Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive Portal blocks my ssh trafic.

    Captive Portal
    4
    4
    1386
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fedaim
      last edited by

      Hi everyone;
        I have a problem about captive portal.
      in a nut shell;  i cant ssh my server behind the pf when the Cap. portal is enable in my test env.. When i disable the portal my ssh tries are successfull. I just want  Captive Portal prevents me just http or https connections.  my lab aims ssh tunnel over captive portal. so a ssh tunnel must be exist. I am trying to bypass captive portal authentication over ssh tunnel. so  no need username or password or mac-filter bypass.

      Best regards.

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        Yeah, and this is exactly why the whole CP idea is broken by design. You MUST go thru the portal via a web browser for the other traffic (such as SMTP, IMAP, POP3, SSH) to start flowing and work. The only way around is the Allowed IP Addresses list. This however will NOT keep the CP functionality for HTTP/HTTPS either for those IPs. They simply will be allowed without going thru the portal.

        1 Reply Last reply Reply Quote 0
        • S
          Slam
          last edited by

          You could try doing what Doktornotor suggested by adding the devices to "Allowed IP Addr" list and then allowing those devices to access only dns/ssh/etc OR deny http(s) etc using firewall rules/Aliases…depending on how you want to do it, its worth a try.

          1 Reply Last reply Reply Quote 0
          • K
            kathampy
            last edited by

            If you want seamless authenticated access, use PPPoE to connect to pfSense instead of a captive portal.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post