Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    New To PFSense, Need Custom Captive Portal

    Scheduled Pinned Locked Moved Captive Portal
    9 Posts 2 Posters 5.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      jerwiles
      last edited by

      Hi,

      I've never used PFSense before, although in the past I have used various Linux distros. I currently manage the network for a large, multi-company space, that has a shared internet connection for dozens of companies. We have been using SonicWall routers with wired LAN connections in each office and wifi access points scattered throughout the space. Since the facility is so large and has so many users in and out all day, it's been difficult to identify problem machines on the network. So far all we have been able to do is identify the MAC addresses of problem machines, but that doesn't tell us who owns the machines or where they are physically located.

      Enter PFSense. What I am trying to accomplish is a custom captive portal page, that would show up on every machine across the network the first time they connect. I do NOT want it to prompt for a password or user login, and I want each user to only have to do this one time. I want the splash page to collect the following information: Name, Company, Office Number, Phone Number, and Email. I also want the captive portal to collect the user's MAC address automatically. Below those fields there will be the user policy agreement, and then a continue button. When they hit that button they have internet access, and I want all of that information collected by the page to be made available to me, so I can easily identify who owns what MAC address.  This way, if someone's machine is causing problems on the shared internet connection, I can track that person down without having to go on a wild goose chase throughout the entire facility trying to find the MAC address in question. After all, there's dozens of computers and devices connected at any one point in time.

      So I have started working on a PFSense box in a test environment. As of right now I have a custom captive portal page created, but I'm not entirely sure I've made it properly, in fact I probably haven't. So I'm not opposed to making one from scratch all over again. When the user pushes the "continue" button, all it's doing right now is refreshing the captive portal page, it is not advancing to another page or to any other url. That's a problem obviously. I'm also not sure where this information that is being put into the fields is going.

      Please help! And thank you in advance for your responses.

      1 Reply Last reply Reply Quote 0
      • J Offline
        jerwiles
        last edited by

        In the amount of time from when I posted this to now, I have come across a little more information on my own, and have installed the FreeRADIUS package onto PFSense, because it appears I need this. But I will be honest, I'm totally lost here. I have no idea how to make FreeRADIUS and the CP communicate with eachother, especially since I'm not even sure if my CP is coded properly.

        Also, it appears I do need to have users create a username and password in order to accomplish what I am trying to do here? Correct me if I am wrong. I was hoping to bypass the need for users to have a password.

        1 Reply Last reply Reply Quote 0
        • B Offline
          bardelot
          last edited by

          A solution that could probably work would be to collect the required user information and the MAC address the first time the portal is opened and then automatically add the MAC address to the MAC pass-through list. Also without seeing at least some of your custom page code it's quite hard to tell you if you made an error there.

          1 Reply Last reply Reply Quote 0
          • J Offline
            jerwiles
            last edited by

            I see what you are saying there, but I'm not quite sure how to implement it. As for seeing the custom page code… I've ditched the page I was trying to use and started over, using what I came across this thread:

            http://forum.pfsense.org/index.php/topic,8748.msg50758.html#msg50758

            So, I have the default pfSense custom portal page, and all I've done was add a custom logo to the top, and a "to register click here" at the bottom. When they click the "click here", it directs the user to the page I created from the code in the link above. From what I am seeing, however, it appears this only works on older versions of pfSense, pre-dating 2.0. When the user fills out their information and clicks on register, it returns with a fatal error.

            Has anyone found a way to make this work on 2.0+ or made something similar?

            1 Reply Last reply Reply Quote 0
            • J Offline
              jerwiles
              last edited by

              Here's the code I am using on the Registration page. As I said before, the page they first see is the default captive portal page, just with a custom logo and a "click here to register" at the bottom, which takes them to the code here.

              register.txt

              1 Reply Last reply Reply Quote 0
              • J Offline
                jerwiles
                last edited by

                So I have a friend who is a PHP expert looking at my self-registration page, that I built off of the code in the post above… I'll let the forum know how that goes.

                In the meantime, I was wondering... A lot of the businesses in this space use their own routers or have their own wifi netwoks, basically sub-networks of our master network. I want each user to be forced to log in, even behind sub-networks. However, in my test environment, the captive portal seems to be seeing everything behind a sub-network as one machine. So, for example, in my test environment, if I log in to the captive portal on one machine behind a sub-network, the other machines on that same sub-network aren't forced to log in.

                I pushed this testing even further and found that when I enable Pass-through MAC automatic additions, it is actually adding the MAC of the sub-network's router, not the MAC of the individual machine. Is there a way around this?

                1 Reply Last reply Reply Quote 0
                • B Offline
                  bardelot
                  last edited by

                  @jerwiles:

                  I pushed this testing even further and found that when I enable Pass-through MAC automatic additions, it is actually adding the MAC of the sub-network's router, not the MAC of the individual machine. Is there a way around this?

                  No you cannot use MAC addresses across network boundaries.

                  1 Reply Last reply Reply Quote 0
                  • J Offline
                    jerwiles
                    last edited by

                    I didn't think so…  :-\  I knew that was the case with other routers, didn't know if pfSense was able to bypass those boundaries or not.

                    1 Reply Last reply Reply Quote 0
                    • J Offline
                      jerwiles
                      last edited by

                      So I ended up using pfSense 1.2.3… user self registration via the php script above works beautifully. Too bad I couldn't get this working on 2.0. Since deployment I have run into some other issues in pfSense 1.2.3 that 2.0 would fix.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.