OPNsense Forum

Archive => 21.1 Legacy Series => Topic started by: tsystem on April 26, 2021, 03:27:21 pm

Title: [solved] Captive Portal catching traffic problem
Post by: tsystem on April 26, 2021, 03:27:21 pm

Hello,

I try to move my previous post ( from french forum ) hopping you can have more answer here !
Original post : https://forum.opnsense.org/index.php?topic=22697.0 (https://forum.opnsense.org/index.php?topic=22697.0)

My configuration is simple :
- 1 wan / 1 LAN ( for admin only) / 1 opt with 3 vlan
- I try to make a captive portal on 1 vlan (guest of course)
Firewall/rules/DHCP/vlans, everything work great

No problem for captive poral itself, configuration looks fine, OTP authentification / access lease work fine... my problem is to make the guests arriving on the portal page.

If i enter the portal address, everything work perfectly, but else, captive portal never intercept user's pages request  and i got a blank page with no internet connection / offline ...
I know it can be complicated for https request interception but i also got the problem with http simple page.

Maybe a special thing that i've not found in the doc or on all web tutorials on the subject ?

To make is simplier, is there a way to simulate a simple host to transfert it to the portal ip/port on the internal side for this vlan ?
http://portal => http://192.168.220.xxx:8000 ?

Thanks by advance for your help and all your ideas !
Let me know if some details are not clear with my poor english

Have a good day

Title: Re: Captive Portal catching traffic problem
Post by: tsystem on April 29, 2021, 07:45:54 pm

Hi,

So, problem partialy solved ! Not the guest catching that is totaly unstable...
but know i give a simple url to the guest :  "http://wifi" on which one he can connect really easy to arrive directly on portal without the need to enter an ip address with strange port (most of the people are really strangers with ip/port)

Here is my process if someone is interresting to do the same :
(i'm working on a guest vlan but you can do the same with lan or any other interface)
- service / DHCP / vlan guest : force DNS server on firewall IP ( = interna lresolution for the host)
- service unbound dns / overrides : create a host (A) named "wifi" pointing to firewall ip
- firewall / NAT / port forwarding  : add a rule on vlan guest interface
(this rule will force http incomming to be nat to captive portal port)

• tcp
• dest single host : ip firewall/32
• port dest: http
• redirection single host:ip du firewall
• port redirection 8000

- firewall / rules / vlan guest : duplicate captive portal rule (8000-1000) and edit port to 80-80

it's work


Hope it can help someone