Allow login windows live messenger (msn) before auth by CP?
Is it possible to let users login to windows live messenger without the auth. by CP?
I've tried to add over 30 IP addresses which may related with WLM to "Allowed IP addresses" of CP, but still no luck.
I think that this can be done by MAC address.
Services > Captive Portal > Pass Through MAC
That's probably impractical (way too many IPs you'd have to exempt, and it likely changes frequently).
I've the similar problem, not MSN but Skype. I've enable CP with a small list of users who have right to use the internet. These users have their CP user/password but I want to allow everyone else to use Skype.
Skype require port 80/443 which is blocked by CP. Some official thread said we can open port 1024 - 65535 on firewall to allow Skype which is a bad idea.
Skype can use IE's proxy setting to connect to skype network but doing so will render CP useless because user can access to the internet with no CP login screen shown up.
PS. I'm not sure that CP only block port 80/443 or all ports.
I've found some workaround solution. Since my pfSense enabled both CP and transparent Proxy. I just go to Skype -> Option -> Connection. empty all check boxes. Choose proxy type as HTTPS and fill in my pfSense LAN IP and Squid listening port (I've change to something other than 8080 or 3128) and Skype can successfully connected. ;D
This is not a good solution since some user may notice and try these IP/port on IE proxy setting. I'm now thinking about having the other dedicated proxy server to take care all of skype connection and control the HTTP filtering there. The problem is how to indicate which traffic is from skype. May be regex on MIME type should work. 8)
PS. I've try this on MSN but MSN allow proxy setting through IE only. There is SOCKS5 option which I never try yet.