@ricardocasagrande said in Captive Portal + freeradius + LightSquid:
so, maybe you have a better solution for my problem.
Normally, there is the concept of being responsible for what is done with your Internet connection.
So when I set up a captive portal for a hotel somewhere in 2006 using m0n0wall, pfSense was forked from it, I was looking for securing what portal clients could access.
Today, I'm using pfBlockerng to block the most obvious host names (DNSBL) and if I suspect something, I can route all portal traffic over a VPN connection.
Never had any issues with my ISP, knowing that I know they are looking, as I saw the warnings they send out when they detect something : a couple of my friends / neighbors were 'caught' while streaming and or sharing "Disney content".
The real streamer / downloader uses a VPN anyway. Or is just to scared to connect to a network he doesn't know/trust.
And, IMHO, all this has nothing to do with pfSense.
If you want to use a proxy so you can analyze content, you need to know :
What the "Internet" actually is, down to the packet.
You need to know how proxies are set up and maintained.
You need to have a good list with rules so you can actually detect something.
You have to stay on to it permanently, as handling false positives will happen all the time.
More and more sites just can't be proxied anyway.
I've decided already a long time ago : it's not worth it.
I already host my own web servers on my own dedicated Debian 12 dedicated server, a "big iron" device. I'm doing my own DNS domain name zone hosting using bind. When that was running, I've added DNSSEC everywhere, added my own postfix mail server for all my domains, fully compliant with all the modern mail constraints. No GUI what so ever to maintain all this, everything is set up the old way.
All this to say : I've started to know what 'Internet' is, and I know also I still don't know enough.