Redirect without user action



  • My company is working on migrating to pfSense from ValuePoint's Gateway and I've been put in charge of R&D. Valuepoint has the option to redirect a user to a website when they first connect without the need for a login page or Terms of Service type page. As soon as the user connects, the first web page they see is usually about the location they're at (hotel reservation page, coffee shop homepage, etc) but they are free to access the web at this point without clicking anything specific.

    Is there a way to do this with pfSense? If I turn on the Captive Portal with no Authentication, the user still has click some kind of "Continue/Access the Internet" button before they're forwarded to the "After authentication Redirection URL" but I would like to simply forward them to the "After authentication Redirection URL" without any interaction.

    I'm sure I could create a Javascript page that could automatically "virtually click" the button, so they're directed to the webpage I want.. but is there any work around with out Javascript?



  • You should have a look at the following options:

    • Pass-through credits allowed per MAC address

    • Waiting period to restore pass-through credits

    This seems to be more a workaround but try this:
    Set the "Pass-through credits" to a value like 120 or something else high and "Waiting periosd" to 1 hour.. This means, the user can connect 120 per hour to CP without need of adding username or password.  In general you do not need to add such a high value because the client will only be disconnected if "Idle-Timeoute" or "Hard-Timeout" comes in place.



  • Sorry, this won't help from a technical perspective, but…

    From the look of your post, the CP is being used for public-Wifi-type deployments.  I take it the landing page will contain some sort of 'terms of use' statement for the connection.

    By just showing them the page and not asking them to acknowledge reading/understanding it ("Click to continue...") then you may as well just proved open access points without the redirect.

    Imaging if I stapled a notice to a telegraph pole at the end of my street saying "By passing this notice you agree to pay $100 cash to the residents of #12 each day" - how much cash do you think would actually be handed over?  Your 'terms' statement is a contract in which you agree to provide the service in exchange for them abiding by certain constraints (no illegal activity!).  A contract without proof of 'acceptance' is not enforceable.



  • Well, we have several different set ups and scenarios. Not all of the locations require a Terms of Service and sometimes they do not want one! They just want the user to be directed to their website when they first connect to the wireless, but that's it. They want to advertise their website to the end users- not to create any sort of binding contract.

    While I do not recommend modifying pfSense unless you know what you're doing- and always recommend creating a backup before modifying any file(s), I'll share my personal work around:


    OPEN "/usr/local/captiveportal/index.php"

    FIND: LINE 228

    } else {
    

    PASTE ABOVE THIS LINE:

    } else if (strpos($_GET['redirurl'], 'accept=yes') !== false && $clientip && $config['captiveportal']['auth_method'] == "none") {
        captiveportal_logportalauth("unauthenticated",$clientmac,$clientip,"ACCEPT");
        portal_allow($clientip, $clientmac, "unauthenticated");
    

    SAVE THE FILE


    Now change your captive portal page to this:

    if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {
    	$url = "https://{$_SERVER['SERVER_ADDR']}:" . $_SERVER['SERVER_PORT'] . "/index.php?accept=yes";
    } else {
    	$url = "http://{$_SERVER['SERVER_ADDR']}:" . $_SERVER['SERVER_PORT'] . "/index.php?accept=yes";
    }
    
    	header("Location: $url");
    ?>
    

    Then with Captive Portal enabled and "No Authentication" selected, the end user is authenticated and redirected to the "After authentication Redirection URL" just like I want! :)


Log in to reply