Captive portal not redirecting on https requests. problem on every browser
-
@fahad77678 said in Captive portal not redirecting on https requests. problem on every browser:
but when the session expire the its does not redirecting to me on login page
If you were visiting some site, and the portal session expires, then yes, your browser will hit the captive portal 'firewall' wall.
Your browser has the URL resolved (and local DNS is up to date) soAlso : if your were visiting a https site, then the portal can't kick in, because there is this law that says : "you can't break / intercept https traffic".
You should use high values for idle and hard time out.
You can login again by :
Rip out the RJ45 cable or switch off the Wifi connection for while.
Close your browser.
Enable the wire or radio connection.Or, more easel y : visit any http site (not a https site, or a http site that has HTST activated) again and hit Ctrl-F5.
-
i want redirecting on every requests whether it http or https. kindly tell me the configuration tha do this for me. i am running captive portal on lan or vlan connections.
-
Just tell me is it possible to redirecting every page to captive portal ?
-
Any http page will get redirected to the portal login page - if the users isn't logged in already.
A https page : normally, no - but browsers could be smart about what to do.Btw : never ever change captive portal settings if you have logged in users - if you really have to change settings, throw out users first.
-
U mean to say that normally captive portal cannot redirect the https request if user not logged in? mean this is not possible?
-
@fahad77678 said in Captive portal not redirecting on https requests. problem on every browser:
mean this is not possible?
You know the ansswer already.
https == SSL traffic can NOT be intercepted. If that would be possible, that https:// sites are identical to http:// visits.
You do know what https:// is, right ? What it stands for - what it means ?
Example : if you type in https:/:www.google.com, your browser ill first resolve google.com. As soon as it gets an IP, it will do https://172.217.22.142/ (on port 443).
In the reply there will be a certificate that states that it is connected to "*.google.com" .
If the captive portal intercepts this request, it will not return the certificate of Google, but it own certificate - which will be anything but not "google.com". Your browser, being smart, knows that you want to connect to google.com, but some other site replied. The browser knows it's request is redirected- or their is some other MITM.
It will bail out with the famous certificate error message. -
In simple words my captive portal not redirecting. please help me on this
-
On a device that you connect to the portal network - but not logged in yet, show what these commands show to you :
ipconfig /all
nslookup google.com
or better
nslookup onisep.fr
-
C:\Users\fahad>nslookup onisep.fr
Server: pfsense.localdomain
Address: 192.168.1.1Non-authoritative answer:
Name: onisep.fr
Address: 213.162.50.177 -
@gertjan said in Captive portal not redirecting on https requests. problem on every browser:
nslookup google.com
C:\Users\fahad>nslookup google.com
Server: pfsense.localdomain
Address: 192.168.1.1Non-authoritative answer:
Name: google.com
Addresses: 2404:6800:4003:806::200e
74.125.130.113
74.125.130.102
74.125.130.139
74.125.130.138
74.125.130.101
74.125.130.100 -
C:\Users\fahad>ipconfig/all
Windows IP Configuration
Host Name . . . . . . . . . . . . : Muhammad-Fahad
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : localdomainEthernet adapter Ethernet:
Connection-specific DNS Suffix . : localdomain
Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connection
Physical Address. . . . . . . . . : D4-C9-EF-E5-F4-27
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::1998:6eb8:b089:d1a6%24(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.10(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, January 7, 2019 4:05:06 PM
Lease Expires . . . . . . . . . . : Monday, January 7, 2019 5:50:52 PM
Default Gateway . . . . . . . . . : fe80::1:1%24
192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 164940271
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-21-ED-F6-29-D4-C9-EF-E5-F4-27
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Connection-specific DNS Suffix Search List :
localdomainWireless LAN adapter Local Area Connection* 4:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #3
Physical Address. . . . . . . . . : 3C-A9-F4-2E-A0-41
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : YesWireless LAN adapter Local Area Connection* 5:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #4
Physical Address. . . . . . . . . : 3E-A9-F4-2E-A0-40
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : YesWireless LAN adapter Wi-Fi:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Home
Description . . . . . . . . . . . : Intel(R) Centrino(R) Ultimate-N 6300 AGN
Physical Address. . . . . . . . . : 3C-A9-F4-2E-A0-40
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes -
@fahad77678 said in Captive portal not redirecting on https requests. problem on every browser:
92.168.1.1
Ok, looks all good.
DNS works - pfSense is the DNS resolver for your clients.You use the default login page ?
What GUI firewall rules on your captive portal interface ?
-
All is on default settings. Gui Login all is on default settings. Yoy can say that firewall is on default settings i had just configure captive portal
-
@fahad77678 said in Captive portal not redirecting on https requests. problem on every browser:
Its only works when i delete the browser history. Then when i entered the google.com and every dns with .com when i use the it redirects to login page. but when the session expire the its does not redirecting to me on login page. i want that if i entered only a single word in google it should redirect to me into login page if i am not logged in
Again : that is an expected behaviour.
It is not possible to redirect HTTPS connections. Not only with pfSense, but also with any other router. HTTPS connections just can't be redirected, that's by design. You can learn more here : https://stackoverflow.com/questions/51562003/captive-portal-and-https-redirect
That shoudn't be an issue because modern web browsers do handle captive portals pretty well, using HTTP test requests (cf my picture above)
-
@free4
yeah i have checked your picture but its only works in firefox not on another browsers. how would it be possible on google chrome? -
@fahad77678 chrome also implement captive portal tests
Android and apple devices also implement this feature
-
@free4
But in my case chrome not doing like this.
can you come on teamviwer ? -
@free4
Did you enable https login enable in captive portal or not?
in my case if i disable https login then it cant reach the login page. chrome says site cant be reach if i search some sites.
same case in firefox. firefox only promt for login netwrok but not redirecting to catptive page. -
The browser indicates that a user action is needed.
It's probably not directing you right away some where else, which seems rather logic to me: the user wants to browse site a.b.c. - the browser won't take him to d.e.f (our captive portal login page) but suggests the a user action is needed.These are my observations :
Use http (default) and the https portal login. Things will go very smooth.
Chrome might be "portal aware" these days. I'm using the captive portal in a hotel - do not explain clients how to connect - and they connect (mostly not being IT experts, they all manage to connect using whatever device).As said here - and in the doc : https you should obtain a certificate signed by an authority.
This implies that you should use an existing domain name on your portal LAN, like
portal.your-domaine.tld
You can buy such a corticate - or use the acme package.
True : the acme package works for you if you know what to do and how to do it -
@gertjan
Use http (default) and the https portal login. Things will go very smooth.
what do you mean by this how can i do this in pfsense. actually i m new in pfsesne