Captive Portal for IPsec Clients



  • Hi,
    we have the following scenario with pfsense version 2.2.4:

    Internet –- pfSense(Voucher-CaPo) =====IPSec-Tunnel===== RemoteFirewall(nonPfSense) --- Guests 10.0.220.0/24
                                      |
                                      |------------------ Guests 10.0.200.0/24

    The guests comming from 10.0.200.0/24 are running into captive portal but guests comming from 10.0.220.0/24 can access internet without  :o.
    Due to the fact that strongswan is not creating an ipsec interface I tried to bind captive portal to LAN only, LAN+WAN but this does not helped me.

    When clients from 10.0.220.0 access http://pfsense:8000 by hand they get a rewritten URL with the public IP address of the pfsense box of the captive portal page.

    Any hints for me?

    Thanks in advance
    Juergen


  • Banned

    Yeah, the hint is that this will never work.



  • cool.
    thanx

    Juergen


  • LAYER 8 Netgate

    Put a router doing captive portal in front of the router doing IPsec and it won't know the difference.

    WAY too much emphasis in the pfSense world at getting one "box" (node) doing everything.



  • @jnorthe:

    Any hints for me?

    Yeah, the captive portal needs a real interface (that you can select in the captive portal list). I havn't tested this, but if your remote firewall can do GRE, do an additional GRE tunnel over ipsec, that way you get an interface what should work. If you can do OpenVPN, this also work…

    /hp



  • WAY too much emphasis in the pfSense world at getting one "box" (node) doing everything.

    • 1 from for that.

    additional GRE tunnel over ipsec, that way you get an interface what should work.

    L2TP/IPSec would be the way to realize this.

    Internet –- pfSense(Voucher-CaPo) =====IPSec-Tunnel===== RemoteFirewall(nonPfSense) --- Guests 10.0.220.0/24

    One Question from me onto this, why not both sides are using then a pfSense firewall with Captive Portal?
    A small PC Engines APU is really able to hold this pfSense based Captive Portal for many users.


Log in to reply