OPNsense Forum

English Forums => Web Proxy Filtering and Caching => Topic started by: jp26198926 on March 09, 2018, 12:54:36 am

Title: WPAD inquiry
Post by: jp26198926 on March 09, 2018, 12:54:36 am: Hi Sir,

i found this opnsense by accident and i read the documentation and it looks good.

may i know if you have a step by step wpad setup in opnsense?

in pfsense i mostly rely on wpad and squidguard to filter https content w/o changing settings in the client side. i just want to know if that is still applicable in opensense?

Thanks,
Title: Re: WPAD inquiry
Post by: fabian on March 09, 2018, 08:19:19 am: Quote from: jp26198926 on March 09, 2018, 12:54:36 am
in pfsense i mostly rely on wpad and squidguard to filter https content w/o changing settings in the client side. i just want to know if that is still applicable in opensense?

* squidguard is not supported - content is filtered using native acls of squid
* WPAD is open as a Pull Request on GitHub. You can apply the patch manually but if you don't know how it is done, you may break your proxy config so I would suggest you to wait until it is merged. As an alternative, you can configure the Proxy as a transparent proxy:
https://docs.opnsense.org/manual/how-tos/proxytransparent.html
Title: Re: WPAD inquiry
Post by: mimugmail on March 09, 2018, 09:45:58 am: Quote from: fabian on March 09, 2018, 08:19:19 am
Quote from: jp26198926 on March 09, 2018, 12:54:36 am
in pfsense i mostly rely on wpad and squidguard to filter https content w/o changing settings in the client side. i just want to know if that is still applicable in opensense?

* squidguard is not supported - content is filtered using native acls of squid
* WPAD is open as a Pull Request on GitHub. You can apply the patch manually but if you don't know how it is done, you may break your proxy config so I would suggest you to wait until it is merged. As an alternative, you can configure the Proxy as a transparent proxy:
https://docs.opnsense.org/manual/how-tos/proxytransparent.html

Fabian, do you know why it's not yet merged? A client was asking yesterday about WPAD :)
Title: Re: WPAD inquiry
Post by: fabian on March 09, 2018, 10:51:52 am: Quote from: mimugmail on March 09, 2018, 09:45:58 am
Fabian, do you know why it's not yet merged? A client was asking yesterday about WPAD :)

Probably due to limited time of Franco. FYI This is what you need:

https://github.com/opnsense/core/pull/2018 - Proxy PAC (required component)
https://github.com/opnsense/core/pull/2088 - WPAD via DHCP (optional component -> this way Windows detects the proxy; requires DNS support)
https://github.com/opnsense/core/pull/2097 - WPAD via DNS (suggested component -> this way Firefox detects the proxy)
Title: Re: WPAD inquiry
Post by: jp26198926 on March 09, 2018, 11:56:52 pm: Hi @frabian,

Thanks for the info. it's highly appreciated.

i have 1 query on the link you provide. https://docs.opnsense.org/manual/how-tos/proxytransparent.html

what if i do not do the Step 8 - Configure OS/Browser on the client side, would the https sites still be filtered?

Thanks,
Title: Re: WPAD inquiry
Post by: fabian on March 10, 2018, 12:06:24 am: Quote from: jp26198926 on March 09, 2018, 11:56:52 pm
what if i do not do the Step 8 - Configure OS/Browser on the client side, would the https sites still be filtered?

yes but you would permanently get error messages like "This connection is untrusted", "Signed by an unknown issuer" etc.

In other words it makes the web hard to use.
Title: Re: WPAD inquiry
Post by: franco on March 11, 2018, 09:00:27 am: We will pick this up soon. 18.1 is in a solid state to receive new features now. :)

Cheers,
Franco