Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Https filtering using WPAD questions

    Scheduled Pinned Locked Moved Cache/Proxy
    4 Posts 2 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      techbee
      last edited by

      I am new to pfsense and https filtering using wpad.  I read articles here about how to use wpad and how to configure them.

      First, I noticed that I need a CA certificate and I need to export and import the certificate to the work station internet explorer.
      That would be ok if the work stations or computers can be managed, but what if that users is a public user like wifi or users of BYOD.
      Does that mean, I need to install the self generated CA certificate?  Possible work around is to have or purchase a certificate which any
      browser had already have installed certificates on it.

      Second, I noticed that after configuring the DNS for wpad, there is a need to configure the workstation or device network configuration on DNS suffix so that when you ping wpad it will return the ip address.  I cant possibly configure public and all BYOD users dns suffix on their device network configuration.  I cant find a solution for this.

      But that was just my problem, probably you guys have already had a solution for those.  May I ask, how do you resolved those problems stated above.

      Thanks

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        @techbee:

        I need to install the self generated CA certificate?

        Yes

        @techbee:

        Possible work around is to have or purchase a certificate which any browser had already have installed certificates on it.

        No because the certificate you create is no a server certificate, it's a certificate authority.

        @techbee:

        Second, I noticed that after configuring the DNS for wpad, there is a need to configure the workstation or device network configuration on DNS suffix so that when you ping wpad it will return the ip address.  I cant possibly configure public and all BYOD users dns suffix on their device network configuration.  I cant find a solution for this.

        Yes. you can push dns suffix using dhcp

        Take a look on squid package and the splice all ssl transparent interception. It will not intercept the connection but will check sites and acls under every https certificate requested.

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • T
          techbee
          last edited by

          Hi Marcelloc,

          Can you kindly direct me. I dont know much about wpad and https filtering but I am here to learn. Thanks again.

          What I understood was, if I choose splice all, I dont need to install the CA cert to clients, am I right?
          On the other hand, I dont know how to push dns suffix using dhcp or maybe I get it the wrong way.

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            @techbee:

            What I understood was, if I choose splice all, I dont need to install the CA cert to clients, am I right?

            Yes, that's it.

            @techbee:

            On the other hand, I dont know how to push dns suffix using dhcp or maybe I get it the wrong way.

            take a look or search for dns dhcp options. BTW, if you're going to configure squid splice all, it can be in transparent mode. this way, you do not need a wpad file. Mobile devices ignores wpad configuration too.

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.