Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive Portal Authentication on a Transparent Proxy

    Captive Portal
    2
    3
    1.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      spartasolutions
      last edited by

      The question hasn't been asked in a while, and I noticed some people were able to get the system working.

      Here's the idea:

      We have our typical barely-able-to-remember-their-username end user. Now, this user has a pfsense box set up in their house and would like to use squidguard to set up some content filtering. The thing is, they don't have half the knowledge to configure and maintain an explicit proxy. How can we use something simple, like the captive portal, to force everyone to authenticate with a user name. That user name will, of course, be tied to a specific rule list for themselves. Thereby, we get "setup free/maintenance free" user-based content filtering without all the hassle or learning curve.

      User –------> (Captive Portal) -------> (SquidGuard user-based-rules) ------->WAN

      What I've seen:

      From digging around the forum, it's been a popular idea quickly shunted by it's logical differences. A transparent proxy doesn't require authentication, but you want to filter based on authentication...what gives? However, there was as least one developer who had the system working. We're thinking just simple content filtering; no strings attached.

      Ideally, we'd work with the user names and have a system working within pfsense natively. If not, what your guys' thoughts on this:

      1. Captive Portal Login Detected
      2. Username + IP address of connected device is noted (It's available in Status --> Captive Portal so I imagine it wouldn't be hard to get)
      3. Squidguard ACL's are searched to see a corresponding list with a name equal to the user name
      4. Cleanup: If an IP address was added longer than 5 days ago, remove it
      5. IP address of the device used to login is added to the ACL, thereby enforcing any content filtering for that user
      6. Log date of the event, so it can be removed automatically (thinking about dhcp and people's IP addresses changing)

      Obviously something native is better than writing proprietary code, so I thought I'd ask and see if anyone has a working method. If this should be in proxy, let me know and I'll delete this and cross post it over there.

      1 Reply Last reply Reply Quote 0
      • Z
        zeb50
        last edited by

        If you found a solution and a [HOW-TO] with it, I will be pretty happy, I need to conserv internet logs from my guests who will use the captive portal.

        And for now I didn't find a way to do it, so yeah, my message here is to keep myself informed :)

        1 Reply Last reply Reply Quote 0
        • S
          spartasolutions
          last edited by

          Took the entire idea and moved it over to a posted bounty here: https://forum.pfsense.org/index.php?topic=122701.0

          Anyone interested or finding this thread via search, I imagine it'll be more active there

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.