proxy configuration problem with wired connection opensuse 13.2

Hi all,

I recently upgraded my laptop from 13.1 to 13.2 (both with gnome) and everything is almost fine. Yet I have a strange behaviour with the proxy configuration : it seems to be working with wireless connection but not with a wired one.

To give more details, wether I am on wired or wireless connection, everything is OK, when I work from home with no proxy. At my office, I can connect to computers that do not need a proxy connection (inside my university) through ssh or whatever. Now when it comes to connections needing a proxy, the connection works with the wireless connection but not with the wired one. Actually, I tried the following:

  • wireless alone : no problem
  • wired and leaving the wireless do whatever it wants : no connection with proxy
  • wired and wireless physically (through the physical switch) turned off : no connection with proxy
    and the problem occurs with yast and firefox (for what I have tried)

Finally, I usually configure the proxy in three different places (I don’t know if this is ok):

  • in yast/proxy
  • in gnome/settings/netwrok/network proxy (needed if I want to install extensions for gnome, the yast/proxy configuration seems not to be considered by gnome)
  • in firefox for web browsing

So, here’s the situation that puzzles me (yet, it can be worked arround with the wireless connection, but it is not satisfactory), any idea is welcomed.

Thanks,
Pierre.

You’ll probably have to narrow down further what is happening.

As you’ve noted, there are 2/3 types of proxy configuration,

  • System Level. Typically configured using YAST.
  • Web Browser level - In each and every browser.

I don’t use Gnome, so don’t know for sure whether it’s just configuring system level or not (although I’d suspect that’d be the case).

You also should know that at least in the browser, it’s possible to distribute an automatic proxy configuration script so hat browsers can self-configure new settings when moving from network to network… But you won’t likely pick up the new settings unless you shut down the browser completely and restart. Note also that if this is used, it can make a difference whether you’re connected wired or wirelessly, depending on how the networks.

Restarting the browser may be required regardless whether an automatic configuration script is configured depending on your browser’s capabity to support multiple proxy “profiles” or not.

You also didn’t describe whether you’re experiencing the same issues with other protocols and apps since you already know that web browsers are a special type of application and protocol which can be configured differently than others in a network.

So, bottom line is that there are a fairly large number of different combinations of wired/wireless, different protocols, and possible configuration methods in each network you’re connected to.

Aside from reading logs to get specific connection errors, it’s a large amount of hit and miss trying different combinations.

TSU

Thanks for the answer. Before giving a few details, if it can help, I have to say that the update of yesterday (mainly with dbus and dhcp updates) seemed to have solved part of the problem : now, the system proxy (defined through yast with a manual configuration) is working properly. It allows me to install packages with a wired connection behind a proxy, something I could not do before.

Yet, the web browser (firefox) proxy configuration is still a problem (so is the gnome proxy). I usually do it through automatic proxy configuration thanks to a *.pac file from the university website. I am not using an automatic detection script or profile management for firefox, because I do not know exactly how it should work. So, even if I know it not to be optimal, I tick the proxy settings in the connection settings of firefox when I change from a “proxied” to a non-proxied connection (and usually do not need to restart the web browser - I tried to restart firefox and/or computer, but the results are the same). So doing so, the web browser says it is unable to connect to the websites. I also tried to configure the proxy with the two other options proposed by firefox : manually (and copying what I put in the system proxy settings) or based on the system proxy. But the result is the same: unable to connect after a while trying to connect.

I tried to ping the proxy server and it seems OK.

about this, well, yast/software, firefox and gnome were tried for internet connections, I have to admit I don’t know what are the various protocols. I cannot try to ping or ssh computers outside the university because the proxy disagrees. I tried to connect to a FTP server outside university (which is working with my desktop computer and with the wifi connection) with filezilla. Filezilla says :
resolving adress of XXX.XXX.XX
Connecting to “correct IP adress”
Connection attempt failed with “EHOSTUNREACH -No route to host”
Could not connect to server

Last, concerning reading logs, I tried to have a look in /var/log to see what is changing when I launch firefox, but did not notice anything special. I checked the changes through ls -lrt, the last files that are modified are warn, messages and firewall (and NetworkManager when I switch from wifi to wired). For the firewall, I tried to turn it off, but it is not changing anything. For the NetworkManager file, the configurations are not exactly the same (in particular the gateway) with wired and wifi, but don’t know if it does matter. So, I am wondering where I should look.

Once again, if you have a tip for a direction to look at, it would be very welcomed.

Pierre.

Restating parts of your post to verify understanding and more…

Generally speaking (and of course no guarantee applies to any specific situation), the “web protocols” http, https and ftp are special protocols which are often the protocols supported by Web Proxies. This is a type of proxy server that doesn’t proxy other protocols, and these protocols are the typical protocols supported by web browsers.

Full proxy servers will proxy any/all traffic.

So, when you’re talking about proxy configuration, the system level configuration will typically direct <all> protocols from <all> running apps to “the” proxy.

On the other hand, if your University has deployed a Web Proxy (and typically also deploys auto configuration) you check the box in any/all web browsers to “automatic” or enter the special web proxy address and port. In this scenario, with web traffic routed through the web proxy all other protocols and non-web browsers are still routed through the default gateway and filtered as desired. Note that this configuration puts non-browser apps that use the web protocols in a grey area, whether they are blocked or not depends on the main proxy at the default gateway.

  • You believe you said your proxy system settings are working now.
  • You seem to be saying that your web browser (firefox) isn’t working.
    If this is the case, then you need to first determine whether you browser should automatically retrieve the proxy configuration if you check the “automatic” box. To change FF (any web browser) settings, you only need to close <all> instances of the app (double check with something like top if you need to)and restart. If any instance of the browser is still running, new settings won’t take. Can you read the acp file if you open it in a text editor? Typically these files are in plain text, so you can inspect and manually enter if you wish.
  • Does your university require authentication to your network? If so, that security may be the same or different than what the proxy may require. In other words, sometimes proxy authentication can be integrated with overall network security, but it can also be configured to require a different set of credentials.

On this same topic of proxy security/credentials, don’t be afraid to ask your network admins directly. There are a multitude of ways a proxy can require credentials, not just username/password. Your network admins would know what your machine needs to present to the proxy.

As for your other tries…

  • The Filezilla errors are partly useful. Apparently it’s unable to establish a route (ie locate a gateway) for the protocol it’s trying. Compare the same address as a regular ping which you know would be directed through your default gateway (and not a proxy). Also, review your Filezilla settings to verify how it’s supposed to connect (proxy configured?). Also try using your Firefox, ie. in FF ftp://destination

In Network Manager, the settings should not be too important (ip addr or ifconfig would probably be more informative). As I’ve stated elsewhere, make sure you’re connected only through <one> network interface, ie if you’re connecting wired, be sure your wireless radio is turned off.

Like any other network troubleshooting, you can use telnet to probe the port of your proxy server instead of ping. Pinging any machine is minimally useful, all it confirms is that the destination machine is functional on the network, but using telnet additionally tests for whether the machine is listening and responding on a specific port.

TSU