WPAD inquiry

Started by jp26198926, March 09, 2018, 12:54:36 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 09, 2018, 12:54:36 AM Last Edit: March 09, 2018, 12:57:10 AM by jp26198926
Hi Sir,

i found this opnsense by accident and i read the documentation and it looks good.

may i know if you have a step by step wpad setup in opnsense?

in pfsense i mostly rely on wpad and squidguard to filter https content w/o changing settings in the client side. i just want to know if that is still applicable in opensense?

Thanks,
March 09, 2018, 08:19:19 AM #1
Quote from: jp26198926 on March 09, 2018, 12:54:36 AM
in pfsense i mostly rely on wpad and squidguard to filter https content w/o changing settings in the client side. i just want to know if that is still applicable in opensense?

* squidguard is not supported - content is filtered using native acls of squid
* WPAD is open as a Pull Request on GitHub. You can apply the patch manually but if you don't know how it is done, you may break your proxy config so I would suggest you to wait until it is merged. As an alternative, you can configure the Proxy as a transparent proxy:
https://docs.opnsense.org/manual/how-tos/proxytransparent.html
March 09, 2018, 09:45:58 AM #2
Quote from: fabian on March 09, 2018, 08:19:19 AM
Quote from: jp26198926 on March 09, 2018, 12:54:36 AM
in pfsense i mostly rely on wpad and squidguard to filter https content w/o changing settings in the client side. i just want to know if that is still applicable in opensense?

* squidguard is not supported - content is filtered using native acls of squid
* WPAD is open as a Pull Request on GitHub. You can apply the patch manually but if you don't know how it is done, you may break your proxy config so I would suggest you to wait until it is merged. As an alternative, you can configure the Proxy as a transparent proxy:
https://docs.opnsense.org/manual/how-tos/proxytransparent.html

Fabian, do you know why it's not yet merged? A client was asking yesterday about WPAD :)
March 09, 2018, 10:51:52 AM #3
Quote from: mimugmail on March 09, 2018, 09:45:58 AM
Fabian, do you know why it's not yet merged? A client was asking yesterday about WPAD :)

Probably due to limited time of Franco. FYI This is what you need:


https://github.com/opnsense/core/pull/2018 - Proxy PAC (required component)
https://github.com/opnsense/core/pull/2088 - WPAD via DHCP (optional component -> this way Windows detects the proxy; requires DNS support)
https://github.com/opnsense/core/pull/2097 - WPAD via DNS (suggested component -> this way Firefox detects the proxy)
March 09, 2018, 11:56:52 PM #4
Hi @frabian,

Thanks for the info. it's highly appreciated.

i have 1 query on the link you provide. https://docs.opnsense.org/manual/how-tos/proxytransparent.html

what if i do not do the Step 8 - Configure OS/Browser on the client side, would the https sites still be filtered?

Thanks,
March 10, 2018, 12:06:24 AM #5
Quote from: jp26198926 on March 09, 2018, 11:56:52 PM
what if i do not do the Step 8 - Configure OS/Browser on the client side, would the https sites still be filtered?

yes but you would permanently get error messages like "This connection is untrusted", "Signed by an unknown issuer" etc.

In other words it makes the web hard to use.
March 11, 2018, 09:00:27 AM #6
We will pick this up soon. 18.1 is in a solid state to receive new features now. :)


Cheers,
Franco
Print
Go Up Pages1
User actions