Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive portal URL/IP

    Scheduled Pinned Locked Moved Captive Portal
    13 Posts 3 Posters 6.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lynx
      last edited by

      im starting this new topic because all topic related and same to this are already locked/closed..

      How can I change or hide the captive portal IP??

      FROM: http://192.168.1.1:80 
      TO : http://myportal:80

      how to do that? is it possible ?

      thanks

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        Yes, you can.

        I never call my pfSense box "192.168.1.1" but by the name I gave it = "pfsense".

        I guess that System => General setup => Hostname is a valid DNS name for your box.
        I advise you to set (activate) this option:
        Allow DNS server list to be overridden by DHCP/PPP on WAN
        on the same page.
        This way, pfSense will use your WAN DNS (from your internet supplier) and the pfSense clients will be assignd the pfSEnse box as the DNS server.

        You can add more names here: Services => DNS forwarder at the bottom of th page.
        My portal 'host' is called: portal
        The domain name I chosed: mycompanie.net
        IP: 192.168.2.1 (because I'm running the portal on a dedicated interface, OPT1.

        When  my clients login (I'm using https with a valid certificate), they see: portal.mycompanie.net, not the IP.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • L
          lynx
          last edited by

          @Gertjan:

          Yes, you can.

          I never call my pfSense box "192.168.1.1" but by the name I gave it = "pfsense".

          I guess that System => General setup => Hostname is a valid DNS name for your box.
          I advise you to set (activate) this option:
          Allow DNS server list to be overridden by DHCP/PPP on WAN
          on the same page.
          This way, pfSense will use your WAN DNS (from your internet supplier) and the pfSense clients will be assignd the pfSEnse box as the DNS server.

          You can add more names here: Services => DNS forwarder at the bottom of th page.
          My portal 'host' is called: portal
          The domain name I chosed: mycompanie.net
          IP: 192.168.2.1 (because I'm running the portal on a dedicated interface, OPT1.

          When  my clients login (I'm using https with a valid certificate), they see: portal.mycompanie.net, not the IP.

          done the hostname domain and IP

          In DNS forwarder, it is enabled … but there's a lot of options to CHECK .. what should I checked?

          1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan
            last edited by

            The most logic one:
            Enable DNS forwarder

            These are also normal:
            Register DHCP leases in DNS forwarder
            Register DHCP static mappings in DNS forwarder

            And this one:
            Do not forward private reverse lookups

            I didn't check any others.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • L
              lynx
              last edited by

              System: General Setup

              hostname: pfsenserouter
              Domain : ccs.edu.localnetwork (my FQDN)
              DNS Servers: 192.168.200.5 (my Domain IP)
              Allow DNS server list to be overridden by DHCP/PPP on WAN CHECKED

              .
              .
              Services: DNS forwarder

              Enable DNS forwarder
              Register DHCP leases in DNS forwarder
              Register DHCP static mappings in DNS forwarder
              Do not forward private reverse lookups

              Interfaces : ALL

              I can still see IP in my portal.. what else is missing?

              1 Reply Last reply Reply Quote 0
              • L
                lynx
                last edited by

                form method="post" action="http://192.168.200.1:8000/" –---->>>> This one..thats what showing in my portal url
                "http://www.google.com"> –------->>> I set this up

                <center>

                |

                |

                </center>

                1 Reply Last reply Reply Quote 0
                • GertjanG
                  Gertjan
                  last edited by

                  @lynx:

                  DNS Servers: 192.168.200.5 (my Domain IP)

                  @lynx:

                  form method="post" action="http://192.168.200.1:8000/" –---->>>> This one..thats what showing in my portal url

                  So, your portal server (pfsense) isn't your DNS server ?

                  Btw: stop looking for a solution  ;)

                  I switched to NON-https portal login, and it showed the IP of the portal interface: http://192.168.2.1/index.php…...... not the host name.

                  /etc/inc/captiveportal.inc: (in function portal_reply_page())

                  
                  	$htmltext = str_replace("\$PORTAL_ACTION\$", "{$protocol}{$ourhostname}/", $htmltext);
                  
                  ```and $ourhostname is being set just before:
                  
                  $ourhostname = portal_hostname_from_client_ip($clientip);
                  
                  Now, have a look at function portal_hostname_from_client_ip().
                  The IP of the portal interface is returned, not the name.

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  1 Reply Last reply Reply Quote 0
                  • L
                    lynx
                    last edited by

                    @Gertjan:

                    So, your portal server (pfsense) isn't your DNS server ?

                    Btw: stop looking for a solution  ;)

                    my portal is 192.168.200.1… my DNS server which is my DomainController is 192.168.200.5

                    STOP looking for a solution?? why?? there's no solution for this??

                    base on your reply...what I understand is it's not possible if I use non-https portal login..so I have to stop looking for a solution .. RIGHT???
                    but it is possible if I'll use https portal login. RIGHT??
                    .
                    .

                    so how to have a HTTPS portal log-in then?? what do I need to do?

                    1 Reply Last reply Reply Quote 0
                    • GertjanG
                      Gertjan
                      last edited by

                      @lynx:

                      my portal is 192.168.200.1… my DNS server which is my DomainController is 192.168.200.5
                      STOP looking for a solution?? why?? there's no solution for this??
                      base on your reply...what I understand is it's not possible if I use non-https portal login..so I have to stop looking for a solution .. RIGHT???
                      but it is possible if I'll use https portal login. RIGHT??

                      Well, sorry, no. I meant: the IP is hard coded in the captive portal code.
                      No possibility with a 'setting' to change that.

                      When the portal page is non-https, then the IP of the gateway of the portal is returned.
                      Of course, your browser will do the DNS tric if it is a fully qualified DNS name like http://portal/ but the navigator will not reverse the process when an IP is send back. An IP is what the navigator wants.

                      There is a solution - and you don't need to look for. You need to code it  :)
                      .
                      @lynx:

                      so how to have a HTTPS portal log-in then?? what do I need to do?

                      That's what I did.
                      I got a free Certificate from startssl.com, implemented it and portal user don't see the IP anymore.

                      No "help me" PM's please. Use the forum, the community will thank you.
                      Edit : and where are the logs ??

                      1 Reply Last reply Reply Quote 0
                      • L
                        lsense
                        last edited by

                        see here:
                        https://forum.pfsense.org/index.php?topic=53846.msg312507

                        1 Reply Last reply Reply Quote 0
                        • GertjanG
                          Gertjan
                          last edited by

                          @lsense:

                          see here:
                          https://forum.pfsense.org/index.php?topic=53846.msg312507

                          Yep, saw it.

                          The code you mentioned ( 31-01-2013, 09:42:23 )

                          if (isset($config['captiveportal']['httpslogin']))
                              $ourhostname = $config['captiveportal']['httpsname'] . ":8001";
                          else {
                          	if (isset($config['captiveportal']['httpsname'] )){
                          		$ourhostname = $config['captiveportal']['httpsname'] . ":8000";
                          	}
                          	else {
                          		$ifip = portal_ip_from_client_ip($clientip);
                          		if (!$ifip)
                          			$ourhostname = $config['system']['hostname'] . ":8000";
                          		else
                          			$ourhostname = "{$ifip}:8000";
                          	}
                          }
                          

                          Knowing that portal_ip_from_client_ip($clientip) always return the IP of the portal interface (a portal client without its gateway, that would be a curious situation ….) so this gets executed:

                          $ourhostname = "{$ifip}:8000";
                          

                          $ifip is our 'not wanted' IP (normally OPTx) IP.

                          I propose :
                          Serach```
                          $ourhostname = (is_ipaddrv6($ifip)) ? "[{$ifip}]" : "{$ifip}";

                          change for this
                          

                          $ourhostname = (is_ipaddrv6($ifip)) ? "[{$ifip}]" : $cpcfg['httpsname'];

                          In /etc/inc/captiveportal.inc
                          
                          "Works for me" ™  ;)

                          No "help me" PM's please. Use the forum, the community will thank you.
                          Edit : and where are the logs ??

                          1 Reply Last reply Reply Quote 0
                          • L
                            lsense
                            last edited by

                            my plan is to use $config['captiveportal']['httpsname']  that is "HTTPS server name" in web gui to configure what clients see in the address bar even if we are not using https.

                            portal_ip_from_client_ip($clientip)  is not called at all.

                            1 Reply Last reply Reply Quote 0
                            • GertjanG
                              Gertjan
                              last edited by

                              @lsense:

                              my plan is to use $config['captiveportal']['httpsname'] …...

                              this should be the same as 
                              $cpcfg = $config['captiveportal'][$cpzone]['httpsname']
                              (see function portal_hostname_from_client_ip($cliip) in /etc/inc/captiveportal.inc - pfSense 2.1.3)
                              @lsense:

                              that is "HTTPS server name" in web gui to configure what clients see in the address bar even if we are not using https.

                              Well, this is where I need to explain:
                              "Works for me" ™
                              $cpcfg['httpsname'] is only set when you activate (ones) the "activate https authentication on the captive portal settings page.
                              This will be done if you put in valid certificates …
                              Not very difficult, its explaine here: https://forum.pfsense.org/index.php?board=2.0 The very first subject PFsense 2.1 MultiCP and https with Windows Radius Guide.
                              As soon as "https" is setup and valid, de-activate it.
                              The tric is: the $cpcfg['httpsname'] will be grayed out, but remains set and valid (so, you can use it as I did above  ;)).
                              Exemple:
                              My domaine is
                              brit-hotel-fumel.net (to be set on the General setup page).
                              The portal 'host' = 'portal' (IP 192.168.2.1, as set on the DNS Forwarder page)
                              So, my 'httpsname' will be portal.brit-hotel-fumel.net

                              When people connect to my Wifi network they will get an IP (they don't connect yet).
                              They can ping at that very moment alreay portal.brit-hotel-fumel.net - this MUST give back a reply.
                              This means the host name is resolved.
                              This means that host name can be used instead of 192.168.2.1
                              And that's what the subject is all about.

                              @lsense:

                              portal_ip_from_client_ip($clientip)  is not called at all.

                              For me, this is correct, because I'm using https login.
                              For non-https login, this function will be called:
                              (see function portal_hostname_from_client_ip($cliip) in /etc/inc/captiveportal.inc - pfSense 2.1.3)

                              No "help me" PM's please. Use the forum, the community will thank you.
                              Edit : and where are the logs ??

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.