Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid3-dev captive portal integration

    Scheduled Pinned Locked Moved Cache/Proxy
    8 Posts 4 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • marcellocM
      marcelloc
      last edited by

      Hi,

      Squid3-dev now includes captive portal authentication method to log captive portal users on squid logs.

      If all code is working correctly, you can enable captive portal and use squid  with trasparent mode on or off.

      squid_captive_portal.png
      squid_captive_portal.png_thumb

      Treinamentos de Elite: http://sys-squad.com

      Help a community developer! ;D

      1 Reply Last reply Reply Quote 0
      • H
        huyvesau
        last edited by

        Hi Marcelloc,
        I am a newbie.
        My pfsense server installed: squid3-dev, captive portal.
        I want to use authentication of CP and logging of squid with user-id of CP in logs (In my case, this function is very important).
        I enabled CP in Authentication methods of Squid and checked "Patch Captive Portal" box in Squid General Settings, and reapply captive portal setting.
        My problem is: In realtime squid logs shows "TCP_DENIED/403" in status bar (as attached file) . There arenot logs of Internet user although Logging is enabled in squid general setting.

        Which solution for my problem to use captive portal with squid ?
        Sorry for my English.  :)

        ![Squid Logs Errors.PNG](/public/imported_attachments/1/Squid Logs Errors.PNG)
        ![Squid Logs Errors.PNG_thumb](/public/imported_attachments/1/Squid Logs Errors.PNG_thumb)

        1 Reply Last reply Reply Quote 0
        • marcellocM
          marcelloc
          last edited by

          Could you authenticate on captive portal?

          Treinamentos de Elite: http://sys-squad.com

          Help a community developer! ;D

          1 Reply Last reply Reply Quote 0
          • H
            huyvesau
            last edited by

            If I only enabled Captive portal, CP authentication could run normally
            When I configured Captive portal and Squid3-dev simultaneously, there was error "The requested URL couldnot be retrieved" if I accessed to websites, as attached figure and in squid logs showed status "TCP_Denied/403".

            My configuration:

            Captive portal:
              - Enable Captive portal
              - Checked "Enable Captive portal"
              - Interfaces: LAN
              - Idletimeout: 10 minutes
              - Checked "Disable MAC filtering"
              - Authentication: Radius/PAP

            Proxy Server:
            General settings:
              - Proxy Interface(s): LAN
              - Checked "Allow users on interface"
              - Checked "Patch captive portal"
              - Unchecked "Transparent HTTP Proxy"
              - Enable Logging
            ACLs:
              - Allowed subnets: LAN subnets
            Authentication:
              - Authentication method: Captive portal

            ![error web browser.PNG](/public/imported_attachments/1/error web browser.PNG)
            ![error web browser.PNG_thumb](/public/imported_attachments/1/error web browser.PNG_thumb)

            1 Reply Last reply Reply Quote 0
            • marcellocM
              marcelloc
              last edited by

              What you have on squid acls?

              Treinamentos de Elite: http://sys-squad.com

              Help a community developer! ;D

              1 Reply Last reply Reply Quote 0
              • H
                huyvesau
                last edited by

                My network diagram with pfsense:

                Internet User –----10.171.0.0/16 ------  L3SW Gateway (DHCP) -----10.10.10.0/24--- pfsense server (routing, no NAT) ----10.171.31.0/24 ---- Firewall ------ Router ----- Internet

                On Squids ACLs:
                  - Allowed subnets:
                              10.171.0.0/16
                              10.10.10.0/24
                  - Others are default

                1 Reply Last reply Reply Quote 0
                • V
                  Ventec
                  last edited by

                  Apologies if this is covered in a newer topic, however if it is I have failed miserably in finding it!

                  I have set up squid3-dev using local authentication and it works fine…

                  • Patch Captive Portal

                  • ACL only contains 10.1.1.1/24 (the local network address)

                  • Proxy details are input to the browsers directly, transparent mode is off

                  I have set up captive portal using RADIUS authentication and it works fine…

                  • Captive portal is a custom one but is fairly basic, not sure if this could effect anything

                  The problem I am encountering is that when I set squid3-dev to use the captive portal for authentication all I get is error pages, your basic "Access Denied" message and I cannot even go directly to the captive portal page (https://<pfsense>:8001)

                  This is causing me a bit of a headache now as I really don't want to have people need to authenticate with the captive portal and then have to further authenticate themselves with the proxy!

                  I would really like a solution to my problem…

                  I tried to use no authentication on the proxy but then the proxy stops filtering https pages which is a bit of a requirement...

                  I am not really sure which/where to find any relevant logs you might want to help me sort this so please ask if you can use one or need to know any of the configuration and I'll do my best to answer you in short order.

                  Thanks!</pfsense>

                  1 Reply Last reply Reply Quote 0
                  • J
                    jeremyb
                    last edited by

                    Hi everybody,

                    I've a problem with  the captive portal authentication method for Squid.

                    When Squid authentification methode is "captive portal", my users can authenticate in my captive portal (captive portal with RADIUS AUTHENTIFICATION) but all the request in port 80 are blocked by the proxy. The Squid's logs (in Real TIme) say "TCP_DENIED/403" and the errors page with "access denied" appears…

                    When Squid authentification methode is "none", my users can authenticate in my captive portal and all the request in the port 80 are accept and the navigation is logged.

                    Please can you help me ?

                    I don't speak english very well, sorry... I'm french.

                    Thanks very much !

                    1 Reply Last reply Reply Quote 1
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.