Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive portal with logging of usernames and surf logs, possible?

    pfSense Packages
    2
    6
    5.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      Guest
      last edited by

      We are looking for some solution at work to keep wireless secured in.

      It´s pretty much Captive portal (with active directory auth) but we also need surf logs, is it doable with squid and CP?

      It will be sitting as default route for that network so we dont want any proxy settings in client so it have to be transparent.

      if it cant be done with pf are there any other solutions out there?

      /F

      1 Reply Last reply Reply Quote 0
      • ?
        Guest
        last edited by

        It seem that you can have both enabled but i get a error when accessing "Auth settings" with transp and auth(also CP) enabled

        The following input errors were detected:

        * Authentication cannot be enabled while transparent proxy mode is enabled

        but it seems to work nevertheless..is there any problem running with this or are there any downside with that config?

        /F

        1 Reply Last reply Reply Quote 0
        • M
          mhab12
          last edited by

          We use Squid and Captive Portal with the built in Captive Portal authentication/user db.  Don't use the the auth in Squid, as you discovered it won't work with transparent.

          If you're using DHCP it can be a two step process of checking the Squid log, then checking which user logged in from that IP during that time.  Everything should be logged, or at least you can enable logging of DHCP, CP, and Squid somewhere in pfSense.

          If anyone does know how to get the CP user data into the squid.log that would be fantastic.

          1 Reply Last reply Reply Quote 0
          • ?
            Guest
            last edited by

            How have you configured the clients?, are you using a .pac file or how have you solved that?

            /F

            1 Reply Last reply Reply Quote 0
            • M
              mhab12
              last edited by

              Not sure what a *.pac is, but we use the CP with our wireless.  We have three interfaces in pfSense, WAN, LAN, and OPT1.  OPT1 is a VLAN.  The VLAN is mainly used for our public/guest (no encryption) wifi.  OPT1 has DHCP enabled, and each DHCP address is listed in the 'unrestricted IPs' for the transparent proxy.  On the front page of the proxy settings, we have the proxy bound to LAN & OPT1.  Once you connect, you see the pfsense captive portal page.  As I mentioned we only have about 25 users so it is easiest if we just use the built in user db.

              We've found that it works very well and a lot of content gets served from cache.

              1 Reply Last reply Reply Quote 0
              • ?
                Guest
                last edited by

                Ahh, tnx for explaining, i´ll try that tomorrow at work

                "from wiki about pac"
                A proxy auto-config (PAC) file defines how web browsers and other user agents can automatically choose the appropriate proxy server (access method) for fetching a given URL.

                http://en.wikipedia.org/wiki/Proxy_auto-config

                /F

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post