pfSense Gold Subscription

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - retestreak

Pages: [1]
1
I have followed a guide to install an external certificate authority and certificate from StartSSL on pfSense.

After I was done I came to realize that this would never work because I do not own a public domain and this is not possible for me to do.

My question being:
How do I configure SSL/HTTPS for (WebConfigurator, Captive Portal, Squid) without having a security warning on modern chrome browser?

I did try using the command to generate a new internal certificate from the internal CA it still displays the chrome security warning.

Thank you in advance  ;)


@AndrewZ is correct.  That should fix it.  Also note that this is generally normal behavior and doesn't affect the security itself.  Pretty much all devices (Cisco, NetGear, etc.) connect via HTTPS now and use self-signed certificates.  As long as the security is still good and you are using modern ciphers and whatnot then it's just a warning that your browser doesn't know to trust the CA.  It doesn't mean anything is less safe.  I only say this because I've had people try to convince me that routers weren't secure because they get that warning when they go to https and not http.

Is there a way without having to add certificates on clients ?

2
I'm trying to find an alternative way to make a secured connection to my home network.
I'm behind an existing firewall and there are no ports open on my public IP. Neither do I have access to the ISP router.

Currently, I connect to my home network through Hamachi which is installed on one of the clients.

Hamachi works great but has its negatives due to how slow it can be.

Reverse SSH tunneling is not an option either because ssh port is disabled.

Are there any alternatives or solutions ?

Thank you in advance,
Retestreak  ;)

3
General Questions / SSL/HTTPS on local pfSense w/o public accessible domain
« on: November 09, 2017, 05:07:36 am »
I have followed a guide to install an external certificate authority and certificate from StartSSL on pfSense.

After I was done I came to realize that this would never work because I do not own a public domain and this is not possible for me to do.

My question being:
How do I configure SSL/HTTPS for (WebConfigurator, Captive Portal, Squid) without having a security warning on modern chrome browser?

I did try using the command to generate a new internal certificate from the internal CA it still displays the chrome security warning.

Thank you in advance  ;)

4
Captive Portal / Re: Captive portal ngingx 403 Forbidden error
« on: November 06, 2017, 03:18:02 am »
....
I'm sorry it is not port 2000 it is the default one. 8002
Aha .. ok.


And the problem with the file manager on PFsense is that i'm not allowed to upload more then a couple MB.
That problem was solved in the eighties already. Golden Rule : a home page or landing page should be small.
Several Megas of pure code for a page ? Don't. Never. Ever.
Big images ? Don't. Include the images or media into your html by links, and upload them separately. Thus breaking the total absolute file size to less big.

Remember : all these megas are also stored into the unique system config file. Don't bloat it, or it will blow ...


I'm thinking about performing a reset to factory defaults... I think i messed up my box.
Well ... if you only edited settings that a reset will do fine.

Should i try the force_fsk  ? Will this fix anything?
fsk - as the famous chkdsk from DOS (and still Windows) will only show low level file system errors. If these happens than your are hitting the reset button far to often (typical : never use this button will do) or your hardware (drives) is utterly failing ....

I advise you to use the default login page, on build up from there.
As soon as everything breaks, you know where to look.

Btw  of course it IS possible to upload YOUR own 'huge' captiive portal  login file.
But .... FIRST check out /etc/inc/captiveportal.inc - you will discover that the "htlml login page" is created on the fly when a client logs in. Some 'have to be there variables are changed for their actual values before it's written to a temp file that the web server uses to "serve the client".
So .... be ready to rewrite parts of the PHP (means : dead easy, so simple ....) that handle the captive portal.

Put your page on a diet. It should be a login page, not some Youtube look alike.

Heel erg bedankt Gertjan ;) (Thanks a lot)

My portal page might be a bit too much..
What do you think ?

https://ufile.io/xuf2m


5
Captive Portal / Re: Captive portal ngingx 403 Forbidden error
« on: November 06, 2017, 02:39:41 am »
I'm using a custom captive portal page which I uploaded through sftp in the Captive portal folder
Totally not related, but why did you upload the file like that ? You are aware that you should use the GUI for that (so internal housekeeping like writing it to the config.xml, setting up the correct symbolic links etc are done correctly)

.....
.....
It's only accessible from LAN client if I put the IP address of OPT1
(10.22.11.1:2000)
.....
99 % of troubles are located right away if you respect 2 things :
Don't use non non-standard settings (like captive portal running on port 2000 .... I even wonder how you set this port number, it is auto generated and not user changeable - better : there is no need to do so)
Read https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting


Try this :
Save your config.
Reset to default.
Drop a big pass-all rule (TCP and UDP) on OPT1 (which is your captive portal).
Use the local pfSense User Mananger.
Add a user to it that has the right to visit (use) the portal.
Activate portal on OPT1 with default settings - default login page.
It works .... ;)

I'm sorry it is not port 2000 it is the default one. 8002
And the problem with the file manager on PFsense is that i'm not allowed to upload more then a couple MB.
My custom portal page is larger. And I'm not able to make directorys from the gui on the captive portal service .
Firewall rule on OPT1 = Allow any protocol to any destination.

I'm thinking about performing a reset to factory defaults... I think i messed up my box.
Should i try the force_fsk  ? Will this fix anything?

6
Captive Portal / Captive portal ngingx 403 Forbidden error
« on: November 06, 2017, 02:05:51 am »
I'm having problems with the captive portal service.
Somehow clients wont get redirected to the captive portal page.

I'm using a custom captive portal page which I uploaded through sftp in the Captive portal folder
The portal page is only shown when doing "Show page content".
DNS resolver is turned on and is active on any interface.
All DNS fields on the DHCP service is blank

(DHCP on Wireless access point is disabled)

I can't access the portal page from the LAN interface when I do live view
(192.168.69.1:8002) unless I click "Show page content"

It's only accessible from LAN client if I put the IP address of OPT1
(10.22.11.1:8002)

When I click Live view I get the NGINX Error 403 forbidden message.
I've checked permissions on the Captive portal and NGINX folder (not a permission issue ?)

Any help is appreciated
Thank you in advance  ;)

7
heyy guys, first of all thank you Deajan for the amazing work, really, it helps alot, now to my problem, i am currently on pfsense 2.3.4, and everything seems to be working fine except for the radius login part, i can see the users in the MYSQL database but they are all Rejected, the configuration of the ports on the radius server is ok, i was able to find this in the logs

 "Invalid user (sql1: Failed to create the pair: Invalid vendor name in attribute name "Password"): [123] (from client tester port 2010 cli "

i believe from what ive read that there is no such thing as apassword atribute, it must be Cleartext-Password, the problem is that i cant seem to find where to change the value, could you please help me out?,   

FYI if i use the test user and test password i can log in no problem and the mysql database also reflects that, so im guessing its just some sintaxis problem.

thanks

Do you found a Solution?

Thanks for the help :)

I've changed the Cleartext-password atribute in the schema.sql to ":=" and I had to enter my database password in the captive portal setting. Now everything works great.

8
I'm running the latest version of pfsense with freeradius3
I followed every detail in the guide but I still cant manage to make everything work.

I did try what user "srvrgt" suggested except changing the "==" to ";=" resulted in having an attribute error. ( I left the schema file as it was "==")
I've only changed the password value to cleartext-password in the php file.

Now I am facing 2 issues.

1. Whenever a client connects and fills in the form the user gets created in sql but somehow it is not showing up on radius clients tab.

2. When a client submits the form they first get redirected to the new captive portal after clicking the accept button the default pfsense captive portal comes on with the error code that username/password is wrong however
authentication for user testu:testp works because it is in the clients tab on radius

If someone could help me that would be great!
Thank you in advance

Pages: [1]