PF V2.3.2, make Captive portal and Squid running both on the same host
-
hi all,
on a PFSense V2.3.2 Appliance, i have a captive portal enabled with Local Radius authentication working.
It stops working as soon as i enable squid (needed to record web connections..).
I set squid in transparent mode.Captive portal (with Local Radius Auth) is running on LAN interface
Squid settings with the following value :
Enable Squid proxy : Checked
Proxy Interfaces: LAN
Transparent Proxy Interfaces: LAN
Enable Access logging : Checked
I'll enable SSL interception with valid SSL Certificate (not self-created).
Symptom :
As soon as Squid is enabled, web traffic stay put and doesn't even display the CP auth page.
Squid disabled make it back to ok..is there any known issues or special tricks to make it working ?
thanks,
-
is there any known issues or special tricks to make it working ?
"squid" as a FreeBSD doesn't know anything about the Captive portal, a functionality build into pfSense.
When istalling squid, look more closely : it patches one or more "captive portal" related files.What happens is (as usual) : the patching breaks the captive portal.
What should be done : the Squid "pfSense" package should be adapted for the latest pfSense version.
For now : squid can be used, but not for the captive portal.See also this forum for squid support : https://forum.pfsense.org/index.php?board=60.0
(Btw : I'm not using squid, but I'm reading this forum ;))
-
thanks for your answer but sorry i don't get what i should do…
should i forget the idea to use captive portal+squid on PFSense 2.3.2 (and wait for future release?)?
or should i replace /etc/inc/captiveportal.inc file content with content available on Github as indicated in the GUI ?
![Capture d’e?cran 2016-11-23 a? 10.57.29.png](/public/imported_attachments/1/Capture d’e?cran 2016-11-23 a? 10.57.29.png)
![Capture d’e?cran 2016-11-23 a? 10.57.29.png_thumb](/public/imported_attachments/1/Capture d’e?cran 2016-11-23 a? 10.57.29.png_thumb) -
The patch was removed because it's been breaking CP plus patching other package's/core OS files is just completely wrong. And no, replacing it with a GitHub copy won't help to get the "feature" back.