Captive Portal Login URL
-
For many years (10 or so ?) now.
I wanted to use the https access so there was no 192.168.2.1 (my portal interface) showing in the URL. https access isn't really needed as there is not really any secret information transmitted over Wifi, the login credentials are shown in the rooms of the hotel.
But, as a 'public' portal of a hotel can't use any SSID encryption, like AES or WEP, it has to be open for easy client use, I shifted to https.I'm not using "hostname.com" as I do not own (== rent) this domain name.
I rented my own domain name with the commercials brand in it, like "my-hotel-in-my-town.net". I picked a registrar that supports some API so I could use the acme.sh pfSense package to handle the certificate details.Now, my clients see "portal.my-hotel-in-my-town.net" when using the captive portal, but ..... who cares, as people don't look at URLs any more anyway.
It works flawlessly.@ahmetakkaya said in Captive Portal Login URL:
http://aaa.hostname.com:8002/index.php?zone=xxxx
People don't see / deal with / have to type in that URL.
All phone, pads and other devices are portal minded these days. -
This post is deleted! -
I made the login screen come up with https and aaa.hostname.com.
but on some devices
Your Connection Is Not Private
I'm getting the warning
how can i solve
-
@ahmetakkaya said in Captive Portal Login URL:
I'm getting the warning
Your Connection Is Not Private
how can i solveWhat device gave that warning ?
You you can't really solve this.
Is your SSID protected with a WPA3 encryption ? (and password) : probably not. So, a captive portal is always considered as a less secure network (like : OMG : everything goes in clear over the air).
But, don't worry, nearly all traffic is https (TLS) protected these days.
Most people will also, after connecting to a captive portal, use a VPN.Or maybe the device is complaining about 'DNS' is open.
-
-
@ahmetakkaya said in Captive Portal Login URL:
Your Connection Is Not Private
That's not a message from pfSense. It's a message shown on your device.
You know that no one on this forum works for Apple, Samsung etc. So why should I know what that message means ?Don't take me wrong : what about 'thinking' a bit before asking a question ??
I don't know what your device means with that message, but, "as they are all the same" it probably means something about the Wifi.
Are you using a Wifi network with a password ?
if it is WPA3 encrypted, god, but then the portal users have also to type in the wifi password first. As said before, that's not needed /wanted on a public network.We both also now that most traffic is TLS (https) encrypted these days.
This means : no one on planet earth can decrypt that. That includes the 3 letter agencies. So who cares that your Wifi network is not encrypted ?!
Most professional portal users even use a VPN as soon as they are connected to a public portal, so now everything is encrypted twice.
True : DNS traffic is visible ....Btw : my iPhone X IOS15.x says : "Not a secured network". It's just a message - not a show stopper. I'm not going to use "WPA3 encrypted" on my captive portal network. Older people won't be able to type that 28 letter password : My public captive portal wouldn't get used any more as it is to much a of hassle.
-
no ssid password only captive portal login available
I think the devices giving error can't get the ssl certificate
I don't know why this is
-
@ahmetakkaya said in Captive Portal Login URL:
I think the devices giving error can't get the ssl certificate
Can't get ? Can't trust ?
How did you set up the https portal access ?
Possible that you state more details ?Your portal works well for :
Apple device ?
Microsoft devices ?
Other brand devices ? -
SystemGeneral Setup
Hostname:aaa
Domain:domain.comDNS Resolver
Host Overridesaaa domain.com pfsenseip
Captive PortalHTTPS Options
HTTPS server name: aaa.domain.com
SSL/TLS Certificate: domain.com (a valid certificate)no problem on windows operating systems
I'm having problems with mobile devices especially android systems
-
Will testing, always use a pass all (TCP, UDP, ICMP etc) on your captive portal interface.
And to make live easy on you, use a dedicated captive portal interface, not the LAN interface.
By nature,your LAN is a trusted interface, and your captive portal is not, as it will accept device that you do not trust (otherwise you wouldn't use the captive portal in the first place).The principal captive portal issues are listed here : Troubleshooting Captive Portal
and you'll see that most issues are ..... (of course) : DNS.
For example : if a devices uses DoH or DoT (using port 835), it's game over right away.
-
@ahmetakkaya said in [Captive Portal Login URL]
https://aaa.hostname.com:8003/index.php?zone=xxxx
8003 I want to access the port from outside, so is it possible to access the portal page?
-
@ahmetakkaya said in Captive Portal Login URL:
8003 I want to access the port from outside
What is outside ?
The portal works form the captive portal interface. -
aaa.hostname.com Can I access the portal page by forwarding the address to port 8003?
-
You want to use the portal access from 'somewhere' on the Internet ?
I never saw a setup like that.The captive portal is designed to give a devices on a local network acess to the Internet, and other selected resources.
Devices that are already on the Internet don't need access t the Internet, they already have it.If you want to access local resources from the outside, use a VPN.