Skip to Content.
Sympa Menu

cat-users - Re: [[cat-users]] Proxy = Auto-Detect causing problems

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive

Re: [[cat-users]] Proxy = Auto-Detect causing problems


Chronological Thread 
  • From: Stefan Winter <stefan.winter AT restena.lu>
  • To: Matti Saarinen <mjsaarin AT cc.helsinki.fi>, cat-users AT lists.geant.org
  • Subject: Re: [[cat-users]] Proxy = Auto-Detect causing problems
  • Date: Fri, 28 Oct 2016 11:15:25 +0200
  • Openpgp: id=AD3091F3AB24E05F4F722C03C0DE6A358A39DC66; url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Hello,

> During this autumn, we have been getting reports from Apple users that
> they cannot reach certain web sites from eduroam. My colleagues who are
> familiar with Apple products told me that it's eduroam CAT and its Proxy
> = Auto-Detect setting that is causing the problem. Also, the same
> setting makes Outlook on OS X crash occasionally.
>
> So, my questions are: Can I tune the Proxy setting somehow? Can I do
> something else to circumvent the issue if altering CAT is not possible?
> Is this an issue that only we have seen? Locally, I can tune DHCP to
> send option that points to our local www caches and that would probably
> work.

You should realise one important consideration: this is a roaming
consortium. Eventually, your users *will* roam to other places, with the
same unaltered configuration.

If you were able to set proxy settings to Disabled, then your users will
not be able to use the internet at eduroam SPs which require a proxy
connection and announce that with the appropriate technical means (DHCP,
...). Web proxies are discouraged in eduroam, but permitted, so this
needs to be foreseen in the configs we distribute. I.e. we intentionally
do not support a "DoS my users when roaming" setting.

> WPAD has also security issues:
>
> http://www.csoonline.com/article/3106076/data-protection/disable-wpad-now-or-have-your-accounts-and-private-data-compromised.html

The idea is that *you* as the administrator of your network take control
over distribution of WPAD settings (exactly like you describe above) -
and then noone else can generously do that for you.

So, yes, the DHCP option is likely something that will make things work
on your campus (and that's all you can do - other sites have their own
settings, and your users are subjected to those when they roam there
whether you like it or not).

Greetings,

Stefan Winter

--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Attachment: 0x8A39DC66.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature




Archive powered by MHonArc 2.6.19.

Top of Page