Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive Portal Login URL

    Scheduled Pinned Locked Moved Captive Portal
    26 Posts 3 Posters 4.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • GertjanG
      Gertjan @ahmetakkaya
      last edited by

      @ahmetakkaya

      If the login URL looks like

      http://aaa.hostname.com:8002/index.php?zone=xxxx
      

      there is no IP.

      Force the login to use "https".
      You'll be needing a certificate that contain the host name - as that is what https is all about.
      Browser redirect will get redirected to the host name, not the IP.

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      ahmetakkayaA 1 Reply Last reply Reply Quote 0
      • ahmetakkayaA
        ahmetakkaya @Gertjan
        last edited by

        @gertjan

        I have ssl certificate as https
        I tried my login page with domain name
        but i had ssl problem on phones, login page did not come on some outdated phones
        Can't bring login page with domain name as http ?

        1 Reply Last reply Reply Quote 0
        • ahmetakkayaA
          ahmetakkaya
          last edited by

          help me.

          V ahmetakkayaA 2 Replies Last reply Reply Quote 0
          • V
            viragomann @ahmetakkaya
            last edited by

            @ahmetakkaya
            What's the problem now?
            I don't see any need to use https.

            1 Reply Last reply Reply Quote 0
            • ahmetakkayaA
              ahmetakkaya @ahmetakkaya
              last edited by

              @viragomann

              the purpose is not https

              my purpose

              http://aaa.hostname.com:8002/index.php?zone=xxxx

              having an opening url of the shape

              GertjanG 1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan @ahmetakkaya
                last edited by

                @ahmetakkaya

                Not supported out of the box.
                But it seems to be possible 😊

                Check what you have on line 41 (?) from this file : /var.etc/nginx-xxxxxx-CaptivePortal.conf
                I see :

                		if ($http_host ~* aaaa.hostname.com) {
                

                Now, open /etc/inc/captiveportal.inc - find the empty line 1800 :

                3fee5a9a-80b9-4915-8192-1d59ab5c7987-image.png

                add this at that position :

                $ourhostname="aaaa.hostname.com";
                

                I've tested it : no more "192.168.2.1", is saw aaaa.hostname.com in the login page URL

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                1 Reply Last reply Reply Quote 0
                • ahmetakkayaA
                  ahmetakkaya
                  last edited by

                  /var.etc/nginx-xxxxxx-CaptivePortal.conf

                  1. in this way

                  Ekran Alıntısı.JPG

                  GertjanG 1 Reply Last reply Reply Quote 0
                  • GertjanG
                    Gertjan @ahmetakkaya
                    last edited by Gertjan

                    @ahmetakkaya

                    Your nginx config file is not the same as mine.
                    You've forgot an important thing : you want to use a host name "aaaa.hostname.com" instead of an IP 10.10.200.1 address, right ?

                    In that case : add a host override on the unbound resolver , at the bottom :

                    be2d8a18-dcaf-4a77-b531-23e5522475ab-image.png

                    Now, your DNS is aware that aaaa.hostname.com is 10.10.200.1 and vis versa.
                    Add this on the resolver page, save, apply.
                    Open portal settings, and save also.

                    Now, have a look again at the have a look again at the file
                    /var/etc/nginx-xxxxxx-CaptivePortal.conf

                    You should see this :

                    2ce6e741-ce69-4cde-8f7d-bd6fd2bb9d33-image.png

                    No "help me" PM's please. Use the forum, the community will thank you.
                    Edit : and where are the logs ??

                    ahmetakkayaA 1 Reply Last reply Reply Quote 0
                    • ahmetakkayaA
                      ahmetakkaya @Gertjan
                      last edited by

                      @gertjan

                      Services-DNS Resolver-General Settings:
                      

                      1.JPG

                      there was no change

                      2.JPG

                      GertjanG 1 Reply Last reply Reply Quote 0
                      • GertjanG
                        Gertjan @ahmetakkaya
                        last edited by Gertjan

                        @ahmetakkaya

                        Sorry.
                        I've checked how the nginx config file is generated.
                        This part :
                        318a4872-2efd-4480-8900-7b671e15ea1f-image.png

                        only gets added when https mode is active.

                        See /etc/inc/system.inc, around line 1340 (look for cp_redirect)

                        So, still possible, but more needs to be modified to get it working.

                        Are you sure you can't afford a free certificate from Letsencrypt, and call it a day ? I'm using https captive portal for years now, it's a real set it and forget in thing.
                        In a close future, browsers will refuse plain 'http' usage anyway.

                        edit : maybe you can abuse the presence of a bug .... 😢

                        Whe I switched from https to http login, portal settings are not cleaned up :

                        I still had, in the portal config, this :

                        6fc18992-3140-4541-8764-162167f0a1ee-image.png

                        Or, https mode was disabled.
                        Look under <captiveportal><cpzonex> ...... there you find all the portal instance settings.

                        So : set https mode ones with the correct <httpsname> .... </httpsname>

                        c1fa1a94-8445-46e0-ab85-f104ccd5f7b9-image.png

                        and select whatever (non valid probably) certificate.
                        Then switch back to http mode.

                        <httpsname>aaaa.hostname.com</httpsname>
                        

                        will still be present and set.

                        This is, IMHO, a bug.

                        No "help me" PM's please. Use the forum, the community will thank you.
                        Edit : and where are the logs ??

                        ahmetakkayaA 1 Reply Last reply Reply Quote 0
                        • ahmetakkayaA
                          ahmetakkaya @Gertjan
                          last edited by

                          @gertjan

                          thanks for support

                          do you have a working example in your build

                          http://aaa.hostname.com:8002/index.php?zone=xxxx

                          GertjanG 1 Reply Last reply Reply Quote 0
                          • GertjanG
                            Gertjan @ahmetakkaya
                            last edited by Gertjan

                            @ahmetakkaya

                            For many years (10 or so ?) now.

                            I wanted to use the https access so there was no 192.168.2.1 (my portal interface) showing in the URL. https access isn't really needed as there is not really any secret information transmitted over Wifi, the login credentials are shown in the rooms of the hotel.
                            But, as a 'public' portal of a hotel can't use any SSID encryption, like AES or WEP, it has to be open for easy client use, I shifted to https.

                            I'm not using "hostname.com" as I do not own (== rent) this domain name.
                            I rented my own domain name with the commercials brand in it, like "my-hotel-in-my-town.net". I picked a registrar that supports some API so I could use the acme.sh pfSense package to handle the certificate details.

                            Now, my clients see "portal.my-hotel-in-my-town.net" when using the captive portal, but ..... who cares, as people don't look at URLs any more anyway.
                            It works flawlessly.

                            @ahmetakkaya said in Captive Portal Login URL:

                            http://aaa.hostname.com:8002/index.php?zone=xxxx

                            People don't see / deal with / have to type in that URL.
                            All phone, pads and other devices are portal minded these days.

                            No "help me" PM's please. Use the forum, the community will thank you.
                            Edit : and where are the logs ??

                            ahmetakkayaA 1 Reply Last reply Reply Quote 0
                            • ahmetakkayaA
                              ahmetakkaya @Gertjan
                              last edited by

                              This post is deleted!
                              1 Reply Last reply Reply Quote 0
                              • ahmetakkayaA
                                ahmetakkaya
                                last edited by ahmetakkaya

                                I made the login screen come up with https and aaa.hostname.com.

                                but on some devices

                                Your Connection Is Not Private

                                I'm getting the warning

                                how can i solve

                                GertjanG 1 Reply Last reply Reply Quote 0
                                • GertjanG
                                  Gertjan @ahmetakkaya
                                  last edited by

                                  @ahmetakkaya said in Captive Portal Login URL:

                                  I'm getting the warning
                                  Your Connection Is Not Private
                                  how can i solve

                                  What device gave that warning ?

                                  You you can't really solve this.

                                  Is your SSID protected with a WPA3 encryption ? (and password) : probably not. So, a captive portal is always considered as a less secure network (like : OMG : everything goes in clear over the air).
                                  But, don't worry, nearly all traffic is https (TLS) protected these days.
                                  Most people will also, after connecting to a captive portal, use a VPN.

                                  Or maybe the device is complaining about 'DNS' is open.

                                  No "help me" PM's please. Use the forum, the community will thank you.
                                  Edit : and where are the logs ??

                                  ahmetakkayaA 1 Reply Last reply Reply Quote 0
                                  • ahmetakkayaA
                                    ahmetakkaya @Gertjan
                                    last edited by

                                    @gertjan

                                    I have no problems with ios devices.

                                    but in general i got this error on android devices

                                    1 Reply Last reply Reply Quote 0
                                    • GertjanG
                                      Gertjan
                                      last edited by

                                      @ahmetakkaya said in Captive Portal Login URL:

                                      Your Connection Is Not Private

                                      That's not a message from pfSense. It's a message shown on your device.
                                      You know that no one on this forum works for Apple, Samsung etc. So why should I know what that message means ? 😊

                                      Don't take me wrong : what about 'thinking' a bit before asking a question ?? 😊 😊

                                      I don't know what your device means with that message, but, "as they are all the same" it probably means something about the Wifi.
                                      Are you using a Wifi network with a password ?
                                      if it is WPA3 encrypted, god, but then the portal users have also to type in the wifi password first. As said before, that's not needed /wanted on a public network.

                                      We both also now that most traffic is TLS (https) encrypted these days.
                                      This means : no one on planet earth can decrypt that. That includes the 3 letter agencies. So who cares that your Wifi network is not encrypted ?!
                                      Most professional portal users even use a VPN as soon as they are connected to a public portal, so now everything is encrypted twice.
                                      True : DNS traffic is visible ....

                                      Btw : my iPhone X IOS15.x says : "Not a secured network". It's just a message - not a show stopper. I'm not going to use "WPA3 encrypted" on my captive portal network. Older people won't be able to type that 28 letter password : My public captive portal wouldn't get used any more as it is to much a of hassle.

                                      No "help me" PM's please. Use the forum, the community will thank you.
                                      Edit : and where are the logs ??

                                      ahmetakkayaA 1 Reply Last reply Reply Quote 0
                                      • ahmetakkayaA
                                        ahmetakkaya @Gertjan
                                        last edited by

                                        @gertjan

                                        no ssid password only captive portal login available

                                        I think the devices giving error can't get the ssl certificate

                                        I don't know why this is

                                        GertjanG 1 Reply Last reply Reply Quote 0
                                        • GertjanG
                                          Gertjan @ahmetakkaya
                                          last edited by

                                          @ahmetakkaya said in Captive Portal Login URL:

                                          I think the devices giving error can't get the ssl certificate

                                          Can't get ? Can't trust ?
                                          How did you set up the https portal access ?
                                          Possible that you state more details ?

                                          Your portal works well for :
                                          Apple device ?
                                          Microsoft devices ?
                                          Other brand devices ?

                                          No "help me" PM's please. Use the forum, the community will thank you.
                                          Edit : and where are the logs ??

                                          ahmetakkayaA 1 Reply Last reply Reply Quote 0
                                          • ahmetakkayaA
                                            ahmetakkaya @Gertjan
                                            last edited by

                                            @gertjan

                                            SystemGeneral Setup
                                            Hostname:aaa
                                            Domain:domain.com

                                            DNS Resolver
                                            Host Overrides

                                            aaa domain.com pfsenseip

                                            Captive PortalHTTPS Options
                                            HTTPS server name: aaa.domain.com
                                            SSL/TLS Certificate: domain.com (a valid certificate)

                                            no problem on windows operating systems

                                            I'm having problems with mobile devices especially android systems

                                            GertjanG 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.