Messages

1

17.1 Legacy Series / web proxy log

« on: March 16, 2017, 11:51:37 am »

Hello,
Please, is it possible to view a log of all url visited by mac or ip in the web gui? or better still by usernames for the captive portal?

2

17.1 Legacy Series / Re: Captive portal MAC address clone

« on: March 10, 2017, 09:18:32 pm »

Thank you very much for the insight. Will update when I return to the site.

3

17.1 Legacy Series / Re: Captive portal MAC address clone

« on: March 10, 2017, 08:53:09 pm »

If I may,
1. OPNsense wifi network (on board wifi card 192.168.4.1) is running a DHCP server
2. SSID of OPNsense onboard wifi is being repeated by LinksysWRT54G running dd-wrt in repeater bridge mode.
3. Clients connecting to OPNsense wifi network and the repeater bridge signal both receive unique IP addresses from the DHCP pool.
4. In Services>DHCP>leases , I see all connected clients (both via repeater and direct AP link) with their unique IP and MAC addresses.
5. However only in Captive Portal do I see the clients MAC replaced with the repeaters MAC

I do not know if its relevant but, I was earlier having issues with captive portal login for the wifi interface due to very short session timeouts (apparently an issue in parsing the mac addresses), A patch (opnsense-patch 3151c87) was applied to remedy the situation.

4

17.1 Legacy Series / Re: Captive Portal with Blacklisting WEbsites

« on: March 10, 2017, 08:35:54 pm »

I have a similar setup, after the work around to make CP and webproxy work, the login page fails to redirect .

5

17.1 Legacy Series / Re: Captive portal MAC address clone

« on: March 10, 2017, 08:23:46 pm »

Thank you for the response . Could you please clarify:

.... Note that DHCP has a field containing a forwarding device.

6

17.1 Legacy Series / Captive portal MAC address clone

« on: March 10, 2017, 05:52:14 pm »

Hello,
Captive portal logs devices with the mac address of the wifi repeater (dd-wrt on linksys WRT54G) instead of clients pc or phone mac. DHCP however assigns captures real MAC of devices with the IP leases. This forces the clients to re-login multiple times in the day, especially when they move from a repeater to another. Is this normal behavior or a bug?
below is my network topography
                      Internet
                            |
                 OPNsense Router
                 |                     |
      (LAN no DHCP)        (WIFI with DHCP)
       192.168.3.0/24                 192.168.4.0/24
                |                                |
  CLIENT PC's (static IPS)          Repeaters x 3
                                                     |
                                                CLIENT PC's

The LAN (WIRED) network is connected to a switch with an already existing network DHCP enabled 172...... so enabling DHCP on that network posses a lot of discomfort for both networks as no one can tell where the address will be issued from.
Any help  with the repeaters masking the mac address of the clients is greatly appreciated. I am also open to suggestions concerning optimizing my network setup.

7

17.1 Legacy Series / Re: Session Time-out (captive portal)

« on: February 28, 2017, 08:21:21 pm »

I reset the firewall to factory defaults and setup the network again. wifi network was setup using https://docs.opnsense.org/manual/captiveportal.html

the following was noted.
1. captive portal logins from LAN (cable) successfully logged in and stayed logged in.

2. captive portal logins from wifi (OPT1) successfully logged in but session ended in 30sec or less.  On captive portal sessions tab, instead of the mac address, this was shown: "   h0_wlan1 expires in 113 sec".

any pointers will be pretty much appreciated.

8

17.1 Legacy Series / Session Time-out (captive portal)

« on: February 28, 2017, 06:56:46 am »

Hi
My current OPNsense install is 17.1.2

Setup is as follows:
Internet =>OPNsense => (2 NICS 1. cable 192.168.3.1  2. wifi 192.168.4.1 + repeaters )

Issue:
Upon opening a page, client PC is presented with portal page (as expected),
upon login the client is successfully logged in and redirected to the page requested. BUT any other tab or page opened presents the portal page again or no response with the browser attempting to establish a connection!

On captive portal sessions, I observe the client successfully logged in with mac address "   h0_wlan1 expires in 113 sec" . sometimes 30 sec.

Any help pls?

9

17.1 Legacy Series / Re: [SOLVED] Captive Portal login loop

« on: February 26, 2017, 07:15:08 pm »

Hello,
Unfortunately the issue is not resolved.
My current OPNsense install is 17.1.2

Setup is as follows:
Internet =>OPNsense => (2 NICS 1. cable 192.168.3.1  2. wifi 192.168.4.1 + repeaters )

Issue:
Upon opening a page, client PC is presented with portal page (as expected),
upon login the client is successfully logged in and redirected to the page requested. BUT any other tab or page opened presents the portal page again or no response with the browser attempting to establish a connection!

On captive portal sessions, I observe the client successfully logged in with mac address "   h0_wlan1 expires in 1113 sec" . sometimes 30 sec.

Any help pls?

10

17.1 Legacy Series / Import Users - CSV

« on: February 23, 2017, 06:52:32 am »

I am trying to add a list of users with passwords (over 100) for captive portal login. This is a csv file, Is it possible to import the list to the local database for authentication? If yes, any directions pls?

11

17.1 Legacy Series / Captive portal and Web proxy conflict

« on: February 22, 2017, 07:03:48 pm »

I have made the following observation and would appreciate assistance. Running ver 17.1.1

1. Captive portal works great with user authentication for my lan and wifi guests
2. Web Proxy (transparent proxy ) works great with access restrictions

The issue is when I enable both captive portal (http transparent proxy enabled) and web proxy(http transparent proxy) in tandem.
I setup firewall rules per the documentation (https://docs.opnsense.org/manual/how-tos/proxytransparent.html and https://docs.opnsense.org/manual/how-tos/cachingproxy.html) to block proxy bypass and redirect traffic to proxy.

This brings about a whole lot of undesired effects:
1. web pages are incredibly slow to open on both lan and OPT1(wifi) interfaces
2. captive portal page usually does not show up for a new client on the network and when it does, there a redirect issues.

Any advice on how to set up OPNsense to catch all clients and present them with the login as well as benefit from the web proxy access control list feature will be much appreciated.

12

17.1 Legacy Series / Re: [SOLVED] Captive Portal login loop

« on: February 20, 2017, 06:02:11 pm »

thank you very much.
eagerly waiting for OPNsense 17.1.2 on Wednesday

13

17.1 Legacy Series / Re: Captive Portal login loop

« on: February 20, 2017, 07:57:41 am »

I dont know if this helps, but i realised after connecting to a new network, the sites the captive portal was redirecting to, takes very long to open or do not open at all, sometimes I see the captive portal url in the browser even though i am not behind the OPNsense firewall(http://192.168.4.1:8000/index.html?redirurl=google.com/).

Any help, pls?

14

17.1 Legacy Series / Limit concurrent login

« on: February 20, 2017, 07:04:05 am »

Hello,
Please, is it possible to limit the no. of concurrent logins to say 3 per each username as opposed to the either once or unlimited ?

Thank you.

15

17.1 Legacy Series / Captive Portal login loop

« on: February 20, 2017, 12:52:05 am »

Hello,
I am new to OPNsense. I had it setup with 2 NICs , everything was fine including my captive portal.
I enabled my wireless card, and created another network for wifi. Internet works great! Now when I created captive portal with voucher and local server auth. , the portal page opens when client pc connects, then the following happens After entering username and password / voucher details:

1. nothing happens, page doesnt redirect. when you try to browse from another Tab or window, it asks for credentials again.

2.  Client gets logged in and redirected, when a new tab is opened, it requests for credentials again.

3. The page redirects to the portal IP with an error.

in all three scenarios I can reach the web GUI via the LAN IP or WLAN IP address.

As soon as CP is deactivated, internet works perfectly. My setup looks like this:

ADSL modem=>OPNsense=>LAN (192.168.3.1) WLAN (192.168.4.1) with repeater.

your help is greatly appreciated. Thank you