Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive Portal + Squid3 non transparent proxy

    Scheduled Pinned Locked Moved Captive Portal
    12 Posts 5 Posters 11.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jcom
      last edited by

      Hi!

      I can't use squid3 with captive portal authentication.
      I have squid3-deb package installed, but when I put the proxy adress in the browser, nothing happens. Or page keep on loading, or access denied, or all pages are allowed.

      I have a intranet and I just need the internet traffic to be directed to the proxy squid. That's why I need a non transparent proxy.

      Can anyone help me? Or show any tutorial that I can do this?

      Thank You

      Ps: sorry for my english…

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        @jcom:

        I have a intranet and I just need the internet traffic to be directed to the proxy squid. That's why I need a non transparent proxy.

        Why do not use transparent proxy with captive portal integrated?

        With no proxy configured, intranet will work fine on LAN while any site outside your network will reach captive portal and squid.

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • H
          haydin81
          last edited by

          Hi marcello
          i want to ask a simply question.
          How can i  use normal and interception properties together on one squid.
          I want to access internet for users; lan1 interface transparent proxy and land2 interface non-transparent proxy together by squid

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            If you use captive  portal auth integration yes.

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • H
              haydin81
              last edited by

              We have terminal servers on lan1 interface, one ip adress but many users. So we have to use non-transparent proxy, if we want to logs per users internet access logs.
              On the other hands, we have wireless network on lan2 interface, one user for  one ip adress and we dont want to force to users setup proxy setting. We have to use transparent proxy, if we want to logs per ip adress internet access logs.
              Consequently, we want to log per user access internet logs but not proxy settings on Pfsense.
              How can use squid+captive portal+lightsquid?

              1 Reply Last reply Reply Quote 0
              • marcellocM
                marcelloc
                last edited by

                Captive portal will auth users per ip, so I do not recomend it for terminal services.

                You may configure it with two squid process, but it's not a native option of the package

                If you know how squid works, you can create two squid.conf to use each situation.

                The filer package will help you to keep custom squid.conf and startup scripts on xml backup.

                Treinamentos de Elite: http://sys-squad.com

                Help a community developer! ;D

                1 Reply Last reply Reply Quote 0
                • H
                  haydin81
                  last edited by

                  Squid3-dev–->"non-transparent", Patch captive portal" checked, "authentication-captive portal"
                  Captive Portal--> enabled, "authentication-radius" checked"disable mac filtering"

                  while state that,

                  1. if a user open explorer without proxy settings, he can access captive portal login page(of course some firewall rule added)
                  2. if a user open explorer with proxy settings, he cant open access captive portal and no access to internet (why?)
                  3. if a user open explorer without proxy settings and login captive portal (note.1), he can access internet with proxy settings explorer.

                  Help me!!

                  1 Reply Last reply Reply Quote 0
                  • marcellocM
                    marcelloc
                    last edited by

                    The point is that you need clients to send some http traffic out of squid port to keep captive portal alive, that`s why I use transparent proxy for http.

                    you can add a browser http startup page to proxy exception list. This way when your clients open their browsers, captive portal will check credentials.

                    Treinamentos de Elite: http://sys-squad.com

                    Help a community developer! ;D

                    1 Reply Last reply Reply Quote 0
                    • K
                      Kababayan
                      last edited by

                      Maybe we just add redirect proxy port to portal as well. even in transparent mode some users can easily find the port of the proxy using netstat so they can bypass the portal.

                      1 Reply Last reply Reply Quote 0
                      • J
                        jcom
                        last edited by

                        Hi Marcelo!

                        I need to use non transparent proxy. If I put a transparent proxy, I will need to change my gateway to direct all traffics to PfSense. I can't do this because I have a corporative network, that I can't administrate.
                        I need to separate internet from intranet. The only way I can do this, is setting a proxy on browser.
                        Do you have another way?
                        I need to know how to open captive login when I put the proxy on the browser.
                        PS: Its set "authentication-captive portal" on squid and local user on Captive Portal.

                        1 Reply Last reply Reply Quote 0
                        • marcellocM
                          marcelloc
                          last edited by

                          @jcom:

                          I need to know how to open captive login when I put the proxy on the browser.
                          PS: Its set "authentication-captive portal" on squid and local user on Captive Portal.

                          Without administrative privileges to change routes, it will be hard to configure and may need a lot of hacks.

                          The simplest workaround could be setting squid error page to captive portal url.

                          But if you use squid to deny access it may get in a loop.

                          If you use squid just to log internet access and/or use squidguard to filter internet access, then it may work.

                          Treinamentos de Elite: http://sys-squad.com

                          Help a community developer! ;D

                          1 Reply Last reply Reply Quote 0
                          • C
                            ciroxm
                            last edited by

                            @haydin81:

                            Squid3-dev–->"non-transparent", Patch captive portal" checked, "authentication-captive portal"
                            Captive Portal--> enabled, "authentication-radius" checked"disable mac filtering"

                            while state that,

                            1. if a user open explorer without proxy settings, he can access captive portal login page(of course some firewall rule added)
                            2. if a user open explorer with proxy settings, he cant open access captive portal and no access to internet (why?)
                            3. if a user open explorer without proxy settings and login captive portal (note.1), he can access internet with proxy settings explorer.

                            Help me!!

                            Hi, I'm with the same problem. But, pfsense 2.3.2-RELEASE-p1, package squid 0.4.29_1. Has anyone made work non-transparent proxy + captive portal?

                            –- edit

                            I solved the problem editing the error page (/usr/local/etc/squid/errors/.../ERR_ACCESS_DENIED) to redirect to captive portal. But the user needs to access some http page, not https, because the browser blocks https redirection.

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.