@regonius:
Hi,
I've been fiddling about with this issue too with my two IOS devices.
My custom captive portal (CP) is working fine on the macbook, but still not on IOS6.
On IOS6, upon connecting to the WiFi, a hotspot login page slides up from the bottom, if safari cannot reach the site www.apple.com/library/test/success.html
The solution proposed by dhatz is to make safari believe it can reach above site by redirecting to a local file providing the same response.
You can achieve the same result by adding "www.apple.com" to the allowed hostnames under Services > Captive Portal, Allowed Hostnames tab, field Hostname.
However, if the hotspot login page does not pop up anymore, you will need to authenticate with Safari. If you open e.g. App Store before authenticating,
an error message will be shown "Cannot connect to iTunes Store".
Coming back to your question about how to do an internal redirect:
Connect to your pfSense box via SSH (instructions on how to set up SSH see here: http://doc.pfsense.org/index.php/HOWTO_enable_SSH_access
Modify the system.inc file and add an additional rule.
The filesystem is mounted as read-only, so we have to remount it as read-write. See http://doc.pfsense.org/index.php/Remount_embedded_filesystem_as_read-write
/etc/rc.conf_mount_rw
cd /etc/inc
vi system.inc
Enable line numbers in vi (:set nu)
Line 741 contains the following: $captive_portal_rewrite = "url.rewrite-once = ( "(.captiveportal.)" => "$1", "(.*)" => "/index.php?redirurl=$1" )\n";
There are two rules, separated by comma: ("<regex>" => "<relative-uri>")
It basically means: If the webserver receives a request which matches the regular expression => redirect to the new target.
For a description on what url.rewrite-once does, see the Lighttps wiki under http://redmine.lighttpd.net/projects/1/wiki/Docs_ModRewrite
We now want to store locally what ever we would get under www.apple.com/library/test/success.html. dhatz is proposing to store it as a file
named "apple-success.html". Name it to your liking, but it should contain the following: <title>Success</title>Success, and the new rewrite rule must match the filename.
We can upload the file via WebGUI, Services > Captive Portal, File Manager tab.
pfSense will rename the file automatically to "captiveportal-apple-success.html", store it in /var/db/cpelements/ and create a symlink with the same name in /usr/local/captiveportal/
Now let's add our new redirect rule as the first of the three, so that it reads as follows:
$captive_portal_rewrite = "url.rewrite-once = ( "^/library/test/success.html$" => "/captiveportal-apple-success.html", "(.captiveportal.)" => "$1", "(.*)" => "/index.php?redirurl=$1" )\n";
Save the file and exit vi with ":x", remount the filesystem as readonly (/etc/rc.conf_mount_ro) and exit ssh.
pfSense will now trick the IOS6 devices and pretend to have an internet connection. There will be no hotspot login page, unless you misspelled the rule or the filename, then the hotspot login page will still slide up from the bottom, but show a "404 - Not Found" error.
Hope that helps
Best regards
regonius</relative-uri></regex>
Hi,
thank you for your most detailed explanation, it was most helpful.
I followed your steps, tested both the internal redirect and the walled garden approach, both solutions work perfectly as they should. I'm aware of the limitation you mentioned; opening any other application than Safari (e.g. the App store, that you mentioned), that requires Internet access, results in errors when attempting to connect.
I added apple.com to Captive's Allowed hostnames in the first place, which didn't work; I didn't know that I should add www.apple.com instead.
Thank you very much for your kind help,
best regards,
elektroljub
