Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Blocked/deny HTTPS request over CP

    Captive Portal
    3
    8
    1170
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gilgela last edited by

      Hi All,

      Can somebody direct to the solution link for my problem..

      https://www.facebook.com and other HTTPS websites is still accessible over CP even without user/pass or vouchers input.

      anybody has a solution? thanks a lot

      1 Reply Last reply Reply Quote 0
      • J
        jaspras last edited by

        you Gotta give more info on your network / CP setup to help you dude..

        1 Reply Last reply Reply Quote 0
        • Derelict
          Derelict LAYER 8 Netgate last edited by

          pfSense's captive portal denies traffic to all destinations unless the device MAC or MAC/IP pair has an entry in the portal lists, or an entry exists in the portal's Allowed IP Addresses or Allowed Hostnames lists.

          If there is not an entry in the lists, traffic to port 80, and optionally port 443, is forwarded to the portal page.  All other traffic is dropped.

          What you're seeing is likely due to a misconfiguration.

          Chattanooga, Tennessee, USA
          The pfSense Book is free of charge!
          DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • G
            gilgela last edited by

            thanks to your responses..

            Ive set up pfsense box with CP running on it. So then, every devices that get connected to my Hotspot is redirecting to portal homepage which is 10.0.0.1:8000 …...

            here is my firewall on the attached. i also had Multi-Wan running. but my problem is.. Connected mobile devices can access Facebook and other websites via HTTPS. only regular websites using HTTP are automatically redirected to portal (10.0.0.1:8000) and HTTPS is not redirecting to it.

            Highly appreciated your guidelines and responses.

            cheers!
            GiL


            1 Reply Last reply Reply Quote 0
            • Derelict
              Derelict LAYER 8 Netgate last edited by

              Well, if that facebook block worked nobody on LAN could access facebook whether they were "logged into" the captive portal or not.  It's probably not going to work so you might as well get rid of it.

              That last rule permitting traffic from 10.0.1.0/24 is useless because traffic from 10.0.1.0/24 will never be received INBOUND on the LAN interface.

              I also don't understand your failover configuration.  One typically creates one gateway group.  That group determines the priority of the gateway to be used.  There is usually one rule with the gateway group as the gateway.  In fact, I don't think FailOver or FailOver2 will ever receive any traffic because the rule for LoadBalancer will be matched first.

              Which brings us to that.  You have given us no information on what that is.

              I would disable all those gateway rules, all the other rules already discussed, and create one "pass any from LAN net to any any via default gateway" and I'll bet your CP starts behaving normally.  Step back, get everything working, then add all your gadgets, one at a time, testing thoroughly along the way.

              You can't firewall openvpn connections with rules on LAN.  Not sure where you're going there either.  Sessions started by openvpn users are governed by rules on the openvpn interface.  All rules on pfSense interfaces are applied to traffic coming IN, or RECEIVED BY that interface.  They have no impact on traffic going OUT or TRANSMITTED BY that interface.

              Chattanooga, Tennessee, USA
              The pfSense Book is free of charge!
              DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • G
                gilgela last edited by

                Hi Derelict,

                thanks for your time..

                @Derelict:

                Well, if that facebook block worked nobody on LAN could access facebook whether they were "logged into" the captive portal or not.  It's probably not going to work so you might as well get rid of it.

                Yes you're correct. :) this is the last option i've done yesterday. ill remove this anyway.

                I'll take your advised and reconstruct my settings then iLL you know the results..

                Cheers! :)
                -GiL

                1 Reply Last reply Reply Quote 0
                • G
                  gilgela last edited by

                  Hi Derelict,

                  I think your advised work like a charm  ;D Im still monitoring on it since yesterday ,
                  and any request of HTTPS is redirected to the portal page..

                  I got that firewall settings somewhere in youtube. and I think that is also wrong..
                  Thanks for advising me on what is correct and appropriate setup.

                  btw, can I request for the link url for the correct OpenVPN setup.. I already had OpenVPN
                  running but what I need is to Optimize the speed.
                  may be you can give me hint for this one?

                  Thank you so much!

                  Cheers! :)
                  -GiL

                  1 Reply Last reply Reply Quote 0
                  • Derelict
                    Derelict LAYER 8 Netgate last edited by

                    Glad it's working.

                    You probably want to start another thread with your specific openvpn question in the openvpn forum.

                    Chattanooga, Tennessee, USA
                    The pfSense Book is free of charge!
                    DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post