Replace captive portal IP with FQDN



  • I have set up a pfSense box to function as the captive portal for my open WIFI network. I have replaced the login page with a custom page. When a user connects to my open WIFI network, it will launch the browser and show the custom login page at http://<ip of="" the="" pfsense="" captive="" portal="" server="">:8000. I was wondering if it will be possible to change the IP address provided to the client in the 302 response pfSense sends out to a fully qualified domain name (FQDN) which points to the same IP address in the end, so i.e. http://openwifiportal.mydomain.nl:8000. Just for the looks of it in the browser :)</ip>



  • what I did is define the FQDN in the DNS forwarder service (host overrides) and use it in the captive portal "HTTPS server name".
    Works for me.



  • @l.capriotti:

    what I did is define the FQDN in the DNS forwarder service (host overrides) and use it in the captive portal "HTTPS server name".
    Works for me.

    I was thinking about that option, but that means you'll have to use HTTPS for the portal, correct? I don't have a public certificate for my wifi portal page and don't want to scare the visitors off with an unknown self signed certificate, so I rather don't want to switch to HTTPS. The risk involved in the vouchers being intercepted is acceptable for my environment.



  • i know it is late to reply to this topic but it was referenced in another post so I thought it was valid.

    You can get a free cert if you own a domain from www.startssl.com



  • Thanks for the tip! I believe to remember they were hardly supported in any of the major browsers, but checking their website, they do claim to be supported in all browsers these days. Worth checking out, especially because they claim its free. Wondering about the catch though, but guess I'll find out soon enough :)



  • i use them for all my personal certificates, internal and external. if i need one for internal, i just add the host to the '.com' lookup zone instead of the '.local' zone on the domain.

    my only tip is to make SURE you backup your authentication certificate they install in your browser as without it you will not be able to get into your account

    there class 1 are free since they still charge for the class 2 and 3 as well as the EV certs



  • I know it's an old topic, anyway if you want to use a FQDN with plain HTTP (port 8000) you have to do little changes to the code.
    Look for 'ourhostname' and place something like the code below in /usr/local/captiveportal/index.php and /etc/inc/captiveportal.inc

    So you can use the hostname specified in "HTTPS server name" even if you don't use HTTPS. Be sure the host is resolvable from users side.

    
    if (isset($config['captiveportal']['httpslogin']))
        $ourhostname = $config['captiveportal']['httpsname'] . ":8001";
    else {
    	if (isset($config['captiveportal']['httpsname'] )){
    		$ourhostname = $config['captiveportal']['httpsname'] . ":8000";
    	}
    	else {
    		$ifip = portal_ip_from_client_ip($clientip);
    		if (!$ifip)
    			$ourhostname = $config['system']['hostname'] . ":8000";
    		else
    			$ourhostname = "{$ifip}:8000";
    	}
    }
    


  • Might be an old top lsense, but still hadn't figured it out :) Thanks for sharing! I'll give it a try.


Log in to reply