Unofficial WPAD package for pfSense software
-
@ Marcelloc, the package will not install after i run the : sh ./install_wpad_23.sh.
I get this when I run : sh ./install_wpad_23.sh fromthe root directory:
/root: sh ./install_wpad_23.sh
amd64 system
pkg: https://github.com/marcelloc/Unofficial-pfSense-packages/raw/master/repo/pfSense-pkg-Wpad-0.2.3.txz: Not FoundI am on 2.3.4(amd64). Am i doing something wrong?
-
I am on 2.3.4(amd64). Am i doing something wrong?
No. The package info on topic was updated before I had time to update the repo.
https://github.com/marcelloc/Unofficial-pfSense-packages/commit/97a00996dfa0ef4b8dc60e48e9ddbe399eebb7d8
I did it right now, so you can run the install script again.
-
Thank you marcelloc for creating this package. I've been keeping the vhost package alive on my box just for this purpose.
Question, do you know of a quick way to suppress logging to the syslog? Notice its getting filled up as clients are accessing it for the wpad file. I need to dig deeper (wireshark) to see what is really causing it but figured I'd ask since I'm not familiar with nginx
Jun 1 21:04:36 pfsense.home.lan nginx: 2017/06/01 21:04:36 [error] 48243#100253: accept4() failed (53: Software caused connection abort) Jun 1 21:04:00 pfsense.home.lan nginx: 2017/06/01 21:04:00 [error] 48243#100253: accept4() failed (53: Software caused connection abort) Jun 1 21:03:45 pfsense.home.lan nginx: 2017/06/01 21:03:45 [error] 48243#100253: accept4() failed (53: Software caused connection abort) Jun 1 21:03:20 pfsense.home.lan nginx: 2017/06/01 21:03:20 [error] 48243#100253: accept4() failed (53: Software caused connection abort) Jun 1 21:03:11 pfsense.home.lan nginx: 2017/06/01 21:03:11 [error] 48243#100253: accept4() failed (53: Software caused connection abort) Jun 1 21:02:55 pfsense.home.lan nginx: 2017/06/01 21:02:55 [error] 48243#100253: accept4() failed (53: Software caused connection abort)
-
Thank you marcelloc for creating this package. I've been keeping the vhost package alive on my box just for this purpose.
Thanks Cino! :)
Question, do you know of a quick way to suppress logging to the syslog?
Take a look on /usr/local/pkg/wpad_nginx.template file. Change the log destination to a local file for example.
# nginx configuration file user root wheel; worker_processes {$wpad_workers}; pid /var/run/nginx_wpad{$wpad_index}.pid; error_log syslog:server=unix:/var/run/log,facility=local5; events { worker_connections 1024; } . . .
https://www.digitalocean.com/community/tutorials/how-to-configure-logging-and-log-rotation-in-nginx-on-an-ubuntu-vps
-
thank you sir!
Would it be possible to insert the application/x-ns-proxy-autoconfig MIME?
/usr/local/etc/nginx/mime.types
application/x-ns-proxy-autoconfig pac; application/x-ns-proxy-autoconfig dat; application/x-ns-proxy-autoconfig da;
-
Would it be possible to insert the application/x-ns-proxy-autoconfig MIME?
sure! check if new version is fine with mime types.
-
I see what you did there. Smart, it doesn't touch the defaults. Suggestion, remove /t and add 4 spaces. This way its consistent with the rest of the file layout. I dont see any tabs.
-
Hi Marcelloc,
Can you possible give us a full install documentation of this https filtering using wpad. I mean the whole setup. I have not followed this topic since I am new here and I want to know more about this. Thanks
-
Hi Marcelloc,
Can you possible give us a full install documentation of this https filtering using wpad. I mean the whole setup. I have not followed this topic since I am new here and I want to know more about this. Thanks
The first topic has the install instructions. I prefer enabling the Unofficial repo and installing it using GUI, then access services -> wpad and configuring it typing suggested default settings.
-
After configuring wpad it is necessary to configure something more like for example dns host overrides, dhcp, firewall rules or the package takes care of all that?
I am testing it from a subnet called vlan102 and if I configure it in the proxy configuration of url browsers http://pfsense.domain.local/proxy.pac file it works perfectly, but if I activate the autodectection in these browsers then it does not work.
In /usr/local/etc/nginx/nginx_wpad0.conf i see this:server {
listen 10.0.0.1:80;
server_name wpad.localdomain
server name 127.0.0.1
client_max_body_size 200m;I think it is stranger that server name is wpad.localdomain? and 127.0.0.1 ? My lan ip address is 10.0.0.1
These are my rules in this interface (second rule is necessary to load http://pfsense.domain.local/proxy.pac) and all http and https go to 3128 squid port:
Thanks.
-
For autodetect, you need to configure wpad.your.domain.local to resolve fw ip address and also define wpad records on dns.
-
I know how to setting dns records on dns resolver services -> hosts overrides and i write :
host: wpad
domain: domain.local
ip: 10.0.0.1I don't understand what do you mean "you need to configure wpad.your.domain.local to resolve fw ip address". How to ?
Sorry for my english.
Thanks again.
-
That's exactly what you did. Client's browsers will look for proxy.pac file under wpad.you.domain.local/proxy.pac
-
I hope it would have been a full documented setup configuration and not only this unofficial wpad install because subsequently there will be follow up questions related to this setup which will be answered one by one which is unproductive.
ofcourse we do appreciate this wpad easily install.
-
For autodetect, you need to configure wpad.your.domain.local to resolve fw ip address and also define wpad records on dns.
Marcelloc. Please when you have the time, add a note to the Install instructions that we have to make the DNS or DHCP settings for auto-detection. If possible giving an example for the sake of novice users.
-
For autodetect, you need to configure wpad.your.domain.local to resolve fw ip address and also define wpad records on dns.
Marcelloc. Please when you have the time, add a note to the Install instructions that we have to make the DNS or DHCP settings for auto-detection. If possible giving an example for the sake of novice users.
This should help:
https://doc.pfsense.org/index.php/WPAD_Autoconfigure_for_Squid
https://forum.pfsense.org/index.php?topic=112335.0
-
If you would please, we would be very grateful for a more detailed guide.
Thanks. -
Nice! Can you make this package official?
-
Nice! Can you make this package official?
I can submit a pull request to oficial repo. But need core team review to get merged.
-
Nice! Can you make this package official?
I can submit a pull request to oficial repo. But need core team review to get merged.
That would be great!
-
Thanks, great !
-
any news on if this will make it to official package status?
-
Hi,
squid+WPAD bypasses my captive portal. Is there any other way?
Thanks,
Chaz -
Nice! Can you make this package official?
I can submit a pull request to oficial repo. But need core team review to get merged.
Great work here marcelloc. Finally I have wpad hosted with webconfigurator on https.
Any update on the pull request to official repo?
-
Hi, Marcelloc , Is there a step-by-step manual or instuctions for config the GUI of the "wpad" after it is installed?.
Thanks. -
@vicpome , check out this topic
-
@marcelloc said in Unofficial WPAD package for pfSense software:
fetch -q -o /usr/local/etc/pkg/repos/Unofficial.conf https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/Unofficial.24.conf
I logged into SSH, opened Shell, pasted in the 2.4 unofficial repo command and hit enter.
Now when I go to my package manager inside web gui there are no available packages being listed, none at all.
Going to Diagnostics->Edit File and saving "/usr/local/etc/pkg/repos/Unofficial.conf" as a blank file brings my official packages back thankfully.
EDIT:
Solved it, a little searching found that the github repo supplies a patch you must apply so PfSense can display unofficial repos. Check the main page on the github page for more info.
-
That's a lot of hassle with the potential to break pfSense just to configure WPAD, which is simple to configure by hand.
-
@chicago_cs Agradezco tu respuesta, yo ya instale el pack , pero queria saber cuales son los pasos que siguen despues del 7, o sea como completar el "Gui" ya que no me funciona.
Gracias. -
@KOM if you use FW as wpad server, It is to avoid web interface protocol change, that's a secuirty issue
-
@kklouzal said in Unofficial WPAD package for pfSense software:
I logged into SSH, opened Shell, pasted in the 2.4 unofficial repo command and hit enter.
Now when I go to my package manager inside web gui there are no available packages being listed, none at all.
Going to Diagnostics->Edit File and saving "/usr/local/etc/pkg/repos/Unofficial.conf" as a blank file brings my official packages back thankfully.
EDIT:
Solved it, a little searching found that the github repo supplies a patch you must apply so PfSense can display unofficial repos. Check the main page on the github page for more info.
Just to clarify 2.4.4 Install
- System=>Pakages=>Available packages=>System_Patches=>install
- System=>Patches=>add new patch=>244_unofficial_packages_list.patch (download it from https://github.com/marcelloc/Unofficial-pfSense-packages)
- save
- Apply (patch)
fetch -q -o /usr/local/etc/pkg/repos/Unofficial.conf https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/Unofficial.24.conf
- System=>Pakages=>Available packages=>WPAD=>install
- configure wpad from Services=>WPAD
-
@vielfede Sorry, what? I don't understand what you mean. There is no inherent security issue using the firewall as the WPAD source. You're already running a web server on it. Serving up wpad.dat and proxy.pac from it doesn't make it insecure.
-
@KOM said in Unofficial WPAD package for pfSense software:
@vielfede Sorry, what? I don't understand what you mean. There is no inherent security issue using the firewall as the WPAD source. You're already running a web server on it. Serving up wpad.dat and proxy.pac from it doesn't make it insecure.
I think that If you configure WPAD by hand, you have to switch fw web interface from https to http and this is an issue. Or am I wrong?
-
OK, now I see what you mean. No, you're right that WPAD needs an HTTP server. I don't see how a WPAD package gets around that unless it's installing its own http server.
-
@Kom, In the first post there is the answer...
@marcelloc said in Unofficial WPAD package for pfSense software:
Here are install instructions for UNOFFICIAL wpad package for pfSense(R) software 2.3.x
It's based on forum tutorials to configure a second nginx instance to host pac file(s) in http and leave gui on https.
..... -
@marcelloc
I have installed the WPAD package, added the DNS host overrides in the DNS Resolverwpad pfsensedomain.local 192.168.1.1 wpad
added the DHCP additional BOOTP.
number: 252 type: string value: "http://192.168.1.1/wpad.dat" number: 252 type: string value: "http://192.168.1.1/wpad.da" number: 252 type: string value: "http://192.168.1.1/proxy.pac"
pfsense webConfigurator is set to https with webGUI redirect selected
However I am having issues downloading the wpad file
http://192.168.1.1/proxy.pac This site can’t be reached https://192.168.1.1/proxy.pac 404 Not Found nginx http://192.168.1.1/wpad0/proxy.pac This site can’t be reached https://192.168.1.1/wpad0/proxy.pac the pac file downloads
I seem to only be able to download the proxy.pac with
https://192.168.1.1/wpad0/proxy.pac
Am i missing something?
UPDATE: I had the wpad listen port set to the proxy port 3128, changing it to port 80 now downloads the file