pfSense Support Subscription

Author Topic: Need Help with https log in  (Read 134 times)

0 Members and 1 Guest are viewing this topic.

Offline AYSMAN

  • Jr. Member
  • **
  • Posts: 47
  • Karma: +0/-0
    • View Profile
Need Help with https log in
« on: November 27, 2017, 03:58:02 am »
Hi guys,

I recently updated to Version 2.4.2 I have an issue when enabling https log in for my captive portal.

what I did is define the FQDN in the DNS forwarder service (host overrides) and use it in the captive portal "HTTPS server name" but the guest gets redirected to the pfsense log in page, Not the captive portal page.

Anyone knows how to fix this? or maybe I did something wrong with the set up.

Thanks

Offline Gloom

  • Full Member
  • ***
  • Posts: 227
  • Karma: +5/-0
    • View Profile
Re: Need Help with https log in
« Reply #1 on: November 27, 2017, 04:13:06 am »
Best guess based on that limited information is that you are running your captive portal on the same interface as the access to the pfsense box. So try the below.

Move your pfsense login page to a port other than 443 under System -> Advances ->Admin Access and put something like 4443 in the TCP port field. Then restart.
Never underestimate the power of human stupidity

Offline Gertjan

  • Hero Member
  • *****
  • Posts: 2147
  • Karma: +165/-9
    • View Profile
Re: Need Help with https log in
« Reply #2 on: November 27, 2017, 07:57:43 am »
And take note of this : the most easy way of running a "Captive portal" is to put in on a dedicated interface.

Offline AYSMAN

  • Jr. Member
  • **
  • Posts: 47
  • Karma: +0/-0
    • View Profile
Re: Need Help with https log in
« Reply #3 on: November 30, 2017, 09:42:35 pm »
Hello Again,

Here is network set up

I Have 3 ports being utilized in my pfsense unit

Port 1 - ADMIN Interface: 192.168.2.1/20
Port 2 - WIFI Interface: 172.16.1.1/20
Port 3 - WAN Interface

What I did;

Captive Portal is being used in WIFI Interface Only
On Captive Portal Settings;

Captive Portal Zone Name - guestportal
Log Out Button - Enabled
HTTPS Log In - Enabled
HTTPS Server Name - guestportal.net
HTTPS Forwards - Disabled

Services> DNS Forwarder
Added Host Override:
Host - guestportal
Domain - net
IP Address - 172.16.1.1 (IP of WIFI Interface for Captive Portal)

Here is whats happening:
Upon connecting to Wifi, the client device automatically gets redirected to captive portal log in page (no problem here) although I've noticed in pFsense version 2.4.2 the Portal URL is
https://guestportal.net:8003/?zone=guestportal on earlier pfsense version it was only like https://guestportal.net:8003

The problem is when a client wants to log out and they typed into the browser address bar guestportal.net instead of being redirected to the log out page of the captive portal, the browser gets redirected instead to pfsense log in page on that interface.

Did I miss something in the set up?

Offline Gertjan

  • Hero Member
  • *****
  • Posts: 2147
  • Karma: +165/-9
    • View Profile
Re: Need Help with https log in
« Reply #4 on: December 01, 2017, 03:36:08 pm »
.....
I've noticed in pFsense version 2.4.2 the Portal URL is
https://guestportal.net:8003/?zone=guestportal on earlier pfsense version it was only like https://guestportal.net:8003
Yep, that's normal.
pfSense supports more then one captive portal, each being called a "zone".
This was implemented a couple of versions ago (2 years or so).

The problem is when a client wants to log out and they typed into the browser address bar guestportal.net instead of being redirected to the log out page of the captive portal, the browser gets redirected instead to pfsense log in page on that interface.
Did I miss something in the set up?
Yep. People should not have type in the address. To complicated - they WILL make errors. They should "accept" a popup windows (they actually never allow pop up in there browsers .... as you already know). The logout popup is send to the client when connecting, and if they really have a good reason to disconnect "by hand" they shouldn't close this window (and logically, accepts popup from your portal interface : so what about telling them when they login ?  ;)) - and they could use it when needed.