CP on Two Interfaces, but authenticate only once?
-
I have two interfaces for two LANS, both setup to use the Captive Portal.
When a user goes though the captive portal (un-authenticated user), if they then go into the other building and try to use the WiFi in there on the other interface, they get hit with the captive portal again.
Is there away to 'merge' the two? So if you click through the CP on one LAN, you are free to the user too?
Thanks.
-
I cant test this cause I have only one LAN interface but I think i have a sollution.
On Captive Portal page you can ctrl+click two interfaces at once. -
Thanks, but I have both interfaces selected to use the captive portal, but am wanting to pass through the CP on both interfaces when you go through on just one.
Also, while looking at the settings, this one has confused me:
Maximum concurrent connections - "This setting limits the number of concurrent connections to the captive portal HTTP(S) server. This does not set how many users can be logged in to the captive portal, but rather how many users can load the portal page or authenticate at the same time! Default is 4 connections per client IP address, with a total maximum of 16 connections."
My Maximum Concurrent Connections is blank, no number. Should it be 4? What exactly does this do and whats the purpose? If more than the set amount of users do try to access, what error page do they get?
-
Looking into the code, I don't think there is an out of the box solution to this.
I wonder if this is possible, and will try later.
In the index.php script in the captive portal, in the }else{ statement at the end where the CP page is displayed, I could open the CP database, check for the users MAC address, if it exists, check the IP address is not the same as the clients current IP(different interface), and if it is different, fire the portal_allow() function with the clients details.
The only thing is that I guess the redirect page (if set) would still appear, so may have to look to pass a variable in to the portal_allow() function to surpress this.
-
I havent tried this but what if you where to setup two pfsense boxes, one that routes between the two buildings and one that handles the captive portal. Then you could route the two biuldings subnets together in the first box and that box could then forward internet traffic to the second box and the captive portal could be handled there?
Maybe just a crazy idea
-
Sounds a perfectly reasonable idea, just perhaps a little over zealous having a second box just for the convenience of not having to click through the portal twice if you did move from one building to the next.
Thanks. I may get around to tweaking later on my bench system, but only have a WAN and LAN NIC in that box, so may be tricky to test in full.
-
There has been some private work in that area using cookies and/or MAC based auth. I'm not sure if/when that will trickle its way back into the open code.
-
I do actually store a couple cookies on the users device when they come through the portal. As my portal asks for their name, postcode and email as they passthrough, I store these in a cookie so when they return another day, the form is already populated with their details and a message "are these details correct" is shown. I could use these cookies to see if the user had been logged though already based on the cookies timestamp.
Still not had chance to have a play yet.
