External website and pre authentication

  • This seems to have been asked a bit, but looking at all the related posts, I still can't quite work this out (sorry).

    The scenario is I would like to have a couple of pfsense boxes talking a same-subnet php/mysql server which contains the custom portal page/site instead of placing it on the box, the main reason being that hosting multiple copies on multiple pfsense boxes doesn't scale brilliantly. I then want to pass the username/password/redirect url back in the post data so that pfsense can forward it to the radius server for auth. I understand (correct me if I'm wrong!) that I need to have the captive portal intercept the user, do a redirect to an external web page, which then does a post containing the

    code. I guess I need to change the post to include the captive portal server, but don't really understand this PORTAL_ACTION variable. What would the post look like from the external web server?

    According to this post :
    I need to change the pfsense captive portal page to include the code listed there and maybe use the pre-auth bit, which seems to write the redirecturl string in the captiveportal generated html page.
    I'm just not too sure about this custom pfsense php page - would I include the code in the forum post above, and just rewrite the header to point to the external web site in that page? What url should the external web site then post back to? Is <captiveportalip>:8000/index.php enough, alongside the standard data in the post above?

    Sorry it's a noddy question, but the internal variables are stumping me a bit, and I have limited time to take the php apart to see how the server does it's various bits.

    Yours hopefully!

  • mdmogreen solved this very problem and it worked perfectly for me.


    I came up with this to use an external splash page:

    1. Make sure to add the host where you're going to host your page to Allowed Hostnames

    2. Use this code to redirect and pass the variables, (I only passed a few here that I needed, you can add more using the same method) the only downside is that if a user has JavaScript disabled in their browser they will have to click a button to load the page…

    Make you you replace "http://www.myserver.com/splashpage.php" with the URL you want to redirect to.

    <form action="http://www.myserver.com/splashpage.php" method="post" id="redirectform">
    Javascript is disabled, click to 
    1. You'll then be able to pull on the variables from $_POST on your new page.
      Example code for your external page:

    Source: https://forum.pfsense.org/index.php?topic=46015.0

Log in to reply