Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CP on Two Interfaces, but authenticate only once?

    Scheduled Pinned Locked Moved Captive Portal
    8 Posts 4 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L Offline
      Lectrician
      last edited by

      I have two interfaces for two LANS, both setup to use the Captive Portal.

      When a user goes though the captive portal (un-authenticated user), if they then go into the other building and try to use the WiFi in there on the other interface, they get hit with the captive portal again.

      Is there away to 'merge' the two?  So if you click through the CP on one LAN, you are free to the user too?

      Thanks.

      1 Reply Last reply Reply Quote 0
      • E Offline
        eowyn36
        last edited by

        I cant test this cause I have only one LAN interface but I think i have a sollution.
        On Captive Portal page you can ctrl+click two interfaces at once.

        1 Reply Last reply Reply Quote 0
        • L Offline
          Lectrician
          last edited by

          Thanks, but I have both interfaces selected to use the captive portal, but am wanting to pass through the CP on both interfaces when you go through on just one.

          Also, while looking at the settings, this one has confused me:

          Maximum concurrent connections - "This setting limits the number of concurrent connections to the captive portal HTTP(S) server. This does not set how many users can be logged in to the captive portal, but rather how many users can load the portal page or authenticate at the same time! Default is 4 connections per client IP address, with a total maximum of 16 connections."

          My Maximum Concurrent Connections is blank, no number.  Should it be 4?  What exactly does this do and whats the purpose?  If more than the set amount of users do try to access, what error page do they get?

          1 Reply Last reply Reply Quote 0
          • L Offline
            Lectrician
            last edited by

            Looking into the code, I don't think there is an out of the box solution to this.

            I wonder if this is possible, and will try later.

            In the index.php script in the captive portal, in the }else{ statement at the end where the CP page is displayed, I could open the CP database, check for the users MAC address, if it exists, check the IP address is not the same as the clients current IP(different interface), and if it is different, fire the portal_allow() function with the clients details.

            The only thing is that I guess the redirect page (if set) would still appear, so may have to look to pass a variable in to the portal_allow() function to surpress this.

            1 Reply Last reply Reply Quote 0
            • T Offline
              thurines
              last edited by

              I havent tried this but what if you where to setup two pfsense boxes, one that routes between the two buildings and one that handles the captive portal. Then you could route the two biuldings subnets together in the first box and that box could then forward internet traffic to the second box and the captive portal could be handled there?

              Maybe just a crazy idea

              1 Reply Last reply Reply Quote 0
              • L Offline
                Lectrician
                last edited by

                Sounds a perfectly reasonable idea, just perhaps a little over zealous having a second box just for the convenience of not having to click through the portal twice if you did move from one building to the next.

                Thanks.  I may get around to tweaking later on my bench system, but only have a WAN and LAN NIC in that box, so may be tricky to test in full.

                1 Reply Last reply Reply Quote 0
                • jimpJ Offline
                  jimp Rebel Alliance Developer Netgate
                  last edited by

                  There has been some private work in that area using cookies and/or MAC based auth. I'm not sure if/when that will trickle its way back into the open code.

                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • L Offline
                    Lectrician
                    last edited by

                    I do actually store a couple cookies on the users device when they come through the portal.  As my portal asks for their name, postcode and email as they passthrough, I store these in a cookie so when they return another day, the form is already populated with their details and a message "are these details correct" is shown.  I could use these cookies to see if the user had been logged though already based on the cookies timestamp.

                    Still not had chance to have a play yet.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.