Impossible connexion to proxy

Kernels & Hardware, configuring network, installing services

Impossible connexion to proxy

Postby f.r3d » 2018-09-10 09:27

Hello everyone!

I work in a high school where a proxy is required for the wifi connexion. The proxy address I was given is http://172.17.0.219/proxy.pac
I insert it the the Gnome Network Manager
Image

but Firefox and Chrome always give me the same error message "DNS_PROBE_FINISHED_NXDOMAIN". I do the exact same procedure on my android phone and it works. Am I missing something in a hidden configuration file somewhere?

Thank you for your help!
Debian 9 Gnome 64bits
Thinkpad T460
4X Intel Core i7-6600U / 8GB Ram / Intel HD Graphics 520 / 256GB SSD /
User avatar
f.r3d
 
Posts: 63
Joined: 2016-07-28 16:39
Location: France

Re: Impossible connexion to proxy

Postby L_V » 2018-09-10 10:07

172.17.0.219 not available ?
Code: Select all
ping 172.17.0.219
L_V
 
Posts: 799
Joined: 2007-03-19 09:04

Re: Impossible connexion to proxy

Postby f.r3d » 2018-09-10 11:10

No, it is
Code: Select all
frederic@thinkpadt460:~$ ping 172.17.0.219
PING 172.17.0.219 (172.17.0.219) 56(84) bytes of data.
64 bytes from 172.17.0.219: icmp_seq=1 ttl=64 time=5.02 ms
64 bytes from 172.17.0.219: icmp_seq=2 ttl=64 time=9.98 ms
64 bytes from 172.17.0.219: icmp_seq=3 ttl=64 time=4.04 ms
64 bytes from 172.17.0.219: icmp_seq=4 ttl=64 time=6.49 ms
64 bytes from 172.17.0.219: icmp_seq=5 ttl=64 time=5.86 ms
64 bytes from 172.17.0.219: icmp_seq=6 ttl=64 time=5.34 ms
Debian 9 Gnome 64bits
Thinkpad T460
4X Intel Core i7-6600U / 8GB Ram / Intel HD Graphics 520 / 256GB SSD /
User avatar
f.r3d
 
Posts: 63
Joined: 2016-07-28 16:39
Location: France

Re: Impossible connexion to proxy

Postby p.H » 2018-09-10 12:46

f.r3d wrote:The proxy address I was given is http://172.17.0.219/proxy.pac
I insert it the the Gnome Network Manager

I cannot see the picture from where I am at the moment. Just to say that this is not a proxy address but an automatic proxy configuration URL, so make sure you insert it in the proper configuration field.
Last edited by p.H on 2018-09-10 19:08, edited 1 time in total.
p.H
 
Posts: 631
Joined: 2017-09-17 07:12

Re: Impossible connexion to proxy

Postby p.H » 2018-09-10 19:07

I can see the picture now and AFAICS you put the URL in the right place.
What is the action which triggers the error ?
The error message mentions DNS non existent domain, so I would first check the DNS servers set up in /etc/resolv.conf, DNS resolution and do a packet capture of DNS traffic while repeating the action.
Last edited by p.H on 2018-09-11 08:15, edited 1 time in total.
p.H
 
Posts: 631
Joined: 2017-09-17 07:12

Re: Impossible connexion to proxy

Postby f.r3d » 2018-09-10 19:24

Code: Select all
frederic@thinkpadt460:~$ cat /etc/resolv.conf
# Generated by NetworkManager
search lan
nameserver 192.168.1.254


I am supposed to go to ac-amiens.fr to access a login page but the error "DNS_PROBE_FINISHED_NXDOMAIN" always appears, either with Chrome or Firefox.
You will need to be more specific because I am not very knowledgeable in networking and networking related bash commands.
Debian 9 Gnome 64bits
Thinkpad T460
4X Intel Core i7-6600U / 8GB Ram / Intel HD Graphics 520 / 256GB SSD /
User avatar
f.r3d
 
Posts: 63
Joined: 2016-07-28 16:39
Location: France

Re: Impossible connexion to proxy

Postby bw123 » 2018-09-11 00:33

f.r3d wrote:
Code: Select all
frederic@thinkpadt460:~$ cat /etc/resolv.conf
# Generated by NetworkManager
search lan
nameserver 192.168.1.254


I am supposed to go to ac-amiens.fr to access a login page but the error "DNS_PROBE_FINISHED_NXDOMAIN" always appears, either with Chrome or Firefox.
You will need to be more specific because I am not very knowledgeable in networking and networking related bash commands.


Well, you do have knowledge of ping, have you confirmed that your dns setup is broken? Shouldn't you ping something by name, like ac-amiens.fr which is the site you need to access? What is 192.168.1.254 and why is that set as your dns if it's broken?

...
I am supposed to go to ac-amiens.fr to access a login page...


Did you try typing ac-amiens.fr ip address in the browser instead of it's domain name?
User avatar
bw123
 
Posts: 3516
Joined: 2011-05-09 06:02
Location: TN_USA

Re: Impossible connexion to proxy

Postby p.H » 2018-09-11 08:22

Is 192.168.1.254 the correct IP address of the DNS server you are supposed to use ?
Check the DNS resolution with "host" and some hostnames
Code: Select all
host ac-amiens.fr


If the DNS resolution works, I would do a packet capture with tcpdump when running the browser and triggering the error message
Code: Select all
tcpdump -ni wlan0 port 53

(replace wlan0 with the actual wireless network interface name reported by "ip link")
Ctrl+c to stop the capture
p.H
 
Posts: 631
Joined: 2017-09-17 07:12

Re: Impossible connexion to proxy

Postby f.r3d » 2018-09-11 10:05

When I am connected to the high school wifi network
Code: Select all
frederic@thinkpadt460:~$ ping www.ac-amiens.fr
PING www.ac-amiens.fr (194.199.47.132) 56(84) bytes of data.
64 bytes from www.ac-amiens.fr (194.199.47.132): icmp_seq=1 ttl=54 time=13.6 ms
64 bytes from www.ac-amiens.fr (194.199.47.132): icmp_seq=2 ttl=54 time=14.6 ms
64 bytes from www.ac-amiens.fr (194.199.47.132): icmp_seq=3 ttl=54 time=14.2 ms
64 bytes from www.ac-amiens.fr (194.199.47.132): icmp_seq=4 ttl=54 time=15.0 ms
64 bytes from www.ac-amiens.fr (194.199.47.132): icmp_seq=5 ttl=54 time=14.7 ms
64 bytes from www.ac-amiens.fr (194.199.47.132): icmp_seq=6 ttl=54 time=15.5 ms
64 bytes from www.ac-amiens.fr (194.199.47.132): icmp_seq=7 ttl=54 time=21.3 ms
64 bytes from www.ac-amiens.fr (194.199.47.132): icmp_seq=8 ttl=54 time=20.4 ms
64 bytes from www.ac-amiens.fr (194.199.47.132): icmp_seq=9 ttl=54 time=21.4 ms
64 bytes from www.ac-amiens.fr (194.199.47.132): icmp_seq=10 ttl=54 time=14.5 ms
64 bytes from www.ac-amiens.fr (194.199.47.132): icmp_seq=11 ttl=54 time=23.8 ms
64 bytes from www.ac-amiens.fr (194.199.47.132): icmp_seq=12 ttl=54 time=114 ms
^C
--- www.ac-amiens.fr ping statistics ---
12 packets transmitted, 12 received, 0% packet loss, time 11020ms
rtt min/avg/max/mdev = 13.639/25.318/114.314/27.047 ms


Code: Select all
frederic@thinkpadt460:~$ host ac-amiens.fr
ac-amiens.fr has address 194.199.47.132
ac-amiens.fr mail is handled by 10 mx2.ac-amiens.fr.
ac-amiens.fr mail is handled by 10 mx1.ac-amiens.fr.


Code: Select all
frederic@thinkpadt460:~$ sudo tcpdump -ni wlp4s0 port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlp4s0, link-type EN10MB (Ethernet), capture size 262144 bytes
12:52:54.154908 IP 172.17.1.33.52786 > 172.17.0.219.53: 24396+ A? google.com. (28)
12:52:54.155086 IP 172.17.1.33.34129 > 8.8.8.8.53: 53520+ A? google.com. (28)
12:52:54.172892 IP 172.17.0.219.53 > 172.17.1.33.52786: 24396 1/0/0 A 216.58.204.110 (44)
12:52:54.174492 IP 8.8.8.8.53 > 172.17.1.33.34129: 53520 1/0/0 A 216.58.208.206 (44)
^C
4 packets captured
4 packets received by filter
0 packets dropped by kernel


Is 192.168.1.254 the correct IP address of the DNS server you are supposed to use ?

I don't know... It is the defaut server in my configuration file. I never modified it.
Debian 9 Gnome 64bits
Thinkpad T460
4X Intel Core i7-6600U / 8GB Ram / Intel HD Graphics 520 / 256GB SSD /
User avatar
f.r3d
 
Posts: 63
Joined: 2016-07-28 16:39
Location: France

Re: Impossible connexion to proxy

Postby f.r3d » 2018-09-11 10:34

Tryng the IP address of ac-amiens.fr does not work either.
When I try to go to ac-miens.fr, I am redirected to
Code: Select all
 https://0600013n-pfsense.0600013n.local:8005/index.php?zone=wifi_byod&redirurl=http%3A%2F%2Fwww.ac-amiens.fr%2F

The browser then tells me that it cannot find the server IP address accompanied by the same error message "DNS_PROBE_FINISHED_NXDOMAIN".
Debian 9 Gnome 64bits
Thinkpad T460
4X Intel Core i7-6600U / 8GB Ram / Intel HD Graphics 520 / 256GB SSD /
User avatar
f.r3d
 
Posts: 63
Joined: 2016-07-28 16:39
Location: France

Re: Impossible connexion to proxy

Postby p.H » 2018-09-11 10:43

f.r3d wrote:It is the defaut server in my configuration file

What configuration file ? The header in /etc/resolv.conf indicate it was generated by NetworkManager.

According to the packet capture, your machine sends DNS queries for google.com (how come ?) to 172.17.0.219 (same address as in the automatic proxy configuration URL) and 8.8.8.8 (Google's public recursive DNS) which seem to reply correctly (no NXDOMAIN). According to the /etc/resolv.conf you posted It should send queries to 192.168.1.254. Did you post the contents of resolv.conf when connected to the high school wireless network ?
p.H
 
Posts: 631
Joined: 2017-09-17 07:12

Re: Impossible connexion to proxy

Postby p.H » 2018-09-11 10:45

What is the result of
Code: Select all
host -v 0600013n-pfsense.0600013n.local
host -v 0600013n-pfsense.0600013n.local 172.17.0.219

Obviously this is a locally defined host name, and Google's DNS won't be able to resolve it.

Note : .local is supposed to be reserved to mDNS used by the Zeroconf protocol implemented by Avahi and should not be used with DNS.
p.H
 
Posts: 631
Joined: 2017-09-17 07:12

Re: Impossible connexion to proxy

Postby f.r3d » 2018-09-12 10:31

So, I did all the following using the high school wifi network.

This time I used Firefox instead of Chrome just to be sure.
Code: Select all
frederic@thinkpadt460:~$ sudo tcpdump -ni wlp4s0 port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlp4s0, link-type EN10MB (Ethernet), capture size 262144 bytes
13:13:19.901261 IP 172.17.1.33.6731 > 172.17.0.219.53: 58316+ A? google.com. (28)
13:13:19.901482 IP 172.17.1.33.9939 > 8.8.8.8.53: 30383+ A? google.com. (28)
13:13:19.907447 IP 172.17.0.219.53 > 172.17.1.33.6731: 58316 1/0/0 A 216.58.204.142 (44)
13:13:19.924053 IP 8.8.8.8.53 > 172.17.1.33.9939: 30383 1/0/0 A 172.217.19.142 (44)
^C
4 packets captured
4 packets received by filter
0 packets dropped by kernel

I have no idea why my computer sends DNS queries to google.

Code: Select all
frederic@thinkpadt460:~$ cat /etc/resolv.conf
# Generated by NetworkManager
search 0600013n.local
nameserver 172.17.0.219


Code: Select all
frederic@thinkpadt460:~$ host -v 0600013n-pfsense.0600013n.local
Trying "0600013n-pfsense.0600013n.local"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47462
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;0600013n-pfsense.0600013n.local. IN   A

;; ANSWER SECTION:
0600013n-pfsense.0600013n.local. 1 IN   A   172.17.0.219

Received 65 bytes from 172.17.0.219#53 in 12 ms
Trying "0600013n-pfsense.0600013n.local"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28458
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;0600013n-pfsense.0600013n.local. IN   AAAA

Received 49 bytes from 172.17.0.219#53 in 4 ms
Trying "0600013n-pfsense.0600013n.local"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50401
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;0600013n-pfsense.0600013n.local. IN   MX

Received 49 bytes from 172.17.0.219#53 in 6 ms


Code: Select all
frederic@thinkpadt460:~$ host -v 0600013n-pfsense.0600013n.local 172.17.0.219
Trying "0600013n-pfsense.0600013n.local"
Using domain server:
Name: 172.17.0.219
Address: 172.17.0.219#53
Aliases:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16444
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;0600013n-pfsense.0600013n.local. IN   A

;; ANSWER SECTION:
0600013n-pfsense.0600013n.local. 1 IN   A   172.17.0.219

Received 65 bytes from 172.17.0.219#53 in 106 ms
Trying "0600013n-pfsense.0600013n.local"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47248
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;0600013n-pfsense.0600013n.local. IN   AAAA

Received 49 bytes from 172.17.0.219#53 in 5 ms
Trying "0600013n-pfsense.0600013n.local"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55082
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;0600013n-pfsense.0600013n.local. IN   MX

Received 49 bytes from 172.17.0.219#53 in 7 ms
Debian 9 Gnome 64bits
Thinkpad T460
4X Intel Core i7-6600U / 8GB Ram / Intel HD Graphics 520 / 256GB SSD /
User avatar
f.r3d
 
Posts: 63
Joined: 2016-07-28 16:39
Location: France


Return to System configuration

Who is online

Users browsing this forum: No registered users and 9 guests

fashionable