Captive portal with logging of usernames and surf logs, possible?

  • We are looking for some solution at work to keep wireless secured in.

    It´s pretty much Captive portal (with active directory auth) but we also need surf logs, is it doable with squid and CP?

    It will be sitting as default route for that network so we dont want any proxy settings in client so it have to be transparent.

    if it cant be done with pf are there any other solutions out there?


  • It seem that you can have both enabled but i get a error when accessing "Auth settings" with transp and auth(also CP) enabled

    The following input errors were detected:

    * Authentication cannot be enabled while transparent proxy mode is enabled

    but it seems to work there any problem running with this or are there any downside with that config?


  • We use Squid and Captive Portal with the built in Captive Portal authentication/user db.  Don't use the the auth in Squid, as you discovered it won't work with transparent.

    If you're using DHCP it can be a two step process of checking the Squid log, then checking which user logged in from that IP during that time.  Everything should be logged, or at least you can enable logging of DHCP, CP, and Squid somewhere in pfSense.

    If anyone does know how to get the CP user data into the squid.log that would be fantastic.

  • How have you configured the clients?, are you using a .pac file or how have you solved that?


  • Not sure what a *.pac is, but we use the CP with our wireless.  We have three interfaces in pfSense, WAN, LAN, and OPT1.  OPT1 is a VLAN.  The VLAN is mainly used for our public/guest (no encryption) wifi.  OPT1 has DHCP enabled, and each DHCP address is listed in the 'unrestricted IPs' for the transparent proxy.  On the front page of the proxy settings, we have the proxy bound to LAN & OPT1.  Once you connect, you see the pfsense captive portal page.  As I mentioned we only have about 25 users so it is easiest if we just use the built in user db.

    We've found that it works very well and a lot of content gets served from cache.

  • Ahh, tnx for explaining, i´ll try that tomorrow at work

    "from wiki about pac"
    A proxy auto-config (PAC) file defines how web browsers and other user agents can automatically choose the appropriate proxy server (access method) for fetching a given URL.