Openvpn with captive portal
-
As I can't replay to this thread I start another one with the same topic
https://forum.pfsense.org/index.php?topic=25128.msg130217#msg130217
pfsense version 2.2.2
My goal is to limits access for surten LAN clients for http and https.
With proxy server I only manage to filter port 80 so they started to use https (tor) to bypass it.
I then started to test what Captive portal has to offer. I has a Mac pass throw list but I ended up with the same issue as the link above.
I don't want to register every vpn clients with theirs MAC addresses.
But what seems to work is in Service -> Captive Portal -> Allowed IP addresses I have put in the VPN tunnels ip range e.g 192.168.2.0/24
(My LAN subnet is 192.168.100.0/24)
VPN clients can now use network resources on the LAN and clients who hasn't their MAC address in the list will not be able to reach the WAN.
What I have not achieved is to “punch a hole” in the Captive Portal for letting mail to pass for all LAN clients.
From this tip ..
http://oppcodester.blogspot.se/2014/04/pfsense-captive-portal-passthrough-port.html
I have added ..
add 25 pass tcp from any to any out #default smtp port
add 465 pass tcp from any to any out #default smtp ssl port
add 110 pass tcp from any to any out #default pop port
add 143 pass tcp from any to any out #default imap portin /etc/inc/captiveportal.inc
at line
https://github.com/pfsense/pfsense/blob/master/etc/inc/captiveportal.inc#L597
but with no luck.
I would have been nice with also a list of pass throw ports in Captive Portal.
Any suggestion/thoughts or is there another way to limit access for https for surten clients ?