WPAD Hosted in Pfsense(HTTP) with Windows Server AD (DNS & DHCP)
-
Hi Guys,
I am now near to be finished in blocking websites using Squid Proxy (SquidGuard).
-
Squid Proxy - already configured
-
SquidGuard - already configured
-
WPAD Files (wpad.dat, wpad.da, proxy.pac) - already in pfsense (/usr/local/www)
-
Pfsense - Running in HTTP in port 8081
Now, I already add a Host in our DNS Server:
-
Host = WPAD
-
FQDN = WPAD.ourdomain.com.ph
-
IP Add = IP add of our pfsense
I also configured 252 string in our DHCP
-
Option name: 252 WPAD
-
String: http//pfsenseIP:8081/wpad.dat
And I already tick it this 252 in:
-
Server Options
-
Scope Options
Yet I could not resolve wpad when I run nslookup in command prompt.
Did I missed something? And if am correct, if your pfsense is running in HTTP, then it can serve the files (wpad) without configuring anything right? -
-
@dotslashniks said in WPAD Hosted in Pfsense(HTTP) with Windows Server AD (DNS & DHCP):
Now, I already add a Host in our DNS Server:
Host = WPAD
FQDN = WPAD.ourdomain.com.ph
IP Add = IP add of our pfsenseHost = WPAD and FQDN = ourdomain.com.ph ?
Or : can you resolve right now WPAD.ourdomain.com.ph from the command line - from your client PC ?Also : have a look at the GUI web server logs : requests are coming in for the wpad file ?
-
Yes. the FQDN is wpad.ourdomain.com.ph
I can't resolve this FQDN.I can't see any logs related to wpad in pfsense log files.
-
@dotslashniks said in WPAD Hosted in Pfsense(HTTP) with Windows Server AD (DNS & DHCP):
I can’t resolve this FQDN.
Well then yeah that is going to be a problem.. If you added the record in your dns, then your clients should resolve it.
-
This should work ....
@dotslashniks said in WPAD Hosted in Pfsense(HTTP) with Windows Server AD (DNS & DHCP):
String: http//pfsenseIP:8081/wpad.dat
IF your pfSense GUI is listening on port 8081, and
IF the pfsense IP (which you are hiding, I wonder why, this is a non routable, "private" IP , I'm using probably the same one - hiding makes no sense) is ok, or .. why not not using the FQDN if the DNS works ..... ? .....Proof :
I created a zero byte file called wpad.dat in /usr/local/www and pointed my browser to it :
My browser doesn't know what to do with this wpad.dat file, so it asks me what to do with it.
Note that I'm using certs, so I have to use a FQDN - and the GUI default GUI is of course 443.
If I was using an IP (the IP of pfSense) the browser will discover a SAN mismatch (the IP is not present in my cert, the FQDN is).
For certs and/or FQDN, DNS must work before you do anything else. -
@gertjan Thank you! I found the problem to my setup and found the solution.
The rule for the pfsense to host WPAD is to used an HTTP. And HTTP is port 80. And we are using port 8081. Though in our setup, the one that is ticked is the HTTP. This port number is the caused why wpad can't be resolved.
I'm going to study on how pfsense will host the wpad without using the default port 80. I guess that I need to install additional package like lighttpd.
Thank you again.
-
@dotslashniks said in WPAD Hosted in Pfsense(HTTP) with Windows Server AD (DNS & DHCP):
I can’t resolve this FQDN.
That has ZERO to do with what port your httpd might be listening on.. From your client can you ping the fqdn and get back the IP of pfsense? If not then you need to fix that before you even worry about what port number.
-
well not sure if he did the part on the windows server to go to regedit and delete the WPAD string on the DNS parameters without doing that it wont work if your running your DNS and DHCP on windows Server
