Joined: 09 Aug 2013 Posts: 16 Location: Houston, TX
Posted: Sun Dec 01, 2019 18:55 Post subject: Work computer security complaining about WPAD
Hi all,
Through searching here, I could not find much on how DD-WRT uses (or doesn't?) Web proxy Auto Discovery (WPAD).
I'm running a Netgear R7000 v3.0-r40559. I am using DNSMasq for static DHCP leases, some port forwarding, and the OpenVPN server for personal use.
I have DHCP server enabled, and am using OpenDNS IPs for Static DNS.
DNSMasq and DHCP-Authoritative are enabled.
Under Setup > Networking > DHCPD, I have no other DHCP servers.
My only Firewall entries are this for the OpenVPN Server:
When I connect my work laptop (Lenovo T480 Win10 Ent) to my network to work from home, I get a corporate security pop-up complaining about my router firmware being incompatible with Windows 10. To summarize: "It is not properly answering a DHCP request which may cause Internet Explorer to be unable to access internet sites while connected to our corporate VPN." Some more info I got from IT: "Windows 10 also asks for WPAD info as well. Routers that are not configured to send WPAD information are supposed to ignore the request and not return any information for WPAD. However, some routers return a Line Feed character for WPAD information instead of ignoring the request. This causes Internet Explorer to be unable to find the corporate proxy servers when you make a VPN connection. Most, if not all, of the routers that have this problem are from Asus. We recommend replacing your router if the latest firmware from your vendor does not resolve this issue."
Is this extra blank line feed really the issue? If so, is there a way to override this to NULL, like point to an empty wpad.dat file somewhere?
Joined: 09 Aug 2013 Posts: 16 Location: Houston, TX
Posted: Sun Dec 01, 2019 22:09 Post subject:
kernel-panic69 wrote:
Ok, I'm confused, does WPAD need to be on or off? I don't use it.
Great question! I had not even heard of it until my company detected it in this state.
I think, in my case at least, I need to make sure it ignores the WPAD request, or at least does not return the Line Feed character (If what my IT dept detected was accurate). _________________ Netgear R7000 v1 running DD-WRT build r41664
TP-Link TL-WR1043ND v1.10 running DD-WRT build r23204
Linksys WRT54GL running Tomato 1.28
Outside of your corporate network, though, WPAD is bad. It's only complaining because the corporate network is snooping your activity.
You're absolutely correct--they are snooping on host networks "for security purposes to ensure I'm not copying/printing files," etc.
That forum post was indeed the first thing I found and tried--sorry for not mentioning before. Unfortunately it did not work (to my IT's liking at least). I made it the first line in my DNSMasq (attached), Save>Apply>Reboot, then reconnected, and the warning returned.
So I removed the DNSMasq entry I added, rebooted the router, rebooted my work PC. The security warning came back!
I added the string back to DNSMasq, rebooted the router, rebooted my work PC, and no security warning.
So, the feature isn't quite perfect, but it's working close enough for me.
Thanks all for your help, and I hope this post helps others who end up here in a similar situation. _________________ Netgear R7000 v1 running DD-WRT build r41664
TP-Link TL-WR1043ND v1.10 running DD-WRT build r23204
Linksys WRT54GL running Tomato 1.28