Problem: Clients Do Not Use Proxy Settings


In ucs@school environments proxy settings will be assigned automatically an do not need any further coonfiguration. Nevertheless, your clients do not use the proxy settings and access the internet without the Squid proxy.
You can verify by browsing to a test site (i.e. If it is marked red your browser uses a proxy. If it is green it bypasses the proxy.


For security reasons you have configured your UCS servers to accept only secured https:// protocol by setting the variable:
ucr set apache2/force_https=yes
and you are using self-signed certificates (it might fail with public certificates, too).
Thus, Windows client tries to access the proxy configuration file through default http:// but refuses to load from the redirected https:// site. So no proxy configuration file is downloaded and thus no proxy will be used.


Change the proxy setting on your school to give https:// instead of http:// by:

udm dhcp/service modify --dn="cn=ou1,cn=dhcp,ou=OU1,dc=schulen,dc=multi,dc=ucs" --append-option options --remove option="wpad \"http://proxy.multi.ucs/proxy.pac\""

udm dhcp/service modify --dn="cn=ou1,cn=dhcp,ou=OU1,dc=schulen,dc=multi,dc=ucs" --append-option options --append option="wpad \"https://proxy.multi.ucs/proxy.pac\""

You can get the needed “dn” and “option” with the following command:

root@master:~# udm dhcp/service list

DN: cn=schulen.ucs,cn=dhcp,dc=schulen,dc=ucs
  service: schulen.ucs

DN: cn=schulelena,cn=dhcp,ou=SchuleLena,dc=schulen,dc=ucs
  option: wpad "http://lenaedu.schulen.ucs/proxy.pac"
  service: schulelena
  univentionPolicyReference: cn=Gateway Lenaedu,cn=routing,cn=dhcp,cn=policies,dc=schulen,dc=ucs

DN: cn=schuleluise,cn=dhcp,ou=SchuleLuise,dc=schulen,dc=ucs
  option: wpad "https://luiseedu.schulen.ucs/proxy.pac"
  service: schuleluise