edited by

                                @jetberrocal:

                                @marcelloc:

                                @jetberrocal:

                                I tried to download the file by entering in the browser "http://pfsense/wpad0/wpad.dat" and tried "http://pfsense/wpad.dat", but get a "File Not Found" error in the browser.

                                Http://pfsense/proxy.pac without the wpad0 dir

                                Just tried to do http://Http://pfsense/proxy.pac.  Did not work.  Tried http://pfsense/proxy.pac, this worked.  So the problem are the symlinks.

                                Since this was a test VM I went back before installing the wpad pkg.  Make the webgui https before installing wpad.  Installed wpad and did the config for one proxy.pac.

                                Tried again with http://pfsense/wpad.dat and it worked.

                                So actually is important to make the webgui https before installing.

                                Maybe there should be an abort message in the script making the advice to do the change before running the script in full.

                                1 Reply Last reply Reply Quote 0
                                • marcelloc
                                  marcelloc last edited by

                                  The package will install but will not enable if you have https and redirect checkbox selected under advanced settings.

                                  I'll include a test for http only configured firewall even if package description says it's useful to keep gui on https and have wpad on http.

                                  1 Reply Last reply Reply Quote 0
                                  • C
                                    cewjr9842 last edited by

                                    @ Marcelloc, the package will not install after i run the : sh ./install_wpad_23.sh.

                                    I get this when I run : sh ./install_wpad_23.sh fromthe root directory:

                                    /root: sh ./install_wpad_23.sh
                                    amd64 system
                                    pkg: https://github.com/marcelloc/Unofficial-pfSense-packages/raw/master/repo/pfSense-pkg-Wpad-0.2.3.txz: Not Found

                                    I am on 2.3.4(amd64). Am i doing something wrong?

                                    1 Reply Last reply Reply Quote 0
                                    • marcelloc
                                      marcelloc last edited by

                                      @cewjr9842:

                                      I am on 2.3.4(amd64). Am i doing something wrong?

                                      No. The package info on topic was updated before I had time to update the repo.

                                      https://github.com/marcelloc/Unofficial-pfSense-packages/commit/97a00996dfa0ef4b8dc60e48e9ddbe399eebb7d8

                                      I did it right now, so you can run the install script again.

                                      1 Reply Last reply Reply Quote 0
                                      • C
                                        Cino last edited by

                                        Thank you marcelloc for creating this package. I've been keeping the vhost package alive on my box just for this purpose.

                                        Question,  do you know of a quick way to suppress logging to the syslog? Notice its getting filled up as clients are accessing it for the wpad file. I need to dig deeper (wireshark) to see what is really causing it but figured I'd ask since I'm not familiar with nginx

                                        
                                        Jun 1 21:04:36 	pfsense.home.lan 		nginx: 2017/06/01 21:04:36 [error] 48243#100253: accept4() failed (53: Software caused connection abort)
                                        Jun 1 21:04:00 	pfsense.home.lan 		nginx: 2017/06/01 21:04:00 [error] 48243#100253: accept4() failed (53: Software caused connection abort)
                                        Jun 1 21:03:45 	pfsense.home.lan 		nginx: 2017/06/01 21:03:45 [error] 48243#100253: accept4() failed (53: Software caused connection abort)
                                        Jun 1 21:03:20 	pfsense.home.lan 		nginx: 2017/06/01 21:03:20 [error] 48243#100253: accept4() failed (53: Software caused connection abort)
                                        Jun 1 21:03:11 	pfsense.home.lan 		nginx: 2017/06/01 21:03:11 [error] 48243#100253: accept4() failed (53: Software caused connection abort)
                                        Jun 1 21:02:55 	pfsense.home.lan 		nginx: 2017/06/01 21:02:55 [error] 48243#100253: accept4() failed (53: Software caused connection abort) 
                                        
                                        
                                        1 Reply Last reply Reply Quote 0
                                        • marcelloc
                                          marcelloc last edited by

                                          @Cino:

                                          Thank you marcelloc for creating this package. I've been keeping the vhost package alive on my box just for this purpose.

                                          Thanks Cino!  :)

                                          @Cino:

                                          Question,  do you know of a quick way to suppress logging to the syslog?

                                          Take a look on /usr/local/pkg/wpad_nginx.template file. Change the log destination to a local file for example.

                                          # nginx configuration file
                                                  user  root wheel;
                                                  worker_processes  {$wpad_workers};
                                                  pid     /var/run/nginx_wpad{$wpad_index}.pid;
                                                  error_log  syslog:server=unix:/var/run/log,facility=local5;
                                                  events {
                                                      worker_connections  1024;
                                                  }
                                          .
                                          .
                                          .
                                          
                                          

                                          https://www.digitalocean.com/community/tutorials/how-to-configure-logging-and-log-rotation-in-nginx-on-an-ubuntu-vps

                                          1 Reply Last reply Reply Quote 0
                                          • C
                                            Cino last edited by

                                            thank you sir!

                                            Would it be possible to insert the application/x-ns-proxy-autoconfig MIME?

                                            /usr/local/etc/nginx/mime.types

                                            
                                                application/x-ns-proxy-autoconfig     pac;
                                                application/x-ns-proxy-autoconfig     dat;
                                                application/x-ns-proxy-autoconfig     da;
                                            
                                            
                                            1 Reply Last reply Reply Quote 0
                                            • marcelloc
                                              marcelloc last edited by

                                              @Cino:

                                              Would it be possible to insert the application/x-ns-proxy-autoconfig MIME?

                                              sure! check if new version is fine with mime types.

                                              1 Reply Last reply Reply Quote 0
                                              • C
                                                Cino last edited by

                                                I see what you did there. Smart, it doesn't touch the defaults. Suggestion, remove /t and add 4 spaces. This way its consistent with the rest of the file layout. I dont see any tabs.

                                                1 Reply Last reply Reply Quote 0
                                                • T
                                                  techbee last edited by

                                                  Hi Marcelloc,

                                                  Can you possible give us a full install documentation of this https filtering using wpad. I mean the whole setup.  I have not followed this topic since I am new here and I want to know more about this.  Thanks

                                                  1 Reply Last reply Reply Quote 0
                                                  • marcelloc
                                                    marcelloc last edited by

                                                    @techbee:

                                                    Hi Marcelloc,

                                                    Can you possible give us a full install documentation of this https filtering using wpad. I mean the whole setup.  I have not followed this topic since I am new here and I want to know more about this.  Thanks

                                                    The first topic has the install instructions. I prefer enabling the Unofficial repo and installing it using GUI, then access services -> wpad and configuring it typing suggested default settings.

                                                    1 Reply Last reply Reply Quote 0
                                                    • J
                                                      jopeme last edited by

                                                      After configuring wpad it is necessary to configure something more like for example dns host overrides, dhcp, firewall rules or the package takes care of all that?

                                                      I am testing it from a subnet called vlan102 and if I configure it in the proxy configuration of url browsers http://pfsense.domain.local/proxy.pac file it works perfectly, but if I activate the autodectection in these browsers then it does not work.
                                                      In /usr/local/etc/nginx/nginx_wpad0.conf i see this:

                                                      server {
                                                                      listen 10.0.0.1:80;
                                                                      server_name wpad.localdomain
                                                                      server name 127.0.0.1
                                                                      client_max_body_size 200m;

                                                      I think it is stranger that server name is wpad.localdomain? and 127.0.0.1 ? My lan ip address is 10.0.0.1

                                                      These are my rules in this interface (second rule is necessary to load http://pfsense.domain.local/proxy.pac) and all http and https go to 3128 squid port:

                                                      Thanks.

                                                      1 Reply Last reply Reply Quote 0
                                                      • marcelloc
                                                        marcelloc last edited by

                                                        For autodetect, you need to configure wpad.your.domain.local to resolve fw ip address and also define wpad records on dns.

                                                        1 Reply Last reply Reply Quote 0
                                                        • J
                                                          jopeme last edited by

                                                          I know how to setting dns records on dns resolver services -> hosts overrides and i write :
                                                          host: wpad
                                                          domain: domain.local
                                                          ip: 10.0.0.1

                                                          I don't understand what do you mean "you need to configure wpad.your.domain.local to resolve fw ip address". How to ?

                                                          Sorry for my english.

                                                          Thanks again.

                                                          1 Reply Last reply Reply Quote 0
                                                          • marcelloc
                                                            marcelloc last edited by

                                                            That's exactly what you did. Client's browsers will look for proxy.pac file under wpad.you.domain.local/proxy.pac

                                                            1 Reply Last reply Reply Quote 0
                                                            • T
                                                              techbee last edited by

                                                              I hope it would have been a full documented setup configuration and not only this unofficial wpad install because subsequently there will be follow up questions related to this setup which will be answered one by one which is unproductive.

                                                              ofcourse we do appreciate this wpad easily install.

                                                              1 Reply Last reply Reply Quote 0
                                                              • J
                                                                jetberrocal last edited by

                                                                @marcelloc:

                                                                For autodetect, you need to configure wpad.your.domain.local to resolve fw ip address and also define wpad records on dns.

                                                                Marcelloc.  Please when you have the time, add a note to the Install instructions that we have to make the DNS or DHCP settings for auto-detection.  If possible giving an example for the sake of novice users.

                                                                1 Reply Last reply Reply Quote 0
                                                                • C
                                                                  Cino last edited by

                                                                  @jetberrocal:

                                                                  @marcelloc:

                                                                  For autodetect, you need to configure wpad.your.domain.local to resolve fw ip address and also define wpad records on dns.

                                                                  Marcelloc.  Please when you have the time, add a note to the Install instructions that we have to make the DNS or DHCP settings for auto-detection.  If possible giving an example for the sake of novice users.

                                                                  This should help:

                                                                  https://doc.pfsense.org/index.php/WPAD_Autoconfigure_for_Squid

                                                                  https://forum.pfsense.org/index.php?topic=112335.0

                                                                  1 Reply Last reply Reply Quote 0
                                                                  • J
                                                                    jopeme last edited by

                                                                    If you would please, we would be very grateful for a more detailed guide.
                                                                    Thanks.

                                                                    1 Reply Last reply Reply Quote 0
                                                                    • B
                                                                      Bigdaddy168 last edited by

                                                                      Nice! Can you make this package official?

                                                                      1 Reply Last reply Reply Quote 0
                                                                      • marcelloc
                                                                        marcelloc last edited by

                                                                        @Bigdaddy168:

                                                                        Nice! Can you make this package official?

                                                                        I can submit a pull request to oficial repo. But need core team review to get merged.

                                                                        1 Reply Last reply Reply Quote 0
                                                                        • B
                                                                          Bigdaddy168 last edited by

                                                                          @marcelloc:

                                                                          @Bigdaddy168:

                                                                          Nice! Can you make this package official?

                                                                          I can submit a pull request to oficial repo. But need core team review to get merged.

                                                                          That would be great!

                                                                          1 Reply Last reply Reply Quote 0
                                                                          • M
                                                                            muhammet last edited by

                                                                            Thanks, great !

                                                                            1 Reply Last reply Reply Quote 0
                                                                            • W
                                                                              warmadmax last edited by

                                                                              any news on if this will make it to official package status?

                                                                              1 Reply Last reply Reply Quote 0
                                                                              • X
                                                                                xchaz last edited by

                                                                                Hi,

                                                                                squid+WPAD bypasses my captive portal. Is there any other way?

                                                                                Thanks,
                                                                                Chaz

                                                                                1 Reply Last reply Reply Quote 0
                                                                                • A
                                                                                  asterix last edited by

                                                                                  @marcelloc:

                                                                                  @Bigdaddy168:

                                                                                  Nice! Can you make this package official?

                                                                                  I can submit a pull request to oficial repo. But need core team review to get merged.

                                                                                  Great work here marcelloc. Finally I have wpad hosted with webconfigurator on https.

                                                                                  Any update on the pull request to official repo?

                                                                                  1 Reply Last reply Reply Quote 0
                                                                                  • V
                                                                                    vicpome last edited by

                                                                                    Hi, Marcelloc , Is there a step-by-step manual or instuctions for config the GUI of the "wpad" after it is installed?.
                                                                                    Thanks.

                                                                                    C 1 Reply Last reply Reply Quote 0
                                                                                    • First post
                                                                                      Last post

                                                                                    Products

                                                                                    • Platform Overview
                                                                                    • TNSR
                                                                                    • pfSense
                                                                                    • Appliances

                                                                                    Services

                                                                                    • Training
                                                                                    • Professional Services

                                                                                    Support

                                                                                    • Subscription Plans
                                                                                    • Contact Support
                                                                                    • Product Lifecycle
                                                                                    • Documentation

                                                                                    News

                                                                                    • Media Coverage
                                                                                    • Press
                                                                                    • Events

                                                                                    Resources

                                                                                    • Blog
                                                                                    • FAQ
                                                                                    • Find a Partner
                                                                                    • Resource Library
                                                                                    • Security Information

                                                                                    Company

                                                                                    • About Us
                                                                                    • Careers
                                                                                    • Partners
                                                                                    • Contact Us
                                                                                    • Legal
                                                                                    Our Mission

                                                                                    We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                                                                                    Subscribe to our Newsletter

                                                                                    Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                                                                                    © 2021 Rubicon Communications, LLC | Privacy Policy