OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Web Proxy Filtering and Caching (Moderator: fabian) »
  • I'm trying to figure out the proper combo for captive portal + user based filter
« previous next »
  • Print
Pages: [1]

Author Topic: I'm trying to figure out the proper combo for captive portal + user based filter  (Read 2720 times)

Cindex

  • Newbie
  • *
  • Posts: 1
  • Karma: 0
    • View Profile
I'm trying to figure out the proper combo for captive portal + user based filter
« on: September 01, 2021, 07:01:39 pm »
Hi guys,

I'm just getting into OPNSense to help someone get away from watchguard and their high fees. The only thing I haven't figured out is how to mix captive portal with filtering. As far as I can tell, using the useracl plugin is the best option. But I haven't found a ton of specifics on it.

First of all, captive portal gets set up and working. Easy peasy. Web filtering with the remote ACL works great for a global filter for ads/porn/malware. But this is for a colony where they have manufacturing, schools, and homes. The manufacturing is pretty easy, they just need the general filter. But for the school they want to be able to do what they're doing now, which is logging in and getting access per user.

So the way it works is someone can jump on any PC, put their name and password into the captive portal, and get the appropriate access. So teachers have a mid level filter, kids have a very restrictive filter (no YouTube, even), and there's a few levels in between for age groups.

If I try to activate the captive portal and the transparent proxy I get certificate errors on the GUI. Plus, the filtering doesn't seem to work per user. Just the global.

Am I going about this all wrong? It's kind of easier in Watchguard, which is weird to me, but OPNSense seems so much easier in other ways I feel like I'm missing something obvious.

Btw, there is no domain or LDAP set up. It could be used if needed, but preferably not.

Thanks 👍
Logged

evolver

  • Newbie
  • *
  • Posts: 2
  • Karma: 0
    • View Profile
Re: I'm trying to figure out the proper combo for captive portal + user based filter
« Reply #1 on: September 16, 2021, 02:49:11 pm »
Hi Cindex,

I'm working on a similar issue.

In my case I have the same ACL for all users and TCP/UDP forwarding disabled for all users.
But sometimes I would like to login with a privileged user to bypass web proxy and have full internet access.

I see two points here where control via the logged in user (or even better: the user group) would be useful:
Different ACL in web proxy and firewall rules.

For the firewall-part it would be possible to setup a rule based on tagged packets. The tagging could be either the zone-id from captive portal or some tag that can be configured in CP.
So I could setup two captive portals for my interface and switch from one portal (8000 / zone 0 / allowed user-group A) to another (8001 / zone 1 / allowed user group B) before logging in.

BR
evolver
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Web Proxy Filtering and Caching (Moderator: fabian) »
  • I'm trying to figure out the proper combo for captive portal + user based filter
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2