Captive Portal Load in Windows

marciourakawa

I am in agreement with the proposed solution, but in my scenario I can't install certificates on client machines. I think I'll have to move on to another form of network access like retrying client macs.

Gertjan

@marciourakawa said in Captive Portal Load in Windows:

I can't install certificates on client machines

https login against the captive portal doesn't need any changes on the client devices.
I use https authentication on my captive portal, for a hotel : this means I do not and can not "control" the devices that clients bring along. Clients do not need to modify their device to connect on our portal.
The acme package obtains a certificate for me every 60 days or so, me doing nothing at all : all works automatically.

marciourakawa

This post is deleted!

marciourakawa

@gertjan

Sorry, but these are new ways for me.

Could you share how the setup was done or some link?

Gertjan

The setup of my captive portal ?

I have it from "the book" And always have a look to these thousands of Youtube movies. These movies always show old version, and none is 100 % correct, so watch them all just to see what they do, and what they don't do.
A captive portal depends heavily on a working DNS, so I advise you to use the Resolver - and do not enter any other DNS info before you totally understood what DNS really is. Same thing for the DHCP : use the DHCP build into pfSense - other are possible .... later on.

I used for many years the "Local user manager" for the authorized list of users.

Later, I added the acme package, and obtained a wild card cert from LetsEnscrypt - which means that your need a existing domain name (a couple of $ or € a year). Do not underestimate the usage of this package. It uses state of the art technology, a certificate. Everybody uses them, nobody knows actually how to implement them, and what it takes to get one - even if they are free. Good news : a captive portal doesn't need a certificate to work, it's optional.

And of course, because I use my portal to hand over access to compete strangers, I dedicated an OPT1 interface for that, adding a switch behind it, and a boatload of AP's (My opinion : Captive Portal should never be activated on LAN, that like driving that Formula 1 on a public road : no fun, only troubles).
Using a dedicated interface also makes firewall rules on this interface more easy.

Making the physical network : took me days.
Setting it up in pfSense : 10 minutes or so ?

Later on, because it worked so good and I was annoying myself,, I added the FreeRadius package and a MySQL server somewhere on my LAN, so authentication is handles by FreeRadius now. It still works great although it is more complex, thus more fun.

Btw : I'm not selling Internet access : the contract is very simple : if it works for you (my clients) then that's ok - if not, not a problem for me. The pfSense captive portal works now for about ten years for me.
It's rock solid.

marciourakawa

@gertjan I'll try those days and post the result.

I have a scenario similar to yours, here circulates a lot of people and users authenticate through Portal Captive that uses RADIUS to authenticate to AD.

But some devices and notebooks (Win 7) hardly open the Portal Captive page.

In your hotel, windows 7 notebook normally open?

Gertjan

@marciourakawa said in Captive Portal Load in Windows:

In your hotel, windows 7 notebook normally open?

"Windows 7", any version like Home, Pro, whatever : no problem.
Wired or Wifi.

I build the connection, like sliding in the RJ45 or selection the Wifi network.
I wait 10 to 20 seconds.
A system notification, at the right bottom corner tells me that a "User action is needed" (something like that. I click on the link in the text.
A browser opens - typically IE.
Which brings me to the captive portal login page.

All this because Windows 7 is "captive portal aware".

(Btw : my W7 systems are relatively clean : no Google polution, no other navigators - but I know my clients connect with their all devices .... this list is very long - even those with a less then 2 $ OS).

stephenkwabena

@gertjan

Please how do I use external MySQL server for FreeRadius on pfsense and how to acme package to obtain LetsEnscrypt? If you can give me the setup for both. I use LetsEnscrypt on my Ubuntu Server at home and it was easy to obtain it but with pfsense captive portal never done before so please need your help.

Gertjan

@stephenkwabena said in Captive Portal Load in Windows:

Please how do I use external MySQL server for FreeRadius on pfsense

You could use whatver SQL database server on your LAN, or elsewhere.
I use the MariaDB package from my NAS, a Synology Diskstation, which comes with a free bonus : phpmyadmin is also present, so I can check the database, Freeradius tables.

@stephenkwabena said in Captive Portal Load in Windows:

how to acme package to obtain LetsEnscrypt?

Impossible to answer using few words.
The subect "acme & Letenscrypt" behind it is overwhelming. Took me close to a year to lnow how it all works.
@jimp takes 1 hour 15 min here https://www.youtube.com/watch?v=h7Rlru3agdA
You should know what DNS is ... and certificates ... and you need some time ;)

The certificate obtained can be used for the GUI, and the Captive portal https login.
You'll be needing a real domain name.

edit : the 2 videos discussing the Captive portal are also accessible now. They are mandatory. Seeing them and captive portal has no more secrets for you.

stephenkwabena

@gertjan

I know is possible but how the connection is done that's what I wanted to know. I currently have Ubuntu Server running MySQL how to connect it to the pfsense freeradius server is my problem.

Thanks