pfSense 2.0 RC1 – Customize Captive Portal Pages and implement HTTPS

Introduction

In the previous post pfSense 2.0 RC1 Configure Captive Portal for Guests with Local User Management we configured a basic Captive Portal. Now I want to customize a little the web pages that are presented to the guests. Users will send credentials, and it is better to use HTTPS, that’s why will will configure it too.

Scenario

I want to customize the pages put custom colors and logo. Moreover the default page does not have a voucher field available, and I want this too. Granting access to guests, must follow some rules, so Acceptable Use Policy that have to be acknowledged is suitable for such a page

You can see the default pages below

Configuration

Certificate for the HTTPS/SSL

Go to System > Cert Manager

On the CAs leaf, select Create and internal Certificate Authority. Fill in the form to your likings. Make note of the Common name and the Descriptive name.

Go to the Certificates leaf, and Create an internal Certificate, fill in the form. The Common Name for the certificate must match to firewall name. In my case it is pfSense.localdomain. Also note the Descriptive name of the certificate.

Export the Certificates

On the CAs leaf click on the downward pointing triangle with rollover info export ca.

On the Certificate leaf, click on both downward pointing triangles for the Captivate Portal Cert.

You will end up with three file with similar names to this

DNS Record

Go to Services > DNS Forwarder

Add new record that will override the results from the forwarders

Enter Host, Domain, IP Address and Description. In my case the host is pfSense, the domain is localdomain, the IP address is the IP used by pfSense for the Guest network and I’ve entered some useful description.

Put the Certificate data in the fields

Now open the certificates in your favourite text editor. I’ve used Notepad++, and copy and paste the content in the Services > Captive Portal pages.

Paste Captive+Portal+Cert.crt in HTTPS certificate section

Paste Captive+Portal+Cert.key in HTTPS private key section

Paste Captive+Portal+CA.cert  in HTTPS intermediate certificate section

Save your configuration.

Upload the logo

Go to the File manager leaf of the Captive portal. Click on the + sign. And choose your logo image.

Then click on the Upload button.

Take a note of the name of the image, if it is different from the one used in your pages update them before uploading.

Upload the pages

Go back to the Captive portal leaf, and scroll down to the Portal page contents section.

Click on Choose File button and select your page file. Do the same for the Authentication error page contents page with the index_error.html page. Save your configuration.

Explanation

I’ve used the build in Certificate Manager, because it works for me. The alternative is to use OpenSSL as explained in the pfSense forums. This is closely related to the DNS record.

By customizing the pages we can brand them and in the same time create more enterprise look and feel. Opening the voucher field is first step to my next post. There the main topic will be configuration of vouchers and RADIUS authentication.

About the pages code:

Index.html

<style type=”text/css”> makes the background black.

<img src=”captiveportal-logo.png” alt=”logo”/> adds the Image

<td align=”right”>Voucher:</td><td align=”left”><input name=”auth_voucher” type=”text” style=”border: 1px dashed;”> add the Vaucher field

<TEXTAREA id=”aup” name=”aup” rows=”15″ cols=”50″> adds the Acceptable Use Policy, I’ve borrowed this from How To: Using m0n0wall to create a Wireless Captive Portal – Step 4: Create the Captive Portal Page.

You can see the original page here: http://www.smallnetbuilder.com/images_old/myimages/howto/captiveportal/portal.htm

<script type=”text/javascript”> – force the guest to accept the use policy. I’ve borrowed this code from Only submit if at least one checkbox is checked example, and with a little help from a friend integrated in to this form.

 

<html>
<style type=”text/css”>
body {
background-color: #000;
}
body,td,th {
color: #090;
}
</style>
<body>
<form method=”post” action=”$PORTAL_ACTION$” onsubmit=”return CheckBoxesValidations() ;”>
<input name=”redirurl” type=”hidden” value=”$PORTAL_REDIRURL$”>
<center>
<center>
<img src=”captiveportal-logo.png” alt=”logo”/>
</center>
<table cellpadding=”6″ cellspacing=”0″ width=”550″ height=”380″ style=”border:1px solid #000000″>
<tr height=”10″ bgcolor=”#990000″>
<td bgcolor=”#663366″ style=”border-bottom:1px solid #000000″>
<font color=’white’>
<b>
Stefcho’s captive portal
</b>
</font>
</td>
</tr>
<tr>
<td>
<div id=”mainlevel”>
<center>
<table width=”100%” border=”0″ cellpadding=”5″ cellspacing=”0″>
<tr>
<td>
<center>
<div id=”mainarea”>
<center>
<table width=”100%” border=”0″ cellpadding=”5″ cellspacing=”5″>
<tr>
<td>
<div id=”maindivarea”>
<center>
<div id=’statusbox’>
<font color=’red’ face=’arial’ size=’+1′>
<b>

</b>
</font>
</div>
<br/>
<div id=’loginbox’>
<table>
<tr><td colspan=”2″><center>Welcome to the Stefcho’s Wireless Network Captive Portal!</td></tr>
<tr><td colspan=”2″><center>Enter User Credentials, or Voucher Code to gain access.</td></tr>
<tr><td>&nbsp;</td></tr>
<tr><td align=”right”>Username:</td><td align=”left”><input name=”auth_user” type=”text” style=”border: 1px dashed;”></td></tr>
<tr><td align=”right”>Password:</td><td align=”left”><input name=”auth_pass” type=”password” style=”border: 1px dashed;”></td></tr>
<tr><td>&nbsp;</td></tr>
<tr><td align=”right”>Voucher:</td><td align=”left”><input name=”auth_voucher” type=”text” style=”border: 1px dashed;”></td></tr>
<tr><td></td><td><tr><td></td><td>
<tr><td></td><td><tr><td></td><td>
<P align=”center”><TEXTAREA id=”aup” name=”aup” rows=”15″ cols=”50″> Acceptable Use Policy (AUP).
</TEXTAREA>
</td></tr>
</tr>
</table>
<input id=”iagree” type=”checkbox” name=”CHKBOX1″ value=”1″>Accept</p>
<input name=”accept” type=”submit” value=”Continue”>
</div>
</center>
</div>
</td>
</tr>
</table>
</center>
</div>
</center>
</td>
</tr>
</table>
</center>
</div>
</td>
</tr>
</table>
</center>
</form>
<script type=”text/javascript”>
function CheckBoxesValidations()
{
if(document.getElementById(‘iagree’).checked == false)
{
alert(“Please read and accept the User agreement to proceed!”);
return false;
}
else
return true;
}
</script>
</body>
</html>

 

Index_error.html – The only change here is the addition of “Invalid credentials specified.”. I did not add the “$PORTAL_MESSAGE$”, because it is for RADIUS only.

The contents of the HTML/PHP file that you upload here are displayed when an authentication error occurs. You may include “$PORTAL_MESSAGE$”, which will be replaced by the error or reply messages from the RADIUS server, if any.

<tr>
<td>
<div id=”mainlevel”>
<center>
<table width=”100%” border=”0″ cellpadding=”5″ cellspacing=”0″>
<tr>
<td>
<center>
<div id=”mainarea”>
<center>
<table width=”100%” border=”0″ cellpadding=”5″ cellspacing=”5″>
<tr>
<td>
<div id=”maindivarea”>
<center>
<div id=’statusbox’>
<font color=’red’ face=’arial’ size=’+1′>
<b>
Invalid credentials specified.
</b>
</font>
</div>
<br/>

 

You can download my pages from here:

index

index_error

Testing

Connect to the guest network and try to open a web page. You will see a warning about your certificate, go over it. Now you are supposed to see your new custom page. Enter your username and password, look at the Acceptable Use Policy and Click on the Accept check box. Then on the Continue button. If you don’t tick the Accept check box a warning message windows will appear, that will inform you that you must accept the policy first.

In case that you intentionally or not mistype your user name and/or password, you will see in red Invalid credentials specified. Now you can try to enter then again.

After successful log in you will have internet access, and on the Status > Captive portal page you will be able to see the currently logged on users.

Issues

DNS record surprise me because I have not used it up until now.

References

Here are some materials that could help you further develop the Captive Portal Pages:

http://doc.pfsense.org/index.php/Category:Captive_Portal

Free, cool, and easy Captive Portal (Guest portal)

How To: Using m0n0wall to create a Wireless Captive Portal – Step 4: Create the Captive Portal Page

pfSense: Captive Portal Logo Edit

Как в pfsense 2.0 сделать Captive portal доступным из разных сетей

Установка и настройка Wi-FI HOT-SPOT системы на примере программного роутера PfSense 2.0.(Часть 1)

 

A good base for the Acceptable Use Policy:

Acceptable Use Policy for the Wireless Network

Acceptable Use Policy for Wireless Access

Acceptable Use Policy

Conclusion

Now we have better looking pages displayed to our guest, and well communicated Acceptable Use Policy of the Guest Network. The credentials of our users are transferred using SSL cannel and are not in plain text.

 

Update 03.07.2011: Sorry for the typos, I’ve fixed them in the html pages.


Comments (12)

  1. 9:26 pm, 04/07/2011Khoa Pham  / Reply

    Hi,

    I find your page is very useful and your knowledge of pfSense is very deep. Hope to see more pfsense articles from your site, keep up the great works!

  2. 6:21 pm, 10/02/2012yob  / Reply

    Thanks….:)

  3. 3:57 pm, 15/03/2012Luke  / Reply

    I have a Radius, how do i add that code instead of just writing in the “Invalid Credentials”

    Thanks

  4. 5:59 am, 24/04/2012China Export  / Reply

    Great post. I was checking constantly this blog and I’m impressed! Extremely helpful information particularly the last part 🙂 I care for such info much. I was seeking this certain info for a long time. Thank you and good luck.

  5. 4:19 pm, 30/03/2015Samstrange Mandaza  / Reply

    how to i rebrand pfsense to my own name i have 2.2 i386 version or is there any video download that i can follow

  6. 3:43 am, 31/08/2015Smithd984  / Reply

    Hey would you mind letting me know which web host you’re working with? I’ve loaded your blog in 3 completely different internet browsers and I must say this blog loads a lot faster then most. Can you suggest a good internet hosting provider at a fair price? Kudos, I appreciate it! eddeeddddgekbfgf

  7. 4:58 am, 03/10/2015【激安市場】コーチ COACH★レビューを書くと送料無料!財布(二つ折り財布)  / Reply

    あなたが持っている素晴らしいサイトを持っています!素晴らしい仕事!

    • 9:21 am, 04/03/2016Stefan  / Reply

      ありがとうございました!
      Thank you!

  8. 10:55 pm, 06/10/2015商品一覧>おでかけ用品>お散歩グッズ>フンキャッチャー:Pet館~ペット  / Reply

    良いポスト。私が教えられる 1 ものより挑戦完全上の異なるブログ毎日。それはすべて |他の作家からコンテンツ素材コンテンツを、わずか1 適用その店からの事を時間を学ぶために刺激されます。あなたが気にしないかどうかを| ウェブログ私の| コンテンツ素材コンテンツ私はいくつかを使用することを望むだろう。 Natually私はあなたのネット上のハイパーリンクを与えるでしょう。共有していただきありがとうございます。

  9. 7:16 pm, 28/11/2015『激安人気』【最大800円OFFクーポン配布】【完売】【送料無料】京都西川  / Reply

    圧縮あなたは今後の記事でそれをより詳しく説明します願っていますおかげでPAL

  10. 3:37 am, 03/12/2015OUTDOOR レインポンチョ 無地 アウトドア ロング レインコート カッパ 雨ガッパ  / Reply

    このウェブサイトは素晴らしいです。私は常に新しい&#038何かに出くわします。右ここに、私のseotons異なります。そのデータをいただき、ありがとうございます。

Leave a Reply

Allowed Tags - You may use these HTML tags and attributes in your comment.

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Pingbacks (1)

  1. 11:30 am, 14/01/2012Favicon of www.HifC5a8w2.netURL