PfSense 2.3.4 Captive Portal TCP Handshake IP dominating cURL custom IP



  • Working on a external captive portal page.

    I uploaded a page on my pfsense machine (captive portal), which redirects on my custom server-page for authentication.

    My purpose is to authenticate on captive portal via my own external server page.

    Redirection Page (which uploaded to pfsense)

    
    <form action="http://192.168.1.2" method="post" id="redirectform">
    
        Javascript is disabled, click to 
    </form>
    
    

    My Customized Page

    Here's the thing: I need to authenticate client on captive portal by a cURL script, because normally that form needs to be uploaded as an html or php file onto pfsense machine. For customization and library usage purposes (FreeBSD doesn't support many software libraries and packages) I'm putting effort to authenticate users to pfSense Captive Portal ON my external server.

    Pfsense cURL Authentication Controller (my external server-side)

       $ch = curl_init( $url );
       curl_setopt( $ch, CURLOPT_POST, true);
       curl_setopt( $ch, CURLOPT_POSTFIELDS, $data);
       $exec = curl_exec( $ch );
       curl_close ($ch);
    ?>
    

    This one is working quite good too. Now here's the problem:

    PfSense Captive Portal IP: 192.168.1.1
    My external server IP: 192.168.1.2
    Client machine: 192.168.1.3

    Real Problem: After a portal login attempt from 192.168.1.3, I check out my captive portal web from 192.168.1.1 and instead of 192.168.1.3, 192.168.1.2 is seen as authenticated.

    My external server is being authenticated on captive portal because the cURL is being executed on that machine. I need the client machine to be authenticated.

    Workarounds:

    1. Yes, we all know that http header requests can be changed with cURL options like:

    curl_setopt( $ch, CURLOPT_HTTPHEADER, array("REMOTE_ADDR: ".$ip, "X_FORWARDED_FOR: ".$ip));
    

    but it's not working because cURL is going through a high level protocol. Handshake is being made with TCP Protocol.

    2.Using Proxies like squid does not work either. Now this time pfSense authenticates my proxy server instead of client machine (transparent, on, etc options did not work for me).

    I really don't want to go for plain php pages then upload them on pfSense machine.

    Any help would be appreciated.