So maybe linux mashines doesnot want to add WPAD file for provisioning, Windows client work like a charm.
1 Like
Everything works fine with DHCP telling clients to use NS for DNS. WPAD doesn’t work when I change to different DNS. Why?
You’re right. I just tested with a Windows 7 VM and it works fine.
However, it seems like this line of /etc/e-smith/templates/etc/dnsmasq.conf/25wpad is causing a reliance on DNS rather than specifying the IP:
`$OUT.="dhcp-option=252,http://$SystemName.$DomainName/wpad.dat\n\n\n";`
I’m not sure why manually pointing the hostname in an A record in whatever DNS server the client is using doesn’t resolve it, but either way, shouldn’t this as well as the contents of the wpad.dat file be changed to an IP address rather than hostname?
Edit: another point worth mentioning is that while the browser does work in Windows, Windows Update does not work. So there’s obviously still an issue; likely the issue is what I stated above.
in your screenshot there is 8.8.8.8 DNS , in your network you should use NS ip for DNS it is very strict because your internal domain like lan or somth you choose would not be resolved.
But I want to use NS as a router/UTM in a domain environment where it’s important that DNS points to the domain controller(s).
Hi Adam,
In a domain environment, it’s better that DHCP to be on DC server.
In this case, NS will act as Router/UTM, will give DHCP only for BLUE, and for LAN (GREEN), the DC Server will provide DHCP. I think this is the best way (I always use this configuration).
1 Like
I do too. I thought I’d change that standard practice because of the additional DHCP attributes for WPAD that NS handles out of the box. The problem is that it doesn’t seem to handle them correctly.
I suppose it wouldn’t be a big deal to add the 252 wpad attribute pointing to NS by IP. I’ll do some testing with that setup when I get a chance. Although it wouldn’t be a bad idea to fix this issue in NethServer.
Hi Adam,
If I understand well, your real problem was described here:
If yes, I have the same issue.
1 Like
@GG_jr and @Adam it is you chance to make great contribution to NS , make test for all cases, make config for WPAD and dnsmasq and then Dev team update package.
2 Likes
Hi Nas,
I’m not so sure that we speak about the same things.
If is about how different browsers (IE, Mozilla, Chrome) uses the proxy settings, then is a combination between how to set Web Proxy on NS and proxy settings on browsers.
I have tried some combinations but I have obtained only a headache.
If something works on IE/Chrome, doesn’t work on Mozilla and vice versa.
For example: if I use for Proxy: Transparent & Block HTTP and HTTPS ports, with Mozilla (Ubuntu) I cannot reach https sites, only http, regardless of browser proxy settings. If I use only Transparent, I can reach all sites but only http sites are logged on Lightsquid.
After a while I was totally lost …
I thing something is wrong with the module and/or how is explained in Help.
I’m not sure and I don’t want to make false statements till I will test again.
I will try to do those tests again, in “more professional manner” if I can say this and more documented. I hope that will help.
In stock form, using NethServer for DNS and DHCP, if you use the settings that you show in that screenshot, everything should work in the green zone…except you may want to block HTTP and HTTPS ports so the browser will not bypass proxy for HTTPS if it doesn’t autodetect. The only issue is that FireFox does not come set to automatically detect proxy settings by default. By default, it’s set to use system proxy settings, which do not auto detect properly.
The only issues I had was once I started using a different DNS and/or dhcp server.
I setup a Server 2012 R2 VM on my green zone, disabled DHCP on NS, and enabled DHCP and DNS on the Server 2012 VM. After creating the following wpad DHCP option(as well as setting the path in the wpad.dat to use IP rather than hostname), everything appears to be working in the Windows 7 VM (including Windows Update and other system services).
However, Firefox on the Windows 7 VM doesn’t work and the Ubuntu VM doesn’t work. I found this: http://findproxyforurl.com/common-wpad-issues/
So it appears that a DNS wpad entry is required. Server 2012 ignores wpad queries by default for security, so the following command needs to be run to remove that block:
dnscmd /config /globalqueryblocklist
Note: this command clears all blocks. By default there are two: wpad and isatap. To remove wpad and keep isatap, run the following command instead:
dnscmd /config /globalqueryblocklist isatap
Once that was done, I created an A record to point the hostname wpad to the NS IP…but still had issues. Once I modified the 015 “DNS Domain Name” DHCP attribute and added the local domain name of “lan.local”, everything started working. I believe I had to do that because I setup DHCP on this test server before creating the domain. It would normally be setup automatically.
Two things that I can take away from this testing experience:
-
Use NethServer for DNS and DHCP if at all possible if you plan on using WPAD to avoid this headache
-
WPAD should be setup to use IP address rather than hostname. Everything routes properly using IP address and it would prevent even more DNS entries from being created.
For the sake of testing, I went ahead and changed the wpad.dat back to referencing a hostname so I would know what’s involved to make it work.
By default, the wpad.dat file references proxy.domain, not the actual hostname of NethServer. So I added an A record to the Windows DC to point that hostname to the IP of NethServer… It didn’t work.
So I added another A record of the actual hostname, which in my case is “ns-test”, pointing to the NS IP. It still didn’t work. I had the domain in NS set to “lan” when my DNS domain suffix is lan.local. So I changed the domain in NS to lan.local and then everything worked… for Windows. Ubuntu can resolve “proxy” but cannot resolve “proxy.lan” or “proxy.lan.local”. Any ideas?
Edit: I gave up trying to make it work. Everything works perfectly by changing the hostname in the wpad.dat to the IP address. Is there any way that can be the permanent setting rather than a hostname? I don’t see any downside to changing it. It would only be beneficial and I’m not the only one who has had issues with the current use of a hostname.
Edit2: changed this thread type to “bug” since I view this issue as a bug that can be easily resolved.
Maybe 
What IP do you want to put inside the WPAD? If the template puts the green IP, clients from blue will not work and the other way around.
Instead, you can create a DNS pointing to multiple IP, but from your tests it doesn’t seems to work correctly even with the DNS name.
I don’t see any clear solution, except of configuring the proxy in transparent mode.
Am I wrong? Any other suggestion?
1 Like
I thought the same thing, but it still routes properly from the blue network and works perfectly. Here’s a screenshot of a Ubuntu VM in my test environment to illustrate:
Even though it’s on the blue network (192.168.10.0), it can still route to, contact, and download the wpad.dat from the router on its green IP (192.168.1.1). You can see Google and Yahoo HTTPS sites open in the background too.
Here’s another screenshot showing the current wpad.dat and the browser proxy settings. It’s using transparent proxy for http and manual for https. wpad is working beautifully with this setup.
I took testing a step further and added a second green zone with a Windows 7 VM and everything also works well there.
I’m just going to bump this again because I just had to manually modify another wpad.dat because hostname was causing problems. Setting it to the IP of the first green zone instead would be a wonderful solution. 
Just opened a new issue: http://dev.nethserver.org/issues/3266
I think the development will be delayed after the release of 6.7.
2 Likes
That’s awesome! Thanks!
I’ll be switching my test VMs over to 6.7 later today. 
this issue was mantioned few month ago :
I did some testing with the new wpad setup to verify it functions how it should before I update my production NethServer instances.
With NS providing DHCP and DNS:
With a Server 2012 R2 AD DC providing DHCP and DNS:
From what testing I’ve done, everything appears to work great! Thank you devs!!
3 Likes