Openvpn with captive portal

  • As I can't replay to this thread I start another one with the same topic

    pfsense version 2.2.2

    My goal is to limits access for surten LAN clients for http and https.

    With proxy server I only manage to filter port 80 so they started to use https (tor) to bypass it.

    I then started to test what Captive portal has to offer. I has a Mac pass throw list but I ended up with the same issue as the link above.

    I don't want to register every vpn clients with theirs MAC addresses.

    But what seems to work is in Service -> Captive Portal -> Allowed IP addresses  I have put in the VPN tunnels ip range e.g

    (My LAN subnet is

    VPN clients can now use network resources on the LAN and clients who hasn't their MAC address in the list will not be able to reach the WAN.

    What I have not achieved is to “punch a hole” in the Captive Portal for letting mail to pass for all LAN clients.

    From this tip ..

    I have added ..

    add 25 pass tcp from any to any out  #default smtp port
    add 465 pass tcp from any to any out #default smtp ssl port
    add 110 pass tcp from any to any out #default pop port
    add 143 pass tcp from any to any out #default imap port

    in /etc/inc/

    at line

    but with no luck.

    I would have been nice with also a list of pass throw ports in Captive Portal.

    Any suggestion/thoughts or is there another way to limit access for https for surten clients ?

Log in to reply