Captive Portal + freeradius + LightSquid
-
Hi all,
I've configured a setup with Captive Portal + freeradius to do some tests in wifi, based on this resource: https://github.com/deajan/pfSense-cp-auth-onestep. This tool uses MySQL to save user information collected from CP.
CP + Freeradius themselves are working very well in my tests so I decided to put LightSquid in the scope, in order to get all the reports from the clients network access.
I've been trying to search for a solution in which the Squid gets, besides IP and MAC, the name the user puts in the self-registration form during the login.
I've chagend some settings based on my research for testing, but I have not found a solution yet.
Squid keeps showing the logs like that:
Does anyone here knows how to do this integration between CP information and LightSquid?
Please ask if you need more information to understand the environment.
Thanks in advance,
Ricardo Casagrande -
@ricardocasagrande said in Captive Portal + freeradius + LightSquid:
Does anyone here knows how to do this integration between CP information and LightSquid?
They who know, are 'gone'.
I've more to say about the subject, but before I repeat myself for the xx time (on this forum) I have to ask : Why squid ? What is your goal ? -
@Gertjan Hello Gertjan, thanks for your willingness to help me hehe
I'm not used to pfsense yet and I'm just trying to better understand how it works.
I've worked more with sophos and fortigate.The intention to use captive portal with squid is because, in my working environment, we have an 'open wifi', with only basic blocking rules, for visitors. This example of Captive Portal is going to serve us very well, because it's basic but does what it promises (the self-registration).
As we don't use a lot of blocking rules or something (this can be changed if we don't find a solution for this scenario), the squid reports can 'protect' us in case of legal problems, like people accessing illegal content on the web from our public IP.
As I said, I'm not so familiar with pfsense, so, maybe you have a better solution for my problem.
Thanks in advance,
-
@ricardocasagrande said in Captive Portal + freeradius + LightSquid:
so, maybe you have a better solution for my problem.
Normally, there is the concept of being responsible for what is done with your Internet connection.
So when I set up a captive portal for a hotel somewhere in 2006 using m0n0wall, pfSense was forked from it, I was looking for securing what portal clients could access.Today, I'm using pfBlockerng to block the most obvious host names (DNSBL) and if I suspect something, I can route all portal traffic over a VPN connection.
Never had any issues with my ISP, knowing that I know they are looking, as I saw the warnings they send out when they detect something : a couple of my friends / neighbors were 'caught' while streaming and or sharing "Disney content".
The real streamer / downloader uses a VPN anyway. Or is just to scared to connect to a network he doesn't know/trust.
And, IMHO, all this has nothing to do with pfSense.
If you want to use a proxy so you can analyze content, you need to know :
What the "Internet" actually is, down to the packet.
You need to know how proxies are set up and maintained.
You need to have a good list with rules so you can actually detect something.
You have to stay on to it permanently, as handling false positives will happen all the time.
More and more sites just can't be proxied anyway.I've decided already a long time ago : it's not worth it.
I already host my own web servers on my own dedicated Debian 12 dedicated server, a "big iron" device. I'm doing my own DNS domain name zone hosting using bind. When that was running, I've added DNSSEC everywhere, added my own postfix mail server for all my domains, fully compliant with all the modern mail constraints. No GUI what so ever to maintain all this, everything is set up the old way.
All this to say : I've started to know what 'Internet' is, and I know also I still don't know enough.
