Captive Portal not working when users homepage begins with https://
-
Hi all, this is my first post and first time with anything like pfsense. I managed to set up a working captive portal but i have a small problem. When a user connects to the network and opens a browser, if the home page starts with https:// the portal does not appear. If the user navigates to a normal http:// address, the portal works and all is ok. I read a few posts on this issue but there was no working solution.
Andy.
-
This is unfortunately a problem with every captive portal implementation, since CP has to redirect traffic in order to present a login screen (there are some work-arounds but those create other issues).
The best solution is to suggest to new users to initially visit any regular http site.
-
thanks dhatz, could you tell me some of these work arounds? I don't need authentication so one of your suggestions may help me
-
We don't support any of them (and pretty much no CP solution does as dhatz mentioned). They have bad consequences. Just tell people to browse to a HTTP site, there's a reason pretty much every hotel I've been in specifically says that on their little Internet guide card. Alternatively, get ready for a bunch of development work to end up with something that creates ugly warnings on your client machines. Source at github.com/bsdperimeter/ Feel free to knock yourself out.
-
andy, if you also control the clients and their web browser's homepage, you could add your own root Certification Authority into their CA store and create wildcard SSL cert, effectively performing a SSL man-in-the-middle attack.
Otherwise there's really no way to intercept https traffic without causing warnings by the users' browser (in recent years popular browsers display big and scary warnings if there are SSL cert issues)
-
Thanks guy's, i'll take the advice and stick with notifying the customer.