Captive Portal Reports



  • Sorry if this is the wrong place for this but..
    I'm brand new to pfs and a fair novice with linux, bsd etc… 
    Got pfsense, the proxy server squid, and captive portal all working great.
    got lightsquid installed and working (sort of)
    My problem is that lightsquid does not generate the user ID only the ip address.  Since I am using DHCP and many people BYOD this is almost useless.  I can assign ip's to the wired computers and start my DHCP pool at a higher address but 1. Will captive portal still function for those with an assigned IP? 2.  Will lightsquid still report activity on those computers? 3. Is there a way to make lightsquid use the user ID, or possibly a different package instead of lightsquid for reporting?

    Thaks in advance
    Jabo



  • lightsquid uses squid access.log, to see user id in lightsquid you should check the captive portal option in squid authentication tab, (thanks to marcelloc)



  • @mendilli
    As you can see unfortunately I do not have an option for captive portal.  But if you mean local I tried that and no difference.  Light squid does have an option for real names but again that assumes I'm not using DHCP.  And also in order to use auth I have to disable transparent proxy




  • you should install squid3-dev package for pfsense 2.1.5, I dont know package name for pfsense 2.2


  • Banned

    You should not install any proxy at all. You will just break the CP. @mendilli:

    you should check the captive portal option in squid authentication tab, (thanks to marcelloc)

    Yeah, that breaks CP files nicely…

    https://forum.pfsense.org/index.php?topic=91435.0
    https://redmine.pfsense.org/issues/4583

    ::) ::) ::)



  • sorry for missunderstanding but I am not talking about the ''patch captive portal'' option it is not working at all, I  am talking about the captive portal option in  squid authentication tab which makes captive portal usernames available in access.log,

    As to transparent proxy authentication problem, you can disable it and use wpad instead



  • doktornotor, pfsense have the option to use squid with cp, I have try that option and works.

    People need sw with features, this a useful feature for me, this take advantage of a proxy in a wireless environment.

    This is the 2nd time I see u saying 'stop braking cp with a proxy'.

    A lot of WISP love this and if u have a product with features built in is a good chance a lot people here will get $$$ if they know how to setup pfsense and will return supporting the product, cp with a proxy on it love it.

    Save bandwidth is what they want.

    Is my point of view of pfsense, have a great day!!!



  • @mendilli:

    lightsquid uses squid access.log, to see user id in lightsquid you should check the captive portal option in squid authentication tab, (thanks to marcelloc)

    All I wanted to do was:
    1. to install a simple firewall where users had to log in to gain access to the internet
    2.  be able to get user reports. 
    Didn't seem like to much I thought.  Didn't think that it would be like rocket science or that I would need a degree in computer science. Go figure.

    I did install squid3 but if I enable the captive portal option in auth 3 things happen:
    1. I can not use transparent mode, which is OK
    2. The squid service will not stay started it stops almost immediately
    3. If squid does start it does not log anything in non transparent mode

    I can get user reports if I do the following:
    1. enable captive portal using local for auth or no auth
    2. in proxy config enable local for authentication and add users AGAIN in the proxy area
    3. set up proxy on individual machines - makes no sense and nearly impossible in a BYOD world

    Guess I am just going to have to settle for IP reports till I can find a better option or system



  • @mendilli:

    sorry for missunderstanding but I am not talking about the ''patch captive portal'' option it is not working at all, I  am talking about the captive portal option in  squid authentication tab which makes captive portal usernames available in access.log,

    As to transparent proxy authentication problem, you can disable it and use wpad instead

    I installed the newer sqid3 dev package and I understood what you meant but that doesn't work.  If I enable the captive portal auth option sqid3 dev will not stay running and without transparent proxy sqid3 dev logs nothing

    Thanks
    Jabo



  • @jabo53:

    I installed the newer sqid3 dev package and I understood what you meant but that doesn't work.  If I enable the captive portal auth option sqid3 dev will not stay running and without transparent proxy sqid3 dev logs nothing

    Thanks
    Jabo

    on pfsense 2.1.5-amd64  I am using squid3-dev with captiveportal authentication  flawlessly



  • @mendilli:

    @jabo53:

    I installed the newer sqid3 dev package and I understood what you meant but that doesn't work.  If I enable the captive portal auth option sqid3 dev will not stay running and without transparent proxy sqid3 dev logs nothing.

    Thanks
    Jabo

    on pfsense 2.1.5-amd64  I am using squid3-dev with captiveportal authentication  flawlessly

    It certainly could be something in my configuration. I'm no BSD genius that is for sure.  But I did follow the directions from pfsense docs and most everything is working great.  A little issues with sarg reports but I got a workaround for that.  It's probably some kind of combination of configuration between captive portal and proxy server.  Earlier you mentioned I could use "WPAD" as authentication.  I did not see that as an option anywhere.
    I can live with this but getting actual user ID reports would be a really great thing.

    Thanks
    Jabo





  • unfortinately squid and captive portal does not like each other, when a client configured to use proxy (via wpad or manual browser configuration) captive portal is bypassed, to prevent this ,as far as I know, you should block direct access to squid port(ı am not sure maybe port 80)



  • on pfsense 2.1.5-amd64  I am using squid3-dev with captiveportal authentication  flawlessly

    Apparently you are the one in a million  8)


Log in to reply