Greetings folks!
So here's the situation:
My daughter is at school and they provide free wifi access for the entire school population, controlled through captive portal logins, using their school ID and password. For devices like phones, tablets, and most PCs, joining the wifi access point is pretty darned simple.
I'd like to give my daughter her own OPNsense box, using the school's wifi as the WAN. Testing at home was pretty straight forward, as the USB wifi card connected to my home wifi, using WPA2.
I don't have a captive portal at home, but could easily set one up for testing.
I'm not sure how to go about automating the wifi connection to a captive portal. Can this be done through a plug-in, or a scripting language? Heck, I'd be happy to write a plug-in to do this, with the proper guidance from experienced BSD folks holding my hand a little.
Anyone got any ideas?
What is the purpose of the extra firewall?
You need to speak to the school IT support to bypass their portal.
The purpose is to have the firewall use WireGuard to connect to home, transparently. And their IT department is clueless about the captive portal. I'm pretty sure they're playing dumb just because they don't want to have devices like this on their network.
Why not to just set on yours daughter devices (phones, laptops, etc.) the Wireguard directly? With the Home OPNsense to be the WG Server?
Regards,
S.
You can use OpenVPN with the port-share option sharing TCP 443 with a web server. Perhaps the school portal will allow the VPN after the web session has been established.
However, you are using their network and this may not align with their T&C's.
I think y'alls are missing the point. I'm not looking to solve the VPN issue. I'm looking to automate logging into a captive portal.
Plus some of her devices are embedded (TV, etc) and can't use WireGuard or any VPN.
So back to my original question: Is it possible to log into a captive portal in OPNsense?
Maybe I am missing here something but you mentioned the school & school wifi as WAN & use WireGuard to connect to home.
But I guess your daughter is most likely on collage?
And has a lot of stuff that connects to the internet?
And basically what you want to do is:
1. Put Daughter_OPNsense as her GW?
2. Have the OPNsense log into the school system captive portal?
3. Connect Daughter_OPNsense to your home network via WG?
Regards,
S.
That is EXACTLY correct. The only part I'm having trouble with is automating the captive portal login.
So no one is able, or willing to help me with this?
I think what you want to achieve is not a simple task.
Captive portals are designed to be user interactive e.g.
Browser > redirect landing page > user input login > internet
In order to have a device logged in that doesn't have browser you would have to have some coding skills, understatement of HTTP/s and good knowledge of their captive portal.
It would be way easier, if just they made an exclusion and allowed login without this.
Regards,
S.
I certainly didn't expect this to be easy. And I do possess the skills and knowledge you mentioned. I just need some help integrating that into OPNsense.
SOLVED:
You'd think they would occasionally force the users to re-login after a certain amount of time, but NO! Once the MAC address is in their approved DB (by logging in), it never needs to be re-approved.
So the solution? Use my phone with a randomized MAC to login, jotting down the MAC I used to login. Then cloning the MAC into the wifi adapter. It's just that simple. Stupid and simple.
Your mileage may vary.
Where the heck were you two weeks ago? Well, if they ever update their system, I'll give it a shot. Thank you.