Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Hotspot issue

    General pfSense Questions
    3
    4
    688
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pietropaolo last edited by

      For a few days i am struggling to implement hotspot on a segment (VLAN 40) of my network.

      I tried captiveportal but it did not works when using https (works with http and in all videos  you can see in youtube since the guys use a http://www.xxx.xxx as homepage), which is not the case for 99% default homepage of all browser -> certificate issue (i try to create some cert in pfsense (following doc and vid)…..copy/paste stuff in captiveportal https section without any success).

      Then i use to read that it is not part of is duty..only http..well captiveportal become useless for me in this case. Then i was thinking about what happen if someone wanna use skype without opening a web browser first ?

      1. then i tried with freeradius (in fact i tried it first... anyway)..works well with everything (apple os ,android, linux, xp (with a warning for xp)) except windows 7 (did not try windows 8)...the same pbl again..certificate issue in the freeradius's log...may be it will work with manual settings on the client but it is not what i want.

      I want something that people come to my place, see a free ssid, try to connect and a window' logon pop up asking to insert login and password for all type of OS.

      is that possible ?
      should i investigated more on certificate ?

      Certificate for me it s a nightmare and i did not understand well how it works and where u can get some (openssl or stuff..CA cert,import, download on the client...)..is there any auto certificate ?

      I try with pfsense 2.1 and then with 2.0.3 and got only 2 NICS...1 WAN with fix IP and 1 LAN, dedicated for dhcp and hotspot (captiveportal and/or radius)

      thanks for help,

      1 Reply Last reply Reply Quote 0
      • M
        MindfulCoyote last edited by

        @pietropaolo:

        Then i was thinking about what happen if someone wanna use skype without opening a web browser first ?

        The guest will not be able to access Skype until after they use a browser to visit the portal page (by default).

        @pietropaolo:

        I want something that people come to my place, see a free ssid, try to connect and a window' logon pop up asking to insert login and password for all type of OS.
        is that possible ?

        It won't be an "MS Windows Logon" or a popup. Captive Portal works by redirecting the guest's browser requests to the portal page before it allows traffic out. Your guests will have to be told (or simply work it out on their own) to open a browser before they can "connect" to the Internet.

        @pietropaolo:

        should i investigated more on certificate ?

        Certificate for me it s a nightmare and i did not understand well how it works and where u can get some (openssl or stuff..CA cert,import, download on the client…)..is there any auto certificate ?

        The certificate's primary purpose is to encrypt the guest's authentication information to the portal only. The certificate is only used during that very first connection to the portal page so it might not be worth the effort if it's giving you too much headache. After they visit the portal page, they will be able to use https normally to external sites.

        Since you're doing wireless, it would probably be wise to have the certificate installed otherwise the portal username and password would be exposed to sniffing. You can create and use a self-signed certificate in pfSense itself but that will create an extra prompt the user will need to accept.
        https://doc.pfsense.org/index.php/Certificate_Management

        If you need a really polished and smooth process, you'll have to get a "real" certificate.
        https://www.google.com/search?q=ssl+certificate+free

        There's a LOT on certificates and captive portals in The Book http://pfsense.org/book

        1 Reply Last reply Reply Quote 0
        • H
          heper last edited by

          https://forum.pfsense.org/index.php?topic=63791.0

          post above explains in full detail how to get certificates working. just ignore the parts that are irrelevant to you … like the windows radius server setup

          1 Reply Last reply Reply Quote 0
          • P
            pietropaolo last edited by

            I gonna try thanks.

            As i do not want to mess up anything, may i use a gmail.com account of mine to create a certificate from startssl.

            If not, i ve got a real domain name as well blablabla.eu

            Thanks for help.

            "It won't be an "MS Windows Logon" or a popup"
            I was speaking about freeradius..section 2)
            Why radius is so hard to implement on W7 ?

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy