Captive Portal Login URL
-
Your nginx config file is not the same as mine.
You've forgot an important thing : you want to use a host name "aaaa.hostname.com" instead of an IP 10.10.200.1 address, right ?In that case : add a host override on the unbound resolver , at the bottom :
Now, your DNS is aware that aaaa.hostname.com is 10.10.200.1 and vis versa.
Add this on the resolver page, save, apply.
Open portal settings, and save also.Now, have a look again at the have a look again at the file
/var/etc/nginx-xxxxxx-CaptivePortal.confYou should see this :
-
-
Sorry.
I've checked how the nginx config file is generated.
This part :
only gets added when https mode is active.
See /etc/inc/system.inc, around line 1340 (look for cp_redirect)
So, still possible, but more needs to be modified to get it working.
Are you sure you can't afford a free certificate from Letsencrypt, and call it a day ? I'm using https captive portal for years now, it's a real set it and forget in thing.
In a close future, browsers will refuse plain 'http' usage anyway.edit : maybe you can abuse the presence of a bug ....
Whe I switched from https to http login, portal settings are not cleaned up :
I still had, in the portal config, this :
Or, https mode was disabled.
Look under <captiveportal><cpzonex> ...... there you find all the portal instance settings.So : set https mode ones with the correct <httpsname> .... </httpsname>
and select whatever (non valid probably) certificate.
Then switch back to http mode.<httpsname>aaaa.hostname.com</httpsname>will still be present and set.
This is, IMHO, a bug.
-
thanks for support
do you have a working example in your build
http://aaa.hostname.com:8002/index.php?zone=xxxx
-
For many years (10 or so ?) now.
I wanted to use the https access so there was no 192.168.2.1 (my portal interface) showing in the URL. https access isn't really needed as there is not really any secret information transmitted over Wifi, the login credentials are shown in the rooms of the hotel.
But, as a 'public' portal of a hotel can't use any SSID encryption, like AES or WEP, it has to be open for easy client use, I shifted to https.I'm not using "hostname.com" as I do not own (== rent) this domain name.
I rented my own domain name with the commercials brand in it, like "my-hotel-in-my-town.net". I picked a registrar that supports some API so I could use the acme.sh pfSense package to handle the certificate details.Now, my clients see "portal.my-hotel-in-my-town.net" when using the captive portal, but ..... who cares, as people don't look at URLs any more anyway.
It works flawlessly.@ahmetakkaya said in Captive Portal Login URL:
http://aaa.hostname.com:8002/index.php?zone=xxxx
People don't see / deal with / have to type in that URL.
All phone, pads and other devices are portal minded these days. -
This post is deleted! -
I made the login screen come up with https and aaa.hostname.com.
but on some devices
Your Connection Is Not Private
I'm getting the warning
how can i solve
-
@ahmetakkaya said in Captive Portal Login URL:
I'm getting the warning
Your Connection Is Not Private
how can i solveWhat device gave that warning ?
You you can't really solve this.
Is your SSID protected with a WPA3 encryption ? (and password) : probably not. So, a captive portal is always considered as a less secure network (like : OMG : everything goes in clear over the air).
But, don't worry, nearly all traffic is https (TLS) protected these days.
Most people will also, after connecting to a captive portal, use a VPN.Or maybe the device is complaining about 'DNS' is open.
-
-
@ahmetakkaya said in Captive Portal Login URL:
Your Connection Is Not Private
That's not a message from pfSense. It's a message shown on your device.
You know that no one on this forum works for Apple, Samsung etc. So why should I know what that message means ?
Don't take me wrong : what about 'thinking' a bit before asking a question ??
I don't know what your device means with that message, but, "as they are all the same" it probably means something about the Wifi.
Are you using a Wifi network with a password ?
if it is WPA3 encrypted, god, but then the portal users have also to type in the wifi password first. As said before, that's not needed /wanted on a public network.We both also now that most traffic is TLS (https) encrypted these days.
This means : no one on planet earth can decrypt that. That includes the 3 letter agencies. So who cares that your Wifi network is not encrypted ?!
Most professional portal users even use a VPN as soon as they are connected to a public portal, so now everything is encrypted twice.
True : DNS traffic is visible ....Btw : my iPhone X IOS15.x says : "Not a secured network". It's just a message - not a show stopper. I'm not going to use "WPA3 encrypted" on my captive portal network. Older people won't be able to type that 28 letter password : My public captive portal wouldn't get used any more as it is to much a of hassle.
-
no ssid password only captive portal login available
I think the devices giving error can't get the ssl certificate
I don't know why this is
-
@ahmetakkaya said in Captive Portal Login URL:
I think the devices giving error can't get the ssl certificate
Can't get ? Can't trust ?
How did you set up the https portal access ?
Possible that you state more details ?Your portal works well for :
Apple device ?
Microsoft devices ?
Other brand devices ? -
SystemGeneral Setup
Hostname:aaa
Domain:domain.comDNS Resolver
Host Overridesaaa domain.com pfsenseip
Captive PortalHTTPS Options
HTTPS server name: aaa.domain.com
SSL/TLS Certificate: domain.com (a valid certificate)no problem on windows operating systems
I'm having problems with mobile devices especially android systems
-
Will testing, always use a pass all (TCP, UDP, ICMP etc) on your captive portal interface.
And to make live easy on you, use a dedicated captive portal interface, not the LAN interface.
By nature,your LAN is a trusted interface, and your captive portal is not, as it will accept device that you do not trust (otherwise you wouldn't use the captive portal in the first place).The principal captive portal issues are listed here : Troubleshooting Captive Portal
and you'll see that most issues are ..... (of course) : DNS.
For example : if a devices uses DoH or DoT (using port 835), it's game over right away.
-
@ahmetakkaya said in [Captive Portal Login URL]
https://aaa.hostname.com:8003/index.php?zone=xxxx
8003 I want to access the port from outside, so is it possible to access the portal page?
-
@ahmetakkaya said in Captive Portal Login URL:
8003 I want to access the port from outside
What is outside ?
The portal works form the captive portal interface. -
aaa.hostname.com Can I access the portal page by forwarding the address to port 8003?
-
You want to use the portal access from 'somewhere' on the Internet ?
I never saw a setup like that.The captive portal is designed to give a devices on a local network acess to the Internet, and other selected resources.
Devices that are already on the Internet don't need access t the Internet, they already have it.If you want to access local resources from the outside, use a VPN.
