Captive Portal redirect traffic to squid after auth



  • Hi!

    Need help!

    We have PS 2.2.3-RELEASE (amd64)  Squid3 0.2.8.

    Captive portal (with Radius auth), squid (with Captive portal auth). We need logging users activity (now squid normaly log users names via CP auth).

    CP work fine, users can logon, manualy set squid as proxy in browser, internet work fine  :-X

    BUT, i need auto redirect all traffic (http, https ) after user logon via CP to squid (3128) …

    I try "Patch captive portal" in squid - not working ? or not for this ? ((( try make NAT rule - work is horror (((

    Squid transparent mode = NO, we need logging and make reports by every users, WPAD = NO, we have some vips with MAC pass CP ...

    Plaese, help!!!

    Tnx


  • Banned

    As answered zillion times before: This will NOT work.



  • Hi,
    Before doing this:
    @Dizzy_Read:

    I try "Patch captive portal" in squid - not working ? or not for this ? ((( try make NAT rule - work is horror (((

    checkout /etc/inc/captiveportal.inc
    After 'patching', checkout /etc/inc/captiveportal.inc again.
    Compare.
    Conclude that the 'patch' totally 'destroyed' the file, so understand that "Squid" will break the captive portal.



  • Hi!

    my captiveporal.ini in attach

    I see only this mod by squid ?

    $ips = "{ 255.255.255.255 or {$ips} }";
    $cprules .= "add {$rulenum} skipto 65314 ip from any to {$ips} 3128 in\n";
    $cprules .= "add {$rulenum} skipto 65314 ip from {$ips} 3128 to any out\n";
    $cprules .= "add {$rulenum} pass ip from any to {$ips} in\n";

    Any ideas ? (((( or way to log and simply report users Internet access via CP ?

    captiveportal_inc.txt



  • Comparing what to what ?

    I consider that this is the base : https://github.com/pfsense/pfsense/blob/master/etc/inc/captiveportal.inc which is, according to https://github.com/pfsense/pfsense/commits/master/etc/inc/captiveportal.inc THE clean pfSense 2.2.3 file version. All other version are outdated at least, totally not supported** at best.
    2376 llines.
    Your file is smaller !! (2248 lines)

    ** not that one body wants to help you, but because no one remembers the bugs from back then ….  ;)


  • Banned

    @Gertjan:

    Your file is smaller !! (2248 lines)

    You need to look at the RELENG_2_2 branch (2246 lines). Regardless, this whole thread is just huge WTF.

    BUT, i need auto redirect all traffic (http, https ) after user logon via CP to squid (3128) …

    Why on earth don't you make the proxy transparent? That's what transparent does. Automatically redirect all the traffic.



  • Why on earth don't you make the proxy transparent? That's what transparent does. Automatically redirect all the traffic.

    transparent squid forward only OR 80 (HTTP) … its 1-st

    2-nd Squid transparent mode = NO, we need logging and make reports by every users,


  • Banned

    Good luck.


Log in to reply