Openvpn with captive portal



  • As I can't replay to this thread I start another one with the same topic

    https://forum.pfsense.org/index.php?topic=25128.msg130217#msg130217

    pfsense version 2.2.2

    My goal is to limits access for surten LAN clients for http and https.

    With proxy server I only manage to filter port 80 so they started to use https (tor) to bypass it.

    I then started to test what Captive portal has to offer. I has a Mac pass throw list but I ended up with the same issue as the link above.

    I don't want to register every vpn clients with theirs MAC addresses.

    But what seems to work is in Service -> Captive Portal -> Allowed IP addresses  I have put in the VPN tunnels ip range e.g 192.168.2.0/24

    (My LAN subnet is 192.168.100.0/24)

    VPN clients can now use network resources on the LAN and clients who hasn't their MAC address in the list will not be able to reach the WAN.

    What I have not achieved is to “punch a hole” in the Captive Portal for letting mail to pass for all LAN clients.

    From this tip ..

    http://oppcodester.blogspot.se/2014/04/pfsense-captive-portal-passthrough-port.html

    I have added ..

    add 25 pass tcp from any to any out  #default smtp port
    add 465 pass tcp from any to any out #default smtp ssl port
    add 110 pass tcp from any to any out #default pop port
    add 143 pass tcp from any to any out #default imap port

    in /etc/inc/captiveportal.inc

    at line

    https://github.com/pfsense/pfsense/blob/master/etc/inc/captiveportal.inc#L597

    but with no luck.

    I would have been nice with also a list of pass throw ports in Captive Portal.

    Any suggestion/thoughts or is there another way to limit access for https for surten clients ?