Captive portal URL/IP
-
Yes, you can.
I never call my pfSense box "192.168.1.1" but by the name I gave it = "pfsense".
I guess that System => General setup => Hostname is a valid DNS name for your box.
I advise you to set (activate) this option:
Allow DNS server list to be overridden by DHCP/PPP on WAN
on the same page.
This way, pfSense will use your WAN DNS (from your internet supplier) and the pfSense clients will be assignd the pfSEnse box as the DNS server.You can add more names here: Services => DNS forwarder at the bottom of th page.
My portal 'host' is called: portal
The domain name I chosed: mycompanie.net
IP: 192.168.2.1 (because I'm running the portal on a dedicated interface, OPT1.When my clients login (I'm using https with a valid certificate), they see: portal.mycompanie.net, not the IP.
-
Yes, you can.
I never call my pfSense box "192.168.1.1" but by the name I gave it = "pfsense".
I guess that System => General setup => Hostname is a valid DNS name for your box.
I advise you to set (activate) this option:
Allow DNS server list to be overridden by DHCP/PPP on WAN
on the same page.
This way, pfSense will use your WAN DNS (from your internet supplier) and the pfSense clients will be assignd the pfSEnse box as the DNS server.You can add more names here: Services => DNS forwarder at the bottom of th page.
My portal 'host' is called: portal
The domain name I chosed: mycompanie.net
IP: 192.168.2.1 (because I'm running the portal on a dedicated interface, OPT1.When my clients login (I'm using https with a valid certificate), they see: portal.mycompanie.net, not the IP.
done the hostname domain and IP
In DNS forwarder, it is enabled … but there's a lot of options to CHECK .. what should I checked?
-
The most logic one:
Enable DNS forwarderThese are also normal:
Register DHCP leases in DNS forwarder
Register DHCP static mappings in DNS forwarderAnd this one:
Do not forward private reverse lookupsI didn't check any others.
-
System: General Setup
hostname: pfsenserouter
Domain : ccs.edu.localnetwork (my FQDN)
DNS Servers: 192.168.200.5 (my Domain IP)
Allow DNS server list to be overridden by DHCP/PPP on WAN CHECKED.
.
Services: DNS forwarderEnable DNS forwarder
Register DHCP leases in DNS forwarder
Register DHCP static mappings in DNS forwarder
Do not forward private reverse lookupsInterfaces : ALL
I can still see IP in my portal.. what else is missing?
-
form method="post" action="http://192.168.200.1:8000/" –---->>>> This one..thats what showing in my portal url
"http://www.google.com"> –------->>> I set this up<center>
|
|
</center>
-
DNS Servers: 192.168.200.5 (my Domain IP)
form method="post" action="http://192.168.200.1:8000/" –---->>>> This one..thats what showing in my portal url
So, your portal server (pfsense) isn't your DNS server ?
Btw: stop looking for a solution ;)
I switched to NON-https portal login, and it showed the IP of the portal interface: http://192.168.2.1/index.php…...... not the host name.
/etc/inc/captiveportal.inc: (in function portal_reply_page())
$htmltext = str_replace("\$PORTAL_ACTION\$", "{$protocol}{$ourhostname}/", $htmltext); ```and $ourhostname is being set just before:
$ourhostname = portal_hostname_from_client_ip($clientip);
Now, have a look at function portal_hostname_from_client_ip(). The IP of the portal interface is returned, not the name.
-
So, your portal server (pfsense) isn't your DNS server ?
Btw: stop looking for a solution ;)
my portal is 192.168.200.1… my DNS server which is my DomainController is 192.168.200.5
STOP looking for a solution?? why?? there's no solution for this??
base on your reply...what I understand is it's not possible if I use non-https portal login..so I have to stop looking for a solution .. RIGHT???
but it is possible if I'll use https portal login. RIGHT??
.
.so how to have a HTTPS portal log-in then?? what do I need to do?
-
my portal is 192.168.200.1… my DNS server which is my DomainController is 192.168.200.5
STOP looking for a solution?? why?? there's no solution for this??
base on your reply...what I understand is it's not possible if I use non-https portal login..so I have to stop looking for a solution .. RIGHT???
but it is possible if I'll use https portal login. RIGHT??Well, sorry, no. I meant: the IP is hard coded in the captive portal code.
No possibility with a 'setting' to change that.When the portal page is non-https, then the IP of the gateway of the portal is returned.
Of course, your browser will do the DNS tric if it is a fully qualified DNS name like http://portal/ but the navigator will not reverse the process when an IP is send back. An IP is what the navigator wants.There is a solution - and you don't need to look for. You need to code it :)
.
@lynx:so how to have a HTTPS portal log-in then?? what do I need to do?
That's what I did.
I got a free Certificate from startssl.com, implemented it and portal user don't see the IP anymore. -
see here:
https://forum.pfsense.org/index.php?topic=53846.msg312507 -
see here:
https://forum.pfsense.org/index.php?topic=53846.msg312507Yep, saw it.
The code you mentioned ( 31-01-2013, 09:42:23 )
if (isset($config['captiveportal']['httpslogin'])) $ourhostname = $config['captiveportal']['httpsname'] . ":8001"; else { if (isset($config['captiveportal']['httpsname'] )){ $ourhostname = $config['captiveportal']['httpsname'] . ":8000"; } else { $ifip = portal_ip_from_client_ip($clientip); if (!$ifip) $ourhostname = $config['system']['hostname'] . ":8000"; else $ourhostname = "{$ifip}:8000"; } }
Knowing that portal_ip_from_client_ip($clientip) always return the IP of the portal interface (a portal client without its gateway, that would be a curious situation ….) so this gets executed:
$ourhostname = "{$ifip}:8000";
$ifip is our 'not wanted' IP (normally OPTx) IP.
I propose :
Serach```
$ourhostname = (is_ipaddrv6($ifip)) ? "[{$ifip}]" : "{$ifip}";change for this
$ourhostname = (is_ipaddrv6($ifip)) ? "[{$ifip}]" : $cpcfg['httpsname'];
In /etc/inc/captiveportal.inc "Works for me" ™ ;)
-
my plan is to use $config['captiveportal']['httpsname'] that is "HTTPS server name" in web gui to configure what clients see in the address bar even if we are not using https.
portal_ip_from_client_ip($clientip) is not called at all.
-
my plan is to use $config['captiveportal']['httpsname'] …...
this should be the same as
$cpcfg = $config['captiveportal'][$cpzone]['httpsname']
(see function portal_hostname_from_client_ip($cliip) in /etc/inc/captiveportal.inc - pfSense 2.1.3)
@lsense:that is "HTTPS server name" in web gui to configure what clients see in the address bar even if we are not using https.
Well, this is where I need to explain:
"Works for me"
$cpcfg['httpsname'] is only set when you activate (ones) the "activate https authentication on the captive portal settings page.
This will be done if you put in valid certificates …
Not very difficult, its explaine here: https://forum.pfsense.org/index.php?board=2.0 The very first subject PFsense 2.1 MultiCP and https with Windows Radius Guide.
As soon as "https" is setup and valid, de-activate it.
The tric is: the $cpcfg['httpsname'] will be grayed out, but remains set and valid (so, you can use it as I did above ;)).
Exemple:
My domaine is
brit-hotel-fumel.net (to be set on the General setup page).
The portal 'host' = 'portal' (IP 192.168.2.1, as set on the DNS Forwarder page)
So, my 'httpsname' will be portal.brit-hotel-fumel.netWhen people connect to my Wifi network they will get an IP (they don't connect yet).
They can ping at that very moment alreay portal.brit-hotel-fumel.net - this MUST give back a reply.
This means the host name is resolved.
This means that host name can be used instead of 192.168.2.1
And that's what the subject is all about.portal_ip_from_client_ip($clientip) is not called at all.
For me, this is correct, because I'm using https login.
For non-https login, this function will be called:
(see function portal_hostname_from_client_ip($cliip) in /etc/inc/captiveportal.inc - pfSense 2.1.3)