External (Reverse?) Captive Portal



  • I have the current setup.

    ISP
          |
      DMZ Subnet
          |
      IPSEC VPN Hardware
          |
      VPN Subnet
          |
    Mail Server

    I have been asked to allow access to the corporate mail server's web interface from the Internet without requiring VPN software for each user, however I don't want to have to move the mail server from the VPN subnet.  Could a Captive Portal be used to provide access to authenticated users from the Internet (SSL VPN)?  If so, how?  A WAN link (routable interface) can't be chosen for a captive portal.

    IE.

    ISP
          |
      DMZ Subnet
          |    |–--------------------
          |                                    |
      IPSEC VPN Hardware      SSL Captive Portal
          |                                    |
          |                                    |
      VPN Subnet-------------------
          |
    Mail Server

    Notes:
    DMZ is routable /27 subnet using Proxy Arp.
    Using pfSense 1.0.1



  • That is not currently possible, unfortunately.



  • This is more suitable for your needs: http://sourceforge.net/projects/sslexplorer/



  • SSL-Explorer looks to be just the ticket.  Didn't know this project existed…

    Thanks to all for the very quick responses.



  • sslexplorer even has a built in java vpn client. It's pretty cool. Just forward the configured port to the ssl exporer and configure your users/apps there. I tested this at our office. works great.


Log in to reply