search

coova / coova-chilli

CoovaChilli is an open-source software access controller for captive portal hotspots.
Other
518 stars 260 forks source link

WPAD support not compiling #225

Open Cool34000 opened 8 years ago

Cool34000 commented 8 years ago

Hi,

I need to send the proxy configuration with a wpad.dat or wpad.pac file for my configuration to work as expected. I can't use transparent mode as HTTPS does not work with E2Guardian's MITM SSL function. So the only solution is to send the proxy configuration with a wpad file...

So I've compiled chilli v1.3.1 svn revision (last revision before coova migrated to github) with the "--enable-wpad" option but it looks like it's not compiling! Here's the result of "chilli --help": Compiled with ENABLE_BINSTATFILE ENABLE_CHILLIQUERY ENABLE_CHILLIPROXY ENABLE_COA ENABLE_RADPROXY ENABLE_CHILLIRADSEC ENABLE_CHILLIREDIR ENABLE_DHCPRADIUS ENABLE_DHCPOPT ENABLE_DNSLOG ENABLE_UAMDOMAINFILE ENABLE_EAPOL ENABLE_IEEE8021Q ENABLE_IPWHITELIST ENABLE_JSON ENABLE_LARGELIMITS ENABLE_LAYER3 ENABLE_LEAKYBUCKET ENABLE_MINIPORTAL ENABLE_MULTILAN ENABLE_MULTIROUTE ENABLE_PROXYVSA ENABLE_REDIRDNSREQ ENABLE_SESSGARDEN ENABLE_STATFILE ENABLE_UAMANYIP ENABLE_UAMUIPORT ENABLE_USERAGENT HAVE_OPENSSL USING_POLL

I also see a feature "DHCP OPTION" which compile OK, but I can't find any documentation on this feature exept that I need to send "dhcpopt=hex string". Option 252 is FC in hex... http://172.17.1.1/wpad.dat is 687474703A2F2F3137322E31372E312E312f777061642E646174 in hex... So I tried to put these in local.conf with no luck: dhcpopt 252 687474703A2F2F3137322E31372E312E312f777061642E646174 dhcpopt "252 687474703A2F2F3137322E31372E312E312f777061642E646174" dhcpopt FC687474703A2F2F3137322E31372E312E312f777061642E646174 dhcpopt "FC687474703A2F2F3137322E31372E312E312f777061642E646174"

The wpad.dat file is OK (if I manually add it in my browser, I'm getting filtered).

Any help on both features? Thanks in advance.

sevan commented 8 years ago

Any reason why you're using v1.3.1 & not the latest source on github?

Cool34000 commented 8 years ago

Yes: the latest source changed the entire Freeradius dictionnary (chillispot.* => coovachilli.*) and I can't migrate without modifying all my php code that I use to manage users, groups and mac authentications.

Moving to latest source is in my todo's list, but it's not a priority right now.

Cool34000 commented 8 years ago

Nobody?

Cool34000 commented 8 years ago

I've finally compiled latest version (v1.3.1.3) and I have the same problem: WPAD support doesn't seem to be compiled!

Compiled with ENABLE_BINSTATFILE ENABLE_CHILLIQUERY ENABLE_CHILLIPROXY ENABLE_COA ENABLE_RADPROXY ENABLE_CHILLIRADSEC ENABLE_CHILLIREDIR ENABLE_DHCPRADIUS ENABLE_DHCPOPT ENABLE_DNSLOG ENABLE_UAMDOMAINFILE ENABLE_EAPOL ENABLE_IEEE8021Q ENABLE_IPWHITELIST ENABLE_JSON ENABLE_LARGELIMITS ENABLE_LAYER3 ENABLE_LEAKYBUCKET ENABLE_MINIPORTAL ENABLE_MULTIROUTE ENABLE_PROXYVSA ENABLE_REDIRDNSREQ ENABLE_SESSGARDEN ENABLE_STATFILE ENABLE_UAMANYIP ENABLE_UAMUIPORT ENABLE_USERAGENT HAVE_OPENSSL USING_POLL

gbaligh commented 8 years ago

The ENABLE_WPAD is added in the git master branch, I think you are using the RELEASE 1.3.1.3, which do not print this using --help. Try to use last revision from GIt master. You need to set --wpadpacfile=filename.

Cool34000 commented 8 years ago

Hi,

Thanks: I've compiled the master branch and ENABLE_WPAD is now OK!

But I still don't understand how to activate this option. I've put wpadpacfile /etc/chilli/wpad.dat in /etc/chilli/local.conf and it's not working correctly.

When I manually browse http://1.0.0.1/wpad.dat the value is DIRECT and not PROXY 172.17.1.1:8080 (IP of my Coova server) So I've set the variable _HS_WPADPROXY to 172.17.1.1:8080 because there is no such value in /etc/chilli/functions The wpad.dat file now returns the correct configuration and HTTP filtering is working but HTTPS doesn't.

Is there something special to do for HTTPS filtering?

Cool34000 commented 8 years ago

Things I've noticed: If I manually configure the proxy automatic location in my browser with http://Coova_IP/wpad.dat it won't work. But if I use http://1.0.0.1/wpad.dat or http://Coova_IP:3990/wpad.dat then HTTPS filtering works!

Any idea how to fix this?

Cool34000 commented 8 years ago

I used Wireshark on my laptop to analyse what's going on... DHCP Option 252 is sent, I see http://1.0.0.1/wpad.dat being downloaded So things should works...

On my laptop Internet Explorer is working as expected (http and https are filtered) Other browsers don't work (I've tested Firefox and Chrome so far) Each browser is configured the same way: get automatically the proxy configuration.