Snort and captive portal
-
I have a computer that acts as captive portal server using linux firewall and arp for mac and ip binding, and its uses own dhcp server and lease to its lan ne twork. This portal server uses the pfsense server as the dns provider. This portal server is connected to the pfsense firewall for internet connectivity.
The configuration is as follows:
pfsense lan ip 192.168.1.1 and lan network is 192.168.1.1/24
portal ip is 192.168.1.10 and lan network is 20.0.0.1/24Pfsense server is blocking vpn traffic using snort on lan network 192.168.1.1/24 however some of my users reported that even if they are not allowed to have internet access on the portal network but they are able to have internet connectivity using vpn. On the other hand, I verified that pfsense is blocking vpn traffic on the pfsense lan network but not on the captive portal lan network.
Supposedly, if snort is blocking vpn traffic on my pfsense lan network, captive portal which is getting internet access on pfsense lan network should have been blocked also.
I don't want to confirm it from the user because the information may spread and they might use vpn to bypass the captive portal.
Any ideas why they can have internet access on the captive portal using vpn ?
PS: I dont use pfsense captive portal as it automatically gets and registers the users mac and ip address and a simple approach for our office.
-
PS: I dont use pfsense captive portal
You might want to fix the totally misleading subject, plus move this to some Linux forum.