[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pfsense-discussion
Subject:    Re: [pfSense] captive portal https any success?
From:       Alberto Moreno <portsbsd () gmail ! com>
Date:       2013-07-24 16:01:55
Message-ID: CAHdK7Wk82MuTbvmfGbPSRuzmnGi9D+ZUAWzPmBOXkEDzHa6N7Q () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


I had finally made this works.

Squid help me, most sites that use https like paypal.com, they don't just
have 1 domain, once u get connected u see a lot of domains/ip that appear
related to the domain, I just start adding them to "Allowed IP" or "Allowed
hostname".

Some of them work with IP, others with hostnames, others need both.

But is working, thanks!!!


On Tue, Jul 23, 2013 at 5:30 PM, Alberto Moreno <portsbsd@gmail.com> wrote:

> Hi Chris.
>
> Went u say "certificate errors" u mean that ugly message that appear in
> the browser went u access sites with certificates not register?
>
> Will be great to see this working, maybe for me is not a problem, if works.
>
> Wondering how other open/commercial products handle this?
>
> Thanks Chris.
>
>
> On Tue, Jul 23, 2013 at 4:55 PM, Chris L <cjl@viptalk.net> wrote:
>
>>
>> On Jul 23, 2013, at 9:19 AM, Alberto Moreno <portsbsd@gmail.com> wrote:
>>
>> > Just wondering.
>> >
>> > I'm running pfsense 2.0.3, does anyone have any success history with
>> pfsense and https pages like https://facebook.com?
>> >
>> > I want to allow under cp some pages without auth, like facebook and
>> others.
>> >
>> > But u know that fb change to https:// but once a user type facebook
>> the browser point to https:// which is good but the browser won't load
>> the page.
>> >
>> > U see pfsense logs and u see the connection but is all.
>> >
>> > The long history is that pfsense cp does not allow that because the
>> developers need to do a hack is what I understand I'm not a developer.
>> >
>> > Some one have been able to allow fb without auth under pfsense?
>> >
>> > Does only pfsense suffer this or is general for other products?
>> >
>> > Someone had try to fix this?
>> >
>> > Thanks.
>>
>>
>> It's not that a hack is necessary.  Nobody can redirect an https page to
>> a captive portal signon without the user being presented with certificate
>> errors.
>>
>> At least not without a lot of https proxying and a root certificate
>> installed in the client browser.
>> _______________________________________________
>> List mailing list
>> List@lists.pfsense.org
>> http://lists.pfsense.org/mailman/listinfo/list
>>
>
>
>
> --
> LIving the dream...
>



-- 
LIving the dream...

[Attachment #5 (text/html)]

<div dir="ltr"><div><div>I had finally made this works.<br><br></div><div>Squid help \
me, most sites that use https like <a href="http://paypal.com">paypal.com</a>, they \
don&#39;t just have 1 domain, once u get connected u see a lot of domains/ip that \
appear related to the domain, I just start adding them to &quot;Allowed IP&quot; or \
&quot;Allowed hostname&quot;.<br> <br></div>Some of them work with IP, others with \
hostnames, others need both.<br><br></div>But is working, thanks!!!<br></div><div \
class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Jul 23, 2013 at 5:30 PM, \
Alberto Moreno <span dir="ltr">&lt;<a href="mailto:portsbsd@gmail.com" \
target="_blank">portsbsd@gmail.com</a>&gt;</span> wrote:<br> <blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="ltr"><div>Hi Chris.<br><br></div><div>Went u say \
&quot;certificate errors&quot; u mean that ugly message that appear in the browser \
went u access sites with certificates not register?<br> <br></div><div>Will be great \
to see this working, maybe for me is not a problem, if works.<br> \
<br></div><div>Wondering how other open/commercial products handle \
this?<br><br></div>Thanks Chris.<br></div><div class="gmail_extra"><div><div \
class="h5"><br><br><div class="gmail_quote">On Tue, Jul 23, 2013 at 4:55 PM, Chris L \
<span dir="ltr">&lt;<a href="mailto:cjl@viptalk.net" \
target="_blank">cjl@viptalk.net</a>&gt;</span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div><div><br> On Jul 23, 2013, at 9:19 AM, Alberto Moreno \
&lt;<a href="mailto:portsbsd@gmail.com" target="_blank">portsbsd@gmail.com</a>&gt; \
wrote:<br> <br>
&gt; Just wondering.<br>
&gt;<br>
&gt; I&#39;m running pfsense 2.0.3, does anyone have any success history with pfsense \
and https pages like <a href="https://facebook.com" \
target="_blank">https://facebook.com</a>?<br> &gt;<br>
&gt; I want to allow under cp some pages without auth, like facebook and others.<br>
&gt;<br>
&gt; But u know that fb change to https:// but once a user type facebook the browser \
point to https:// which is good but the browser won&#39;t load the page.<br> &gt;<br>
&gt; U see pfsense logs and u see the connection but is all.<br>
&gt;<br>
&gt; The long history is that pfsense cp does not allow that because the developers \
need to do a hack is what I understand I&#39;m not a developer.<br> &gt;<br>
&gt; Some one have been able to allow fb without auth under pfsense?<br>
&gt;<br>
&gt; Does only pfsense suffer this or is general for other products?<br>
&gt;<br>
&gt; Someone had try to fix this?<br>
&gt;<br>
&gt; Thanks.<br>
<br>
<br>
</div></div>It&#39;s not that a hack is necessary.   Nobody can redirect an https \
page to a captive portal signon without the user being presented with certificate \
errors.<br> <br>
At least not without a lot of https proxying and a root certificate installed in the \
client browser.<br> _______________________________________________<br>
List mailing list<br>
<a href="mailto:List@lists.pfsense.org" \
target="_blank">List@lists.pfsense.org</a><br> <a \
href="http://lists.pfsense.org/mailman/listinfo/list" \
target="_blank">http://lists.pfsense.org/mailman/listinfo/list</a><br> \
</blockquote></div><br><br clear="all"><br></div></div><span class="HOEnZb"><font \
color="#888888">-- <br>LIving the dream... </font></span></div>
</blockquote></div><br><br clear="all"><br>-- <br>LIving the dream...
</div>



_______________________________________________
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic