Hi all,
I have potentially a somewhat silly question, so please bear with me.
I have read through this Wiki: www.ipfire.org - Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC) and I fully understand how to implement it on IPFire, my question is how does the browser/OS (Windows 10 in my case) “install/read” the wpad.dat and wpad.pac file? I am looking to set up an IPFire box at a company with 40-odd users, so I absolutely need it to be fully automatic and not have to manually configure each and every PC, if at all possible. By fully automatic I mean that I go install the IPFire box, configure it as per the Wiki and then whenever a user opens their browser, the automatic configuration as set by DHCP just kicks in.
See the Distribution by DNS section. A browser will automatically start doing http lookups from one level up from your fully qualified machine name with a subdomain of wpad in front. so if your machine is my_machine.mydomain.com, it will strip the my_machine and replace it with wpad and look for a file wpad.dat in wpad.mydomain.com. I believe if you use an internal domain (e.g.for AD) of ad.mydomain.com, it will try wpad.ad.mydomain.com and then wpad.mydomain.com., all on port 80.
If you use the DHCP option, then, if the machine gets its IP address by DHCP, then the DHCP server can had out the URL of the wpad.dat file directly including the port number. This does not work if the machine has a static IP.
The browser “just does this” if it is set to automatic proxy detection. In Firefox this would be Tools > Settings > General > Network > “Auto-detect proxy settings” for this network. it may also work with “Use system proxy settings” if they are set up to autodetect.
1 Like
@nickh Thank you for your reply. I am a bit hesitant to use the DNS option as I am not keen to modify/add any files to the IPFire setup. Just my personal concern, so I would rather go with the DHCP option. The PCs at the company are all assigned IP addresses by DHCP as far as I am aware. If I have no other choice, however, I will attempt the DNS option. It is just the “firewall-redirect-rule” that I do not know how to set up, but I will investigate this, I may have found one in another thread/topic.
Hi all, this thread can be closed. I have tried various configurations of the Web Proxy, with the WPAD files supplied via DHCP and am not winning currently. I completely lost connection after putting in the 3 configuration options in DHCP settings, as per the wiki, so I will have to start my investigation from there. Luckily, this is on a test system at home, so for now I have simply completely disabled the Web Proxy until I can better understand how this all works.
Hi all,
Just wanted to report back on getting my Web Proxy working, as per my previous thread: Automatic proxy configuration using DHCP/DNS - #5.
After re-doing all the settings as per this topic: Configure authentication with a local username and password - #13 by cfusco and then completely restarting the IPFire box, I can confirm that so far everything is working great. Seems just a little concentration is needed to get the correct setup. Thank you to all that assisted.
3 Likes
Seems I spoke a little too soon. Various apps on my cellphone have now stopped working with the Proxy enabled, such as my banking app, Google Play Store and Galaxy Store. I have disabled everything again, but I do not know how I am going to troubleshoot these issues as I cannot seem to find anything in the logs to indicate why these apps are suddenly being blocked or even what ports I might need to open for the banking app, Play Store etc. I tried adding the cellphone IP address (it is a fixed IP address lease assigned by DHCP) to the “network based access control” part under unrestricted IP addresses, but no go. I even tried adding the Wi-Fi Access point IP address (this is a static IP address) but again, no go. Very frustrated currently.
Update: I have a Samsung Galaxy S8+, so this information is relevant to my phone specifically, however, it may assist others with similar issues on other mobile devices. So, after re-enabling the web proxy and URL filter and doing a “manual” configuration on the S8+ for the proxy, which in my case is hostname of the IPFire box and the port, 800, I can now confirm that the three apps mentioned above, banking app, Google Play Store and Samsung Store, all work correctly and I can see the connections in the proxy logs. So it seems that the proxy.pac file is the blocking culprit here? Really not sure, but all is working, so all good. Is there some way to check what is contained in either the proxy.pac or wpad.dat files to get a better idea of what might block the three apps mentioned?
The files are stored in the directory
/srv/web/ipfire/html/
The proxy.pac is the file with actual content and wpad.dat is a symlink to proxy.pac
Which auto config process were you trying with your phone.
As per the IPFire documentation Firefox is able to use both DHCP and DNS. This has been the case since Firefox 63.
However, as far as I am aware it is known that Internet Explorer and Chrome both work with the DHCP config approach but no one on the forum using Chrome or Internet Explorer have mentioned that the DNS options works with either of them.
https://www.ipfire.org/docs/configuration/network/proxy/extend/wpad#browser-support
1 Like
@bonnietwin I was trying the DHCP auto-config option, however, on my phone, the URL has to be explicitly entered into the Wi-Fi Advanced configuration, otherwise it just seems to bypass the proxy completely. I have not tried the DNS option yet, as to be honest, it seems a lot more work. With regards to the browsers, I had no problem with the browser on my phone, which is Brave, it was only the three apps mentioned that gave issues of not connecting when using the proxy.pac configuration.
In Android, if I go to Network Settings > Edit > Advanced, I have a Proxy dropdown witht he options None, Manual and Proxy Auto-config. You may have to change it manually for a current connection or forget your current connection.
I have not been able to determine whether it uses the DHCP or DNS method or both. Why not do both as a belt and braces solution?
1 Like
@nickh Yes, those are the same three options I have as well and that is exactly what I did, use the “manual” option, as explained above.
As regards using both the DHCP and the DNS method, as explained, I am a bit hesitant to go with the DNS method as I do not want to mess with settings via the Command line, in case I do something wrong. The DHCP method is easy and simple, so I stick with that.
1 Like
I have the DHCP approach working with my Samsung A20e Android11 phone.
I have the dhcp options defined on the DHCP Server WUI , as specified in the IPFire documentation.
On the Samsung Android phone I select the Proxy option to auro-config and then add the url for the proxy.pac file as here
http://ipfire.domain.org.:81/proxy.pac
For the Samsung phone I have it requires the proxy.pac file rather than the wpad.dat file. When I try to use the wpad.dat file the phone adds the .pac extension so the file ends up being wpad.dat.pac
Both the wpad.dat and proxy.pac point to the same file data.
With the proxy.pac file url the samsung phone was happy with that and the urls accessed can be seen in the IPFire WUI menu Logs - Proxy Logs.
Make sure you were not using an https url for the proxy.pac file as the IPFire wpad.dat and proxy.pac files are http urls.
My Samsung has an example entry for the PAC web address that uses https.
With the above I can see the Top Level Domain (TLD) browsing I was doing, in the Proxy Logs file, presuming that you have the Proxy Logging enabled.
1 Like
@bonnietwin Thank you, yes ,I know that the URL is specific, in my case I was using http://192.168.0.1:81/proxy.pac. This seems to cause the issues with my banking app, etc as laid out above. When I use the “manual” configuration of the phone, that is inserting the hostname (home-ipfire.gmcomputers.co.za) and the port (800) then all works wonderfully. That is why I was asking if one could see what is in the files, in order to ascertain what exactly is causing those apps to be blocked.
I gave the directory location in comment 10.
1 Like