Hi Dan,
Because I am looking at how OPNsense is working.
Michel-André
Well, you need a few DNS entries.
On OPNsense, you can use unbound, that is quite capable.
On NethServer, use the internal DNS.
Create an entry with FQDN for the host where the proxy is running on (NethServer or OPNsense).
Create an Alias for proxy.yourdomain.com and wpad.yourdomain.com (replace as needed…).
WPAD must be accessible via web under the url wpad.yourdomain.com/proxy.pac
On your NethServer this also works using just the IP/proxy.pac.
NethServer has a built in WPAD file (proxy.pac), you can use this as starters.
WPAD is quite powerful, see google for a few examples. It’s also quite old and can have security issues, but as long as you’re using it on your own network, it’s ok. A lot of large companies use this.
proxy.pac is a simple text file with some JS. You can use your preferred editor.
Note:
For security reasons, it’s actually a good idea to use WPAD in any network. If WPAD is set in DNS, that takes higher priority than eg a hacker with a linux notebook, (called wpad) and running apache and squid… Classic Man in the Middle attack.
However if it’s set in DNS, that takes priority over anything the notebook may propagate…
-> Better security!
Andy
1 Like
Hi all,
After trying many different scenarios, it is finally working and giving the right Let’s Encrypt certificate using: https://docs.netgate.com/pfsense/en/latest/nat/accessing-port-forwards-from-local-networks.html.
I just issue a certificate using acme.sh for wordpress.toto-101.com and another cert to opnsense.toto-101.com. No need to transfer any cert to OPNsense server.
But it is kind of slow to answer and display the page.
Also, it is not answering https://wordpress.toto-10.com. I have to use www.
I had no luck with unbound but I would like to use it if I can find a detailed tutorial.
Michel-André