Captive Portal Reports

mendilli

you should install squid3-dev package for pfsense 2.1.5, I dont know package name for pfsense 2.2

doktornotor

You should not install any proxy at all. You will just break the CP. @mendilli:

you should check the captive portal option in squid authentication tab, (thanks to marcelloc)

Yeah, that breaks CP files nicely…

https://forum.pfsense.org/index.php?topic=91435.0
https://redmine.pfsense.org/issues/4583

::) ::) ::)

mendilli

sorry for missunderstanding but I am not talking about the ''patch captive portal'' option it is not working at all, I  am talking about the captive portal option in  squid authentication tab which makes captive portal usernames available in access.log,

As to transparent proxy authentication problem, you can disable it and use wpad instead

periko

doktornotor, pfsense have the option to use squid with cp, I have try that option and works.

People need sw with features, this a useful feature for me, this take advantage of a proxy in a wireless environment.

This is the 2nd time I see u saying 'stop braking cp with a proxy'.

A lot of WISP love this and if u have a product with features built in is a good chance a lot people here will get $$$ if they know how to setup pfsense and will return supporting the product, cp with a proxy on it love it.

Save bandwidth is what they want.

Is my point of view of pfsense, have a great day!!!

jabo53

@mendilli:

lightsquid uses squid access.log, to see user id in lightsquid you should check the captive portal option in squid authentication tab, (thanks to marcelloc)

All I wanted to do was:
1. to install a simple firewall where users had to log in to gain access to the internet
2.  be able to get user reports. 
Didn't seem like to much I thought.  Didn't think that it would be like rocket science or that I would need a degree in computer science. Go figure.

I did install squid3 but if I enable the captive portal option in auth 3 things happen:
1. I can not use transparent mode, which is OK
2. The squid service will not stay started it stops almost immediately
3. If squid does start it does not log anything in non transparent mode

I can get user reports if I do the following:
1. enable captive portal using local for auth or no auth
2. in proxy config enable local for authentication and add users AGAIN in the proxy area
3. set up proxy on individual machines - makes no sense and nearly impossible in a BYOD world

Guess I am just going to have to settle for IP reports till I can find a better option or system

jabo53

@mendilli:

sorry for missunderstanding but I am not talking about the ''patch captive portal'' option it is not working at all, I  am talking about the captive portal option in  squid authentication tab which makes captive portal usernames available in access.log,

As to transparent proxy authentication problem, you can disable it and use wpad instead

I installed the newer sqid3 dev package and I understood what you meant but that doesn't work.  If I enable the captive portal auth option sqid3 dev will not stay running and without transparent proxy sqid3 dev logs nothing

Thanks
Jabo

mendilli

@jabo53:

I installed the newer sqid3 dev package and I understood what you meant but that doesn't work.  If I enable the captive portal auth option sqid3 dev will not stay running and without transparent proxy sqid3 dev logs nothing

Thanks
Jabo

on pfsense 2.1.5-amd64  I am using squid3-dev with captiveportal authentication  flawlessly

jabo53

@mendilli:

@jabo53:

I installed the newer sqid3 dev package and I understood what you meant but that doesn't work.  If I enable the captive portal auth option sqid3 dev will not stay running and without transparent proxy sqid3 dev logs nothing.

Thanks
Jabo

on pfsense 2.1.5-amd64  I am using squid3-dev with captiveportal authentication  flawlessly

It certainly could be something in my configuration. I'm no BSD genius that is for sure.  But I did follow the directions from pfsense docs and most everything is working great.  A little issues with sarg reports but I got a workaround for that.  It's probably some kind of combination of configuration between captive portal and proxy server.  Earlier you mentioned I could use "WPAD" as authentication.  I did not see that as an option anywhere.
I can live with this but getting actual user ID reports would be a really great thing.

Thanks
Jabo

mendilli

check this link for wpad

https://doc.pfsense.org/index.php/WPAD_Autoconfigure_for_Squid

mendilli

unfortinately squid and captive portal does not like each other, when a client configured to use proxy (via wpad or manual browser configuration) captive portal is bypassed, to prevent this ,as far as I know, you should block direct access to squid port(ı am not sure maybe port 80)

jabo53

on pfsense 2.1.5-amd64  I am using squid3-dev with captiveportal authentication  flawlessly

Apparently you are the one in a million  8)