This is for an installation of Ubuntu 13.04 Desktop in a VirtualBox VM.
I'm on a corprate network with an HTTP proxy at x.y.z.251:9090. I've configured the guest OS with the autoconfiguration script, so Firefox works fine, but I can't get "apt-get" or "Ubuntu Software Center" to connect using the proxy.
I created the file "/etc/apt/apt.conf", it now contains a single line of text:
Acquire::http:Proxy "http://x.y.z.251:9090"
which is what the proxy.pac file that I specified in "System Settings/Network/Network Proxy" and applied to the entire system.
When I use Firefox, a packet trace shows that the TCP connection is done via the corporate proxy at port 9090, when I run "Ubuntu Software Center" and "apt-get", the packet trace shows TCP SYN packets with the eventual destination IP address and port 80. There, is of course, no response to the SYN packets, since the corporate firewall blocks TCP connections on port 80 from getting in or out.
With "sudo apt-get" in a terminal window, I always see:
Ign cdrom://Ubuntu 13.04 _Raring Ringtail_ - Release amd64 (20130424) raring/main Translation-en_US
Ign cdrom://Ubuntu 13.04 _Raring Ringtail_ - Release amd64 (20130424) raring/main Translation-en
Ign cdrom://Ubuntu 13.04 _Raring Ringtail_ - Release amd64 (20130424) raring/restricted Translation-en_US
Ign cdrom://Ubuntu 13.04 _Raring Ringtail_ - Release amd64 (20130424) raring/restricted Translation-en
Err http://extras.ubuntu.com raring Release.gpg
Could not connect to extras.ubuntu.com:80 (91.189.92.152), connection timed out
Err http://archive.canonical.com raring Release.gpg
Cannot initiate the connection to archive.canonical.com:80 (2001:67c:1360:8c01::1b). - connect (101: Network is unreachable) [IP: 2001:67c:1360:8c01::1b 80]
Err http://us.archive.ubuntu.com raring Release.gpg
Cannot initiate the connection to us.archive.ubuntu.com:80 (2001:67c:1562::14). - connect (101: Network is unreachable) [IP: 2001:67c:1562::14 80]
Err http://us.archive.ubuntu.com raring-updates Release.gpg
Cannot initiate the connection to us.archive.ubuntu.com:80 (2001:67c:1562::14). - connect (101: Network is unreachable) [IP: 2001:67c:1562::14 80]
Err http://us.archive.ubuntu.com raring-backports Release.gpg
Cannot initiate the connection to us.archive.ubuntu.com:80 (2001:67c:1562::14). - connect (101: Network is unreachable) [IP: 2001:67c:1562::14 80]
59% [Connecting to security.ubuntu.com (91.189.91.14)]
Eventually, I see:
Err http://security.ubuntu.com raring-security Release.gpg
Cannot initiate the connection to security.ubuntu.com:80 (2001:67c:1360:8c01::18). - connect (101: Network is unreachable) [IP: 2001:67c:1360:8c01::18 80]
Reading package lists... Done
W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/raring/Release.gpg Cannot initiate the connection to us.archive.ubuntu.com:80 (2001:67c:1562::14). - connect (101: Network is unreachable) [IP: 2001:67c:1562::14 80]
W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/raring-updates/Release.gpg Cannot initiate the connection to us.archive.ubuntu.com:80 (2001:67c:1562::14). - connect (101: Network is unreachable) [IP: 2001:67c:1562::14 80]
W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/raring-backports/Release.gpg Cannot initiate the connection to us.archive.ubuntu.com:80 (2001:67c:1562::14). - connect (101: Network is unreachable) [IP: 2001:67c:1562::14 80]
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/raring-security/Release.gpg Cannot initiate the connection to security.ubuntu.com:80 (2001:67c:1360:8c01::18). - connect (101: Network is unreachable) [IP: 2001:67c:1360:8c01::18 80]
W: Failed to fetch http://archive.canonical.com/ubuntu/dists/raring/Release.gpg Cannot initiate the connection to archive.canonical.com:80 (2001:67c:1360:8c01::1b). - connect (101: Network is unreachable) [IP: 2001:67c:1360:8c01::1b 80]
W: Failed to fetch http://extras.ubuntu.com/ubuntu/dists/raring/Release.gpg Could not connect to extras.ubuntu.com:80 (91.189.92.152), connection timed out
W: Some index files failed to download. They have been ignored, or old ones used instead.
I'm not at all certain what I'm doing wrong.
— Update —-
I have also tried:
Acquire::http:proxy "http://user:pass@x.y.z.251:9090/"
"x.y.z" are, of course, place-holders; I doubt my employer's security people would look kindly on me posting the actual numbers. I see no difference in the packet trace — "apt-get" is still using the real IP addresses and port 80. I made a deliberate mistake in the apt.conf file and "apt-get" exited with an error, so I'm certain that it sees this configuration line for the proxy, it just doesn't seem to honor it.
I am using the "NAT" networking connection, as it is against the IT policy here to bridge between networks, and the DHCP server only provides addresses to known MAC addresses. I don't want IT security banging on my cube (again).
Best Answer
Based on my past experience, overall Ubuntu (GNOME) doesn't work very well with PAC (Automatic Config). Pac (Proxy Auto-config) is basically JavaScript logic to determine the closest or most appropriate proxy for you, I strongly recommend using the proxy servers directly (in your case Network - Network Proxy).
A few things to check
Check your /etc/apt/apt.conf
Network -Network Proxy GUI will update
/etc/apt/apt.confand set the proxy info there.Find out the proxy server info from pac
You can find the details by reading the
proxy.pacfile anyway.So the
/etc/apt/apt.confshould look like below (suppose the proxy server is => proxy.company.com port 80), do NOT use pac URL.From apt.conf man page, respond to the comment from @Braiam
Check proxy environment variables
You can check proxy settings by running the following in terminal
If you set env variables correctly, you should be should be able to update in CLI.
Prefer IPv4
I noticed
apt-getwas trying to connect to the update servers using their ipv6 address. This could cause problems (sometimes the IPV6 addresses expire or change).You can edit
/etc/gai.confand addprecedence ::ffff:0:0/96 100to prefer ipv4 over ipv6.More details