• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

[help me]pfsense not redirect to Captive portal when user type HTTPS website url?

Scheduled Pinned Locked Moved Captive Portal
not redirecthttpspfsensecaptive portal
8 Posts 5 Posters 3.3k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    TuanNghia103
    last edited by Apr 6, 2019, 4:02 AM

    Hi my friend. I have a trouble with my pfsense Captive portal:

    When user has not login, user type an URL in browser, if URL not HTTPS, Captive portal redirect well, but user type HTTPS url (such as google.com), Captive portal is not redirect?

    I don't understand why? Please help me, show me how to solve: user type https website, pfsense redirect to Captive portal.

    Thankyou very much.

    1 Reply Last reply Reply Quote 0
    • D
      Derelict LAYER 8 Netgate
      last edited by Apr 6, 2019, 7:33 AM

      https://forum.netgate.com/search?term=https&in=posts&matchWords=all&categories[]=3&sortBy=relevance&sortDirection=desc&showAs=posts

      Chattanooga, Tennessee, USA
      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
      Do Not Chat For Help! NO_WAN_EGRESS(TM)

      1 Reply Last reply Reply Quote 0
      • T
        TuanNghia103
        last edited by Apr 6, 2019, 9:46 AM

        I want a way to solve, because I try to read more but i don't understand, don't know what i should do.

        1 Reply Last reply Reply Quote 0
        • C
          CuteBoi
          last edited by Apr 6, 2019, 11:29 AM

          He is saying: You can't

          1 Reply Last reply Reply Quote 1
          • D
            Derelict LAYER 8 Netgate
            last edited by Apr 6, 2019, 6:32 PM

            https://forum.netgate.com/post/642020

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 1
            • F
              free4 Rebel Alliance
              last edited by free4 Apr 7, 2019, 5:37 PM Apr 7, 2019, 5:33 PM

              @TuanNghia103 said in [help me]pfsense not redirect to Captive portal when user type HTTPS website url?:

              I want a way to solve, because I try to read more but i don't understand, don't know what i should do.

              you can't.

              HTTPS has bien designed specifically for blocking this

              there is no way for bypassing this, this is a feature of HTTPS.

              however, I do have an alternative solution : ask your users to use one of the majors browsers (Edge/firefox/google chrome/safari, etc...)

              all major Web browsers have a feature called "captive portal detention":

              alt text

              the way it works is every time you open your browser, an HTTP request is made to a random URL. if this URL is unreachable, then the web browser consider that your internet is blocked and shows you a message.

              the URL requested are usually :

              • http://connectivitycheck.gstatic.com/generate_204 (google chome, chrome OS, android)
              • http://clients3.google.com/generate_204 (Chromium)
              • http://www.msftncsi.com/ncsi.txt (Internet Explorer)
              • http://www.msftconnecttest.com/connecttest.txt (Edge)
              • http://detectportal.firefox.com/success.txt (Firefox)

              they may vary a bit depending on the location/the version used, though

              more info here (for chrome) and here (for firefox)

              G 1 Reply Last reply Apr 10, 2019, 1:34 PM Reply Quote 2
              • G
                Gertjan @free4
                last edited by Gertjan Apr 10, 2019, 1:53 PM Apr 10, 2019, 1:34 PM

                @free4 said in [help me]pfsense not redirect to Captive portal when user type HTTPS website url?:

                the URL requested are usually :

                http://connectivitycheck.gstatic.com/generate_204 (google chome, chrome OS, android)
                http://clients3.google.com/generate_204 (Chromium)
                http://www.msftncsi.com/ncsi.txt (Internet Explorer)
                http://www.msftconnecttest.com/connecttest.txt (Edge)
                http://detectportal.firefox.com/success.txt (Firefox)

                Hummm. Nice list !!
                One is missing :
                http://captive.apple.com/hotspot-detect.html (Any iOS based device = Apple)

                The final answer to this question

                [help me]pfsense not redirect to Captive portal when user type HTTPS website url?

                is : no user should have to do anything so the captive portal login sows up.
                Better yet : the user doesn't even need to know that they are using a Captive portal.
                As soon as the Ethernet connection comes up, it's the OS of the user's device that will ask for an IP, a DNS, a gateway. After that's done, the OS will throw out a basic http request (see list above) and there should be an answer, just click on the links above to check for yourself.
                This http request (on port 80 !) will be redirected to the captive portal web interface running on pfSense.
                What happens then is known : the captive portal login page will show up. The user can interact with this page, like authenticate himself.

                If this doesn't happen : see here.

                Again : a captive portal user doesn't have to open a browser an launch some http request him self. The OS already did that - and knows that it should open a web browser when needed.

                I'm running a captive portal on a hotel.
                This means that I don't know who will be using our captive portal.
                I don't know what device they bring with them.
                Neither how they set it up ...
                I do not publish any instructions about how to connect - except fro the fact that our free Wi-fi network is called "OurHotelNetwork" - the SSID.
                I know that our clients connect to our network. I have the stats and usage as a proof. Anyway, if the free Wi-fi isn't working I'll be out of business very quickly.

                It's very rare that our clients contact me because they can't connect to our network. Ones or twice a year ?!

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                F 1 Reply Last reply Apr 13, 2019, 8:39 AM Reply Quote 0
                • F
                  free4 Rebel Alliance @Gertjan
                  last edited by free4 Apr 13, 2019, 8:39 AM Apr 13, 2019, 8:39 AM

                  @Gertjan Other one are missing,

                  because of google being blocked in china, cellphones and multiple chinese garbage browsers (360browser, etc...) are usually using one of these URL:

                  • https://connect.rom.miui.com/generate_204 (Xiaomi)
                  • http://www.qualcomm.cn/generate_204 (Huawei)
                  • http://www.265.com/generate_204 (Google Chrome, Asus cellphones. This website is owned by google)

                  I also heard that nintendo devices are using http://conntest.nintendowifi.net for captive portal detection
                  but anyway, i don't think that's very important..

                  1 Reply Last reply Reply Quote 0
                  8 out of 8
                  • First post
                    8/8
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                    This community forum collects and processes your personal information.
                    consent.not_received