Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive Portal not working when users homepage begins with https://

    Scheduled Pinned Locked Moved Captive Portal
    6 Posts 3 Posters 7.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      andymk
      last edited by

      Hi all, this is my first post and first time with anything like pfsense. I managed to set up a working captive portal but i have a small problem. When a user connects to the network and opens a browser, if the home page starts with https:// the portal does not appear. If the user navigates to a normal http:// address, the portal works and all is ok. I read a few posts on this issue but there was no working solution.

      Andy.

      1 Reply Last reply Reply Quote 0
      • D
        dhatz
        last edited by

        This is unfortunately a problem with every captive portal implementation, since CP has to redirect traffic in order to present a login screen (there are some work-arounds but those create other issues).

        The best solution is to suggest to new users to initially visit any regular http site.

        1 Reply Last reply Reply Quote 0
        • A
          andymk
          last edited by

          thanks dhatz, could you tell me some of these work arounds? I don't need authentication so one of your suggestions may help me

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            We don't support any of them (and pretty much no CP solution does as dhatz mentioned). They have bad consequences. Just tell people to browse to a HTTP site, there's a reason pretty much every hotel I've been in specifically says that on their little Internet guide card. Alternatively, get ready for a bunch of development work to end up with something that creates ugly warnings on your client machines. Source at github.com/bsdperimeter/  Feel free to knock yourself out.

            1 Reply Last reply Reply Quote 0
            • D
              dhatz
              last edited by

              andy, if you also control the clients and their web browser's homepage, you could add your own root Certification Authority into their CA store and create wildcard SSL cert, effectively performing a SSL man-in-the-middle attack.

              Otherwise there's really no way to intercept https traffic without causing warnings by the users' browser (in recent years popular browsers display big and scary warnings if there are SSL cert issues)

              1 Reply Last reply Reply Quote 0
              • A
                andymk
                last edited by

                Thanks guy's, i'll take the advice and stick with notifying the customer.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.