CP/pfSense behind another firewall with proxy
-
Hello,
we're facing a problem with our pfSense setup for our students at school. We're trying to secure the students wifi with a captive portal. Therefore we use a router with a proxy for content filtering.
This is our setup:
Internet <–--> Router with firewall and proxy <---> pfSense WAN -- <pfsense>--pfSense student interface <---> (mobile) clients (iOS, Android, Windows/Mac OS)
10.10.11.1/24 10.10.11.2 DHCP 172.20.0.0/22 DHCP via pfSense
proxy port: 800 DNS-Resolver
CPNAT Portforwarding enabled on WAN interface for students "NET" --- TCP/UDP "any" IP and "any" port to 10.10.11.1:800
The proxy is manually set on every device (iOS, Android, ...) We use an non-transparent proxy without authentification
iOS: If i connect to the network i get an IP, DNS ... everything looks fine. CP opens, I enter the voucher code and press "Continue" for access. But nothing happens. If I check the status on the cp interface, the client is listed as authenticated. There is no redirection to the url specified in cp settings, neither a "success" from the captive.apple.com
I've found a workaround: Connect to wifi without proxy settings. CP appears, enter login credentials, press "continue", press "Cancel" on captive portal browser (device is listed as athenticated in pfsense)-- "Forget network" -- connect to wifi -- enter proxy settings -- happy internet browsing via proxy ... -.-
If i do the workaround the device is shown in the firewall and the proxy of the router.Android: I connect to the wifi, get an IP, DNS settings, everything looks good. On some devices i get an cp, on some devices I don't get a cp ...-.-
I hope you can help us!
Thank you
BGS</pfsense>