Captive portal URL/IP



  • im starting this new topic because all topic related and same to this are already locked/closed..

    How can I change or hide the captive portal IP??

    FROM: http://192.168.1.1:80 
    TO : http://myportal:80

    how to do that? is it possible ?

    thanks



  • Yes, you can.

    I never call my pfSense box "192.168.1.1" but by the name I gave it = "pfsense".

    I guess that System => General setup => Hostname is a valid DNS name for your box.
    I advise you to set (activate) this option:
    Allow DNS server list to be overridden by DHCP/PPP on WAN
    on the same page.
    This way, pfSense will use your WAN DNS (from your internet supplier) and the pfSense clients will be assignd the pfSEnse box as the DNS server.

    You can add more names here: Services => DNS forwarder at the bottom of th page.
    My portal 'host' is called: portal
    The domain name I chosed: mycompanie.net
    IP: 192.168.2.1 (because I'm running the portal on a dedicated interface, OPT1.

    When  my clients login (I'm using https with a valid certificate), they see: portal.mycompanie.net, not the IP.



  • @Gertjan:

    Yes, you can.

    I never call my pfSense box "192.168.1.1" but by the name I gave it = "pfsense".

    I guess that System => General setup => Hostname is a valid DNS name for your box.
    I advise you to set (activate) this option:
    Allow DNS server list to be overridden by DHCP/PPP on WAN
    on the same page.
    This way, pfSense will use your WAN DNS (from your internet supplier) and the pfSense clients will be assignd the pfSEnse box as the DNS server.

    You can add more names here: Services => DNS forwarder at the bottom of th page.
    My portal 'host' is called: portal
    The domain name I chosed: mycompanie.net
    IP: 192.168.2.1 (because I'm running the portal on a dedicated interface, OPT1.

    When  my clients login (I'm using https with a valid certificate), they see: portal.mycompanie.net, not the IP.

    done the hostname domain and IP

    In DNS forwarder, it is enabled … but there's a lot of options to CHECK .. what should I checked?



  • The most logic one:
    Enable DNS forwarder

    These are also normal:
    Register DHCP leases in DNS forwarder
    Register DHCP static mappings in DNS forwarder

    And this one:
    Do not forward private reverse lookups

    I didn't check any others.



  • System: General Setup

    hostname: pfsenserouter
    Domain : ccs.edu.localnetwork (my FQDN)
    DNS Servers: 192.168.200.5 (my Domain IP)
    Allow DNS server list to be overridden by DHCP/PPP on WAN CHECKED

    .
    .
    Services: DNS forwarder

    Enable DNS forwarder
    Register DHCP leases in DNS forwarder
    Register DHCP static mappings in DNS forwarder
    Do not forward private reverse lookups

    Interfaces : ALL

    I can still see IP in my portal.. what else is missing?



  • form method="post" action="http://192.168.200.1:8000/" –---->>>> This one..thats what showing in my portal url
    "http://www.google.com"> –------->>> I set this up

    <center>

    |

    |

    </center>



  • @lynx:

    DNS Servers: 192.168.200.5 (my Domain IP)

    @lynx:

    form method="post" action="http://192.168.200.1:8000/" –---->>>> This one..thats what showing in my portal url

    So, your portal server (pfsense) isn't your DNS server ?

    Btw: stop looking for a solution  ;)

    I switched to NON-https portal login, and it showed the IP of the portal interface: http://192.168.2.1/index.php…...... not the host name.

    /etc/inc/captiveportal.inc: (in function portal_reply_page())

    
    	$htmltext = str_replace("\$PORTAL_ACTION\$", "{$protocol}{$ourhostname}/", $htmltext);
    
    ```and $ourhostname is being set just before:
    
    $ourhostname = portal_hostname_from_client_ip($clientip);
    
    Now, have a look at function portal_hostname_from_client_ip().
    The IP of the portal interface is returned, not the name.


  • @Gertjan:

    So, your portal server (pfsense) isn't your DNS server ?

    Btw: stop looking for a solution  ;)

    my portal is 192.168.200.1… my DNS server which is my DomainController is 192.168.200.5

    STOP looking for a solution?? why?? there's no solution for this??

    base on your reply...what I understand is it's not possible if I use non-https portal login..so I have to stop looking for a solution .. RIGHT???
    but it is possible if I'll use https portal login. RIGHT??
    .
    .

    so how to have a HTTPS portal log-in then?? what do I need to do?



  • @lynx:

    my portal is 192.168.200.1… my DNS server which is my DomainController is 192.168.200.5
    STOP looking for a solution?? why?? there's no solution for this??
    base on your reply...what I understand is it's not possible if I use non-https portal login..so I have to stop looking for a solution .. RIGHT???
    but it is possible if I'll use https portal login. RIGHT??

    Well, sorry, no. I meant: the IP is hard coded in the captive portal code.
    No possibility with a 'setting' to change that.

    When the portal page is non-https, then the IP of the gateway of the portal is returned.
    Of course, your browser will do the DNS tric if it is a fully qualified DNS name like http://portal/ but the navigator will not reverse the process when an IP is send back. An IP is what the navigator wants.

    There is a solution - and you don't need to look for. You need to code it  :)
    .
    @lynx:

    so how to have a HTTPS portal log-in then?? what do I need to do?

    That's what I did.
    I got a free Certificate from startssl.com, implemented it and portal user don't see the IP anymore.





  • @lsense:

    see here:
    https://forum.pfsense.org/index.php?topic=53846.msg312507

    Yep, saw it.

    The code you mentioned ( 31-01-2013, 09:42:23 )

    if (isset($config['captiveportal']['httpslogin']))
        $ourhostname = $config['captiveportal']['httpsname'] . ":8001";
    else {
    	if (isset($config['captiveportal']['httpsname'] )){
    		$ourhostname = $config['captiveportal']['httpsname'] . ":8000";
    	}
    	else {
    		$ifip = portal_ip_from_client_ip($clientip);
    		if (!$ifip)
    			$ourhostname = $config['system']['hostname'] . ":8000";
    		else
    			$ourhostname = "{$ifip}:8000";
    	}
    }
    

    Knowing that portal_ip_from_client_ip($clientip) always return the IP of the portal interface (a portal client without its gateway, that would be a curious situation ….) so this gets executed:

    $ourhostname = "{$ifip}:8000";
    

    $ifip is our 'not wanted' IP (normally OPTx) IP.

    I propose :
    Serach```
    $ourhostname = (is_ipaddrv6($ifip)) ? "[{$ifip}]" : "{$ifip}";

    change for this
    

    $ourhostname = (is_ipaddrv6($ifip)) ? "[{$ifip}]" : $cpcfg['httpsname'];

    In /etc/inc/captiveportal.inc
    
    "Works for me" ™  ;)


  • my plan is to use $config['captiveportal']['httpsname']  that is "HTTPS server name" in web gui to configure what clients see in the address bar even if we are not using https.

    portal_ip_from_client_ip($clientip)  is not called at all.



  • @lsense:

    my plan is to use $config['captiveportal']['httpsname'] …...

    this should be the same as 
    $cpcfg = $config['captiveportal'][$cpzone]['httpsname']
    (see function portal_hostname_from_client_ip($cliip) in /etc/inc/captiveportal.inc - pfSense 2.1.3)
    @lsense:

    that is "HTTPS server name" in web gui to configure what clients see in the address bar even if we are not using https.

    Well, this is where I need to explain:
    "Works for me" ™
    $cpcfg['httpsname'] is only set when you activate (ones) the "activate https authentication on the captive portal settings page.
    This will be done if you put in valid certificates …
    Not very difficult, its explaine here: https://forum.pfsense.org/index.php?board=2.0 The very first subject PFsense 2.1 MultiCP and https with Windows Radius Guide.
    As soon as "https" is setup and valid, de-activate it.
    The tric is: the $cpcfg['httpsname'] will be grayed out, but remains set and valid (so, you can use it as I did above  ;)).
    Exemple:
    My domaine is
    brit-hotel-fumel.net (to be set on the General setup page).
    The portal 'host' = 'portal' (IP 192.168.2.1, as set on the DNS Forwarder page)
    So, my 'httpsname' will be portal.brit-hotel-fumel.net

    When people connect to my Wifi network they will get an IP (they don't connect yet).
    They can ping at that very moment alreay portal.brit-hotel-fumel.net - this MUST give back a reply.
    This means the host name is resolved.
    This means that host name can be used instead of 192.168.2.1
    And that's what the subject is all about.

    @lsense:

    portal_ip_from_client_ip($clientip)  is not called at all.

    For me, this is correct, because I'm using https login.
    For non-https login, this function will be called:
    (see function portal_hostname_from_client_ip($cliip) in /etc/inc/captiveportal.inc - pfSense 2.1.3)


Log in to reply