Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Snort and captive portal

    IDS/IPS
    2
    2
    460
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      genesislubrigas last edited by

      I have a computer that acts as captive portal server using linux firewall and arp for mac and ip binding, and its uses own dhcp server and lease to its lan ne twork. This portal server uses the pfsense server as the dns provider.  This portal server is connected to the pfsense firewall for internet connectivity.

      The configuration is as follows:

      pfsense lan ip 192.168.1.1 and lan network is 192.168.1.1/24
      portal ip is 192.168.1.10 and lan network is 20.0.0.1/24

      Pfsense server is blocking vpn traffic using snort on lan network 192.168.1.1/24 however some of my users reported that even if they are not allowed to have internet access on the portal network but they are able to have internet connectivity using vpn.  On the other hand, I verified that pfsense is blocking vpn traffic on the pfsense lan network but not on the captive portal lan network.

      Supposedly, if snort is blocking vpn traffic on my pfsense lan network, captive portal which is getting internet access on pfsense lan network should have been blocked also.

      I don't want to confirm it from the user because the information may spread and they might use vpn to bypass the captive portal.

      Any ideas why they can have internet access on the captive portal using vpn ?

      PS:  I dont use pfsense captive portal as it automatically gets and registers the users mac and ip address and a simple approach for our office.

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned last edited by

        @genesislubrigas:

        PS:  I dont use pfsense captive portal

        You might want to fix the totally misleading subject, plus move this to some Linux forum.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post