Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Captive portal OpenVPN (2.1)

    Captive Portal
    4
    8
    4388
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      flyingtino last edited by

      Hello Board,

      We are connecting a Mikrotik board to a hosted PFsense via OPENVPN site to site bridged connection over Internet.
      With DHCP from the PFsense and all, this setup works great!
      However, the goal is to have a captive portal on this connection. After enabling the captive portal, all we get is the Pfsense config GUI instead of the portal page.

      Below the setup;

      clients LAN –---MT--10.0.8.2/24--openvpntunnel----10.0.8.1----pfsense(OPVPNServer/DHCP)----Internet

      Where should we look to correct this and get this working.

      Thanks in advance for the reply....

      1 Reply Last reply Reply Quote 0
      • E
        eri-- last edited by

        Presently this will not work without some patching needed for this.

        1 Reply Last reply Reply Quote 0
        • F
          flyingtino last edited by

          Thanks for the reply.

          Is it a simple or a complicated fix? The OpenVPN tap Bridging Fix?

          1 Reply Last reply Reply Quote 0
          • C
            cmb last edited by

            Not easy, kernel changes required.

            1 Reply Last reply Reply Quote 0
            • R
              Rampage last edited by

              mhhh let me get the point..

              wifi network–-AP<---VPN-----> pfsense--- internet ??

              and you want to have wifi network users's request to be captured by the captive portal?

              i don't know if this can be done, because the captive portal works as a NAS (network access server) and afaik it recognizes users based on the mac address to determine if they are logged in or not.

              so, for it to work, you need your clients to be able to talk with the captive portal at layer2.

              for it to work over a VPN, you need your users to be direct openVPN bridged clients, if it's the router handling the VPN, then the mac seen by the captive portal is the one from the tap0 interface on the router, and not the clients which are NATed.

              i'm thinking this MIGHT work if on the MT board you make it to bridge tap0 and the network clients are connecting to, and then on the pfsense side have the captive portal to intercept on tap0 (i don't think this can be done via the webUI)

              1 Reply Last reply Reply Quote 0
              • E
                eri-- last edited by

                It is not necessary for CP to have the MAC you can just tell it to use only IP.

                1 Reply Last reply Reply Quote 0
                • F
                  flyingtino last edited by

                  Thanks for the replies guys.

                  We've got it working in the setup of two Vservers with PFsense back2back.  In other words, 1 pfsense for the OpenVPN tunnel terminating on the LAN interface of the second Pfsense with the captive portal. When it works in this setup, a CP on bridged interfaces should be possible. On a MT this is standard stuff, however lags UDP openvpn! 
                  So the goal is to get it all working on 1Vserver!

                  The IP only remark is interesting. Thanks. However, MAC wil be necessary in order to log users according to the Telecom Laws and future references and advertising. We are trying to build Free Wireless Internet access city networks based on this principle. By using OpenVPN's we can use existing infrastructures and roll-out the network quickly and flexible.

                  1 Reply Last reply Reply Quote 0
                  • F
                    flyingtino last edited by

                    Hello Board,

                    We've got it working as intended!
                    On Pfsense 2.1 beta we have now 3 OpenVPN services running connected to 3 different Captive Portals.
                    De virtual interfaces have each a DCHP range and also the squid proxy is listening.

                    The downsides are;

                    • RRD graphs are not there (yet) for providing statistical Information.
                    • shaper isn't working on de openvpn interfaces.
                    • IPv6 isn't working in conjuction with openvpn and / or captive portal.

                    I'm sure this is only a matter of time!

                    Thanks for delivering and stable box of pandora!

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post

                    Products

                    • Platform Overview
                    • TNSR
                    • pfSense
                    • Appliances

                    Services

                    • Training
                    • Professional Services

                    Support

                    • Subscription Plans
                    • Contact Support
                    • Product Lifecycle
                    • Documentation

                    News

                    • Media Coverage
                    • Press
                    • Events

                    Resources

                    • Blog
                    • FAQ
                    • Find a Partner
                    • Resource Library
                    • Security Information

                    Company

                    • About Us
                    • Careers
                    • Partners
                    • Contact Us
                    • Legal
                    Our Mission

                    We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                    Subscribe to our Newsletter

                    Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                    © 2021 Rubicon Communications, LLC | Privacy Policy