Captive Portal + Squid3 non transparent proxy
-
Hi!
I can't use squid3 with captive portal authentication.
I have squid3-deb package installed, but when I put the proxy adress in the browser, nothing happens. Or page keep on loading, or access denied, or all pages are allowed.I have a intranet and I just need the internet traffic to be directed to the proxy squid. That's why I need a non transparent proxy.
Can anyone help me? Or show any tutorial that I can do this?
Thank You
Ps: sorry for my english…
-
I have a intranet and I just need the internet traffic to be directed to the proxy squid. That's why I need a non transparent proxy.
Why do not use transparent proxy with captive portal integrated?
With no proxy configured, intranet will work fine on LAN while any site outside your network will reach captive portal and squid.
-
Hi marcello
i want to ask a simply question.
How can i use normal and interception properties together on one squid.
I want to access internet for users; lan1 interface transparent proxy and land2 interface non-transparent proxy together by squid -
If you use captive portal auth integration yes.
-
We have terminal servers on lan1 interface, one ip adress but many users. So we have to use non-transparent proxy, if we want to logs per users internet access logs.
On the other hands, we have wireless network on lan2 interface, one user for one ip adress and we dont want to force to users setup proxy setting. We have to use transparent proxy, if we want to logs per ip adress internet access logs.
Consequently, we want to log per user access internet logs but not proxy settings on Pfsense.
How can use squid+captive portal+lightsquid? -
Captive portal will auth users per ip, so I do not recomend it for terminal services.
You may configure it with two squid process, but it's not a native option of the package
If you know how squid works, you can create two squid.conf to use each situation.
The filer package will help you to keep custom squid.conf and startup scripts on xml backup.
-
Squid3-dev–->"non-transparent", Patch captive portal" checked, "authentication-captive portal"
Captive Portal--> enabled, "authentication-radius" checked"disable mac filtering"while state that,
1. if a user open explorer without proxy settings, he can access captive portal login page(of course some firewall rule added)
2. if a user open explorer with proxy settings, he cant open access captive portal and no access to internet (why?)
3. if a user open explorer without proxy settings and login captive portal (note.1), he can access internet with proxy settings explorer.Help me!!
-
The point is that you need clients to send some http traffic out of squid port to keep captive portal alive, that`s why I use transparent proxy for http.
you can add a browser http startup page to proxy exception list. This way when your clients open their browsers, captive portal will check credentials.
-
Maybe we just add redirect proxy port to portal as well. even in transparent mode some users can easily find the port of the proxy using netstat so they can bypass the portal.
-
Hi Marcelo!
I need to use non transparent proxy. If I put a transparent proxy, I will need to change my gateway to direct all traffics to PfSense. I can't do this because I have a corporative network, that I can't administrate.
I need to separate internet from intranet. The only way I can do this, is setting a proxy on browser.
Do you have another way?
I need to know how to open captive login when I put the proxy on the browser.
PS: Its set "authentication-captive portal" on squid and local user on Captive Portal. -
I need to know how to open captive login when I put the proxy on the browser.
PS: Its set "authentication-captive portal" on squid and local user on Captive Portal.Without administrative privileges to change routes, it will be hard to configure and may need a lot of hacks.
The simplest workaround could be setting squid error page to captive portal url.
But if you use squid to deny access it may get in a loop.
If you use squid just to log internet access and/or use squidguard to filter internet access, then it may work.
-
Squid3-dev–->"non-transparent", Patch captive portal" checked, "authentication-captive portal"
Captive Portal--> enabled, "authentication-radius" checked"disable mac filtering"while state that,
1. if a user open explorer without proxy settings, he can access captive portal login page(of course some firewall rule added)
2. if a user open explorer with proxy settings, he cant open access captive portal and no access to internet (why?)
3. if a user open explorer without proxy settings and login captive portal (note.1), he can access internet with proxy settings explorer.Help me!!
Hi, I'm with the same problem. But, pfsense 2.3.2-RELEASE-p1, package squid 0.4.29_1. Has anyone made work non-transparent proxy + captive portal?
–- edit
I solved the problem editing the error page (/usr/local/etc/squid/errors/.../ERR_ACCESS_DENIED) to redirect to captive portal. But the user needs to access some http page, not https, because the browser blocks https redirection.