2
We noticed this problem when a few users could not access the interenet while they connected to VPN. We had the user try a different connection, such a hotspot from their phone, then connect to the corporate VPN and access the internet. They tried a few different connections, and the only time it breaks is when they are at home behind their Asus router. From their home connection it even works if they connect directly to their modem.
We used Wireshark to view the initial connection of the VPN, and it is getting the wpad.dat file from the right location. The wpad file is complete, but Windows for some reason doesn't use it. Chrome and IE both use Windows Internet options, but Firefox does not. When we set the Proxy on Firefox to automatically detect, it works.
In summary, when connected to the corporate VPN using an Asus router, Windows does not detect which proxy server to use. I don't know what else to try.
Here are some things I have tried and found out:
If I set the wpad.dat file manually in Internet Options, I am able to access the Internet. When automatically detecting settings, I am not able to (which is the way we need to have it set up).
If I set the proxy servers manually, I am able to access the Internet.
Watching a Wireshark capture, I see that the wpad.dat file is downloaded when I make the connection to VPN.
I found a tool called autoprox.exe, which finds the wpad.dat file fine, and assigns it to the correct proxy servers.
This occurs while on VPN (Cisco AnyConnect) and using the Asus RT-N66U router (running the latest, or earliest firmware - we tested both).
This happens on Windows 7, 8.1 and 10, IE10 and IE11.
We are using squid as a the proxy server, but squid sees no denies or even the URL that is trying to be accessed.
Our wpad.dat is stored on an Apache server accessible at wpad.companyname.com/wpad.dat.
I have checked the Content-Type headers and they are set appropriately to application/x-ns-proxy-autoconfig.
How can I fix this?
smiler07
Posted 2017-02-25T21:02:41.400
Reputation: 61
Anything useful in Chrome, if you look under: chrome://net-internals/#events or chrome://net-internals/#proxy? – HelpingHand – 2017-02-25T23:47:23.330
1
I wonder if Firefox is OK as it doesn't support DHCP for autoproxy discovery http://findproxyforurl.com/browser-support/. Does this hint at DHCP being the issue? What if you force DNS only with the key AutoProxyDetectType set to 2: https://technet.microsoft.com/en-us/library/cc302643.aspx
– HelpingHand – 2017-02-26T00:32:07.487@EMK, you are a genius! I added the AutoProxyDetectType key here: HKEY_Current_User\Software\Microsoft\Windows\CurrentVersion\Internet Settings as value 2 and it started working! Do you know if there is something that the ASUS router is doing to give it a bad wpad.dat file or something? – smiler07 – 2017-03-02T21:28:33.073
Glad it helped narrow things down to DHCP. Out of interest, does the DHCP server of these ASUS routers configure the 252 DHCP option? With Wireshark capturing on the adapter getting the IP from the router via DHCP, with the filter:
bootp.option.type == 252does anything show up if you do a release/renew? – HelpingHand – 2017-03-02T21:55:14.850have you tried applying proxy system wide -
netsh winhttp import proxy source=ie– Manoj – 2017-03-06T16:58:29.563@EMK, I released by IP, then started capture and then renewed. This was the result:
Option: (252) Private/Proxy autodiscovery Length: 1 Private/Proxy autodiscovery: \n– smiler07 – 2017-03-07T21:00:51.173Interesting that it even sets the option on a home router. I'd probably need to see it in the context of the entire packet capture. Can you export just the frames that match
– HelpingHand – 2017-03-07T21:08:09.937bootp.option.type == 252to a .pcap and host it somewhere? I'm expecting a pretty subtle bug. Something like those listed here: https://technet.microsoft.com/en-us/library/cc302643.aspx. Null characters, etc..@EMK, I ran ipconfig /release, then started the capture, then did the renew. This is the result from the filter mentioned above: https://dl.dropboxusercontent.com/u/7502760/SuperUserShare/AsusIPRenew.pcapng
When I telnet into the router, I found this line in the etc/dnsmasq.conf file:
dhcp-option=252,"\n".The last entry of the Dnsmasq FAQ(http://www.thekelleys.org.uk/dnsmasq/docs/FAQ) references the reason for the value
– HelpingHand – 2017-03-08T19:05:46.017\n. Also the example config file in the source (dnsmasq.conf.example) has the line commented out with a comment:# Send an empty WPAD option. This may be REQUIRED to get windows 7 to behave.It does seem to be mentioned on a few forums as a way to prevent a storm of DCHPINFORM requests http://brielle.sosdg.org/archives/522-Windows-7-flooding-DHCP-server-with-DHCPINFORM-messages.html.https://blogs.msdn.microsoft.com/asiatech/2012/08/14/insight-wpad-proxy-settings-on-ie/ is quite detailed into how it works. Maybe worth looking into what is cached in the referenced cache locations and see if chrome://net-internals/#events can throw some light on the situation from a Chrome perspective. If you're only using DNS to set the proxy, maybe disabling DHCP with the previous mentioned key could be a permanent workaround, especially if you can apply it conditionally. – HelpingHand – 2017-03-08T19:10:28.280