Bug #6949
closedusername/password not used by proxy support
50%
Description
hello,
it seems that username and password is not used for the proxy connection. it works only with IP and port but authentication is not performed.
when i try to perform an update check pfsense continuously tries to connect to the proxy without to pass username/passw to the proxy.
Updated by Jim Pingle about 8 years ago
- Category changed from Upgrade to Operating System
- % Done changed from 0 to 50
I pushed some changes to populate the HTTP_PROXY_AUTH variable and it works for HTTP, but HTTPS does not work using the same mechanism. This happens even with fetch and not just pkg, so it may be a limitation of libfetch and beyond our control at the moment.
I also tried with the user/pass in the HTTP_PROXY variable in multiple styles ("user:pass@x.x.x.x:3128", "http://user:pass@x.x.x.x:3128/"), none of which worked with fetch or pkg.
Updated by Kill Bill about 8 years ago
Jim Pingle: Perhaps this is relevant to HTTPS not working?
Updated by Jim Pingle about 8 years ago
It's possible but doesn't sound quite the same. Here's a capture of the initial exchange I grabbed yesterday where the client is trying to setup the connection and fails -- it never sends the subsequent attempt with credentials as it does with HTTP:
Client:
CONNECT www.example.com:443 HTTP/1.1 Host: www.example.com:443
Server:
HTTP/1.1 407 Proxy Authentication Required Server: squid Mime-Version: 1.0 Date: Wed, 07 Dec 2016 18:30:33 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3380 X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en Proxy-Authenticate: Basic realm="Please enter your credentials to access the proxy" X-Cache: MISS from localhost X-Cache-Lookup: NONE from localhost:3128 Connection: keep-alive
There is only one line in the actual HTTP 407 error, so that last update on the ticket doesn't quite match but it might be worth trying that patch on a FreeBSD box to see if it helps.
Updated by Jim Pingle almost 8 years ago
- Assignee changed from Jim Pingle to Renato Botelho
Looks like the patch on the FreeBSD bug entry was committed. We should be able to pull it in from there.
Updated by Renato Botelho almost 8 years ago
- Status changed from New to Feedback
- Assignee changed from Renato Botelho to Jim Pingle
Done. Last commit was cherry-picked
Updated by Jim Pingle almost 8 years ago
- Status changed from Feedback to Resolved
Works on the latest snap including the patch.
Updated by Julio Acosta over 6 years ago
Hello Jim Pingle , I am new using pfsense 2.4.2, I have the same problem of User authentication and password in my proxy, I have read this forum, but I need help to apply and install this https://bugs.freebsd.org/bugzilla/show_bug.cgi ? id = 194483 in the pfsense from the console??, thanks for your help.
Updated by Y N over 6 years ago
i have same problem.
on System/Advanced/Miscellaneous i've added proxy info with username and password, and pfsense can't search, update or install packages.
on cli:
[2.4.3-RELEASE][root@pfSense.local]/root: pkg search mc pkg: Repository pfSense-core load error: access repo file(/root/var/db/pkg/repo-pfSense-core.sqlite) failed: No such file or directory pkg: https://pkg.pfsense.org/pfSense_v2_4_3_amd64-core/meta.txz: Proxy Authentication Required pkg: https://pkg.pfsense.org/pfSense_v2_4_3_amd64-core/packagesite.txz: Proxy Authentication Required pkg: Repository pfSense load error: access repo file(/root/var/db/pkg/repo-pfSense.sqlite) failed: No such file or directory pkg: https://pkg.pfsense.org/pfSense_v2_4_3_amd64-pfSense_v2_4_3/meta.txz: Proxy Authentication Required pkg: https://pkg.pfsense.org/pfSense_v2_4_3_amd64-pfSense_v2_4_3/packagesite.txz: Proxy Authentication Required
Updated by Y N over 6 years ago
[2.4.3-RELEASE][root@pfSense.local]/root: env | grep PROX HTTP_PROXY=185.34.52.z:3128 HTTP_PROXY_AUTH=basic:*:user:pass