Show Posts
1
Web Proxy Filtering and Caching / I'm trying to figure out the proper combo for captive portal + user based filter
« on: September 01, 2021, 07:01:39 pm »
Hi guys,
I'm just getting into OPNSense to help someone get away from watchguard and their high fees. The only thing I haven't figured out is how to mix captive portal with filtering. As far as I can tell, using the useracl plugin is the best option. But I haven't found a ton of specifics on it.
First of all, captive portal gets set up and working. Easy peasy. Web filtering with the remote ACL works great for a global filter for ads/porn/malware. But this is for a colony where they have manufacturing, schools, and homes. The manufacturing is pretty easy, they just need the general filter. But for the school they want to be able to do what they're doing now, which is logging in and getting access per user.
So the way it works is someone can jump on any PC, put their name and password into the captive portal, and get the appropriate access. So teachers have a mid level filter, kids have a very restrictive filter (no YouTube, even), and there's a few levels in between for age groups.
If I try to activate the captive portal and the transparent proxy I get certificate errors on the GUI. Plus, the filtering doesn't seem to work per user. Just the global.
Am I going about this all wrong? It's kind of easier in Watchguard, which is weird to me, but OPNSense seems so much easier in other ways I feel like I'm missing something obvious.
Btw, there is no domain or LDAP set up. It could be used if needed, but preferably not.
Thanks 👍
I'm just getting into OPNSense to help someone get away from watchguard and their high fees. The only thing I haven't figured out is how to mix captive portal with filtering. As far as I can tell, using the useracl plugin is the best option. But I haven't found a ton of specifics on it.
First of all, captive portal gets set up and working. Easy peasy. Web filtering with the remote ACL works great for a global filter for ads/porn/malware. But this is for a colony where they have manufacturing, schools, and homes. The manufacturing is pretty easy, they just need the general filter. But for the school they want to be able to do what they're doing now, which is logging in and getting access per user.
So the way it works is someone can jump on any PC, put their name and password into the captive portal, and get the appropriate access. So teachers have a mid level filter, kids have a very restrictive filter (no YouTube, even), and there's a few levels in between for age groups.
If I try to activate the captive portal and the transparent proxy I get certificate errors on the GUI. Plus, the filtering doesn't seem to work per user. Just the global.
Am I going about this all wrong? It's kind of easier in Watchguard, which is weird to me, but OPNSense seems so much easier in other ways I feel like I'm missing something obvious.
Btw, there is no domain or LDAP set up. It could be used if needed, but preferably not.
Thanks 👍