Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add WPAD to dhcp server #2088

Merged
merged 6 commits into from
Jul 6, 2018
Merged

add WPAD to dhcp server #2088

merged 6 commits into from
Jul 6, 2018

Conversation

fabianfrz
Copy link
Member

@fabianfrz fabianfrz commented Jan 13, 2018
edited
Loading

It deploys the default hostname:

nmap --script broadcast-dhcp-discover -e vboxnet1

Starting Nmap 7.60 ( https://nmap.org ) at 2018-01-13 21:53 CET
Pre-scan script results:
| broadcast-dhcp-discover: 
|   Response 1 of 1: 
|     IP Offered: x.x.x.x
|     DHCP Message Type: DHCPOFFER
|     Server Identifier: x.x.x.x
|     IP Address Lease Time: 5m00s
|     WPAD: https://wpad.sense:443/wpad.dat
|     Subnet Mask: 255.255.255.0
|     Router: x.x.x.x
|     Domain Name Server: x.x.x.x
|_    Domain Name: sense
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 1.32 secon

@fabianfrz fabianfrz mentioned this pull request Jan 13, 2018
Closed
@fichtner fichtner self-assigned this Jan 14, 2018
@fabianfrz fabianfrz mentioned this pull request Mar 31, 2018
Merged
fichtner
fichtner reviewed Jun 12, 2018
View reviewed changes
src/www/services_dhcp.php Outdated
<td><i class="fa fa-info-circle text-muted"></i> <?=gettext("WPAD");?> </td>
<td>
<input name="wpad" id="wpad" type="checkbox" value="yes" <?=!empty($pconfig['wpad']) ? "checked=\"checked\"" : ""; ?> />
<strong><?= sprintf(gettext("Enable Web Proxy Auto Discovery on the %s interface"),!empty($config['interfaces'][$if]['descr']) ? htmlspecialchars($config['interfaces'][$if]['descr']) : strtoupper($if));?></strong>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"Enable Web Proxy Auto Discovery on this interface", the rest is too confusing (and there is a double space in front of %s anyway)

fichtner
fichtner reviewed Jun 12, 2018
View reviewed changes
src/etc/inc/services.inc


// add pac url if it applies
if (isset($dhcpifconf['wpad']) && !empty($config['system']['hostname']) && !empty($config['system']['domain'])) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can't we set host names / domains per interface?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

theoretically yes but is there a reason to? It must point to an IP of the Firewall and the system hostname makes that always true. On that interface the wpad.dat file must be served.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

true

fichtner
fichtner reviewed Jun 12, 2018
View reviewed changes
src/etc/inc/services.inc
if (isset($dhcpifconf['wpad']) && !empty($config['system']['hostname']) && !empty($config['system']['domain'])) {
$protocol = !empty($config['system']['webgui']['protocol']) ? $config['system']['webgui']['protocol'] : 'https';
// take hostname from system settings - it can be used to be resolved to anything based on client IP
$host = implode('.', array('wpad', $config['system']['domain']));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hostname is checked in first if, but not added here?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hosts try the hostname wpad in the domain. which is created here. This one needs DNS support.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

but why the sanity check of !empty($config['system']['hostname']) ? it should never be empty and if it is WPAD not working is the least of our issues

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hostname is used for the CNAME in Unbound:
https://github.com/opnsense/core/pull/2097/files#diff-a89985242e1eea6a91d3e103e3353d5cR586

fichtner
fichtner reviewed Jun 12, 2018
View reviewed changes
src/etc/inc/services.inc Outdated
$protocol = !empty($config['system']['webgui']['protocol']) ? $config['system']['webgui']['protocol'] : 'https';
// take hostname from system settings - it can be used to be resolved to anything based on client IP
$host = implode('.', array('wpad', $config['system']['domain']));
$port = !empty($config['system']['webgui']['port']) ? $config['system']['webgui']['port'] : 443;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

443 is only true for https :)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

@fichtner fichtner merged commit 8257d1a into opnsense:master Jul 6, 2018
@fichtner
Copy link
Member

fichtner commented Jul 6, 2018

Merged, thanks!

@fabianfrz fabianfrz deleted the wpad_dhcp branch July 9, 2018 18:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fichtner fichtner fichtner approved these changes

Assignees

@fichtner fichtner

Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@fabianfrz @fichtner