Hotspot issue



  • For a few days i am struggling to implement hotspot on a segment (VLAN 40) of my network.

    I tried captiveportal but it did not works when using https (works with http and in all videos  you can see in youtube since the guys use a http://www.xxx.xxx as homepage), which is not the case for 99% default homepage of all browser -> certificate issue (i try to create some cert in pfsense (following doc and vid)…..copy/paste stuff in captiveportal https section without any success).

    Then i use to read that it is not part of is duty..only http..well captiveportal become useless for me in this case. Then i was thinking about what happen if someone wanna use skype without opening a web browser first ?

    1. then i tried with freeradius (in fact i tried it first... anyway)..works well with everything (apple os ,android, linux, xp (with a warning for xp)) except windows 7 (did not try windows 8)...the same pbl again..certificate issue in the freeradius's log...may be it will work with manual settings on the client but it is not what i want.

    I want something that people come to my place, see a free ssid, try to connect and a window' logon pop up asking to insert login and password for all type of OS.

    is that possible ?
    should i investigated more on certificate ?

    Certificate for me it s a nightmare and i did not understand well how it works and where u can get some (openssl or stuff..CA cert,import, download on the client...)..is there any auto certificate ?

    I try with pfsense 2.1 and then with 2.0.3 and got only 2 NICS...1 WAN with fix IP and 1 LAN, dedicated for dhcp and hotspot (captiveportal and/or radius)

    thanks for help,



  • @pietropaolo:

    Then i was thinking about what happen if someone wanna use skype without opening a web browser first ?

    The guest will not be able to access Skype until after they use a browser to visit the portal page (by default).

    @pietropaolo:

    I want something that people come to my place, see a free ssid, try to connect and a window' logon pop up asking to insert login and password for all type of OS.
    is that possible ?

    It won't be an "MS Windows Logon" or a popup. Captive Portal works by redirecting the guest's browser requests to the portal page before it allows traffic out. Your guests will have to be told (or simply work it out on their own) to open a browser before they can "connect" to the Internet.

    @pietropaolo:

    should i investigated more on certificate ?

    Certificate for me it s a nightmare and i did not understand well how it works and where u can get some (openssl or stuff..CA cert,import, download on the client…)..is there any auto certificate ?

    The certificate's primary purpose is to encrypt the guest's authentication information to the portal only. The certificate is only used during that very first connection to the portal page so it might not be worth the effort if it's giving you too much headache. After they visit the portal page, they will be able to use https normally to external sites.

    Since you're doing wireless, it would probably be wise to have the certificate installed otherwise the portal username and password would be exposed to sniffing. You can create and use a self-signed certificate in pfSense itself but that will create an extra prompt the user will need to accept.
    https://doc.pfsense.org/index.php/Certificate_Management

    If you need a really polished and smooth process, you'll have to get a "real" certificate.
    https://www.google.com/search?q=ssl+certificate+free

    There's a LOT on certificates and captive portals in The Book http://pfsense.org/book



  • https://forum.pfsense.org/index.php?topic=63791.0

    post above explains in full detail how to get certificates working. just ignore the parts that are irrelevant to you … like the windows radius server setup



  • I gonna try thanks.

    As i do not want to mess up anything, may i use a gmail.com account of mine to create a certificate from startssl.

    If not, i ve got a real domain name as well blablabla.eu

    Thanks for help.

    "It won't be an "MS Windows Logon" or a popup"
    I was speaking about freeradius..section 2)
    Why radius is so hard to implement on W7 ?


Log in to reply