Actually I am not yet using packet fence so I am not yet certain on details. But based on my experience with this stuff I would have the following expectations.
When a new device appears on the network and tries to go out they will redirect the web traffic to the captive portal. The captive portal will take the traffic and authenticate the machine. Then it will redirect the user back to the site they were originally going to(or the portal drop-off url). The http(s) for the captive portal is only relevant for the portal and after your traffic will go to whatever port is specified with the specified protocol. You just want to use Certbot with lets-encrypt to get you certificate for the portal. > On Oct 2, 2018, at 4:48 PM, Cezary Barciński <cbarcin...@gmail.com> wrote: > > Hello, Thank you for your answer. > > Yes, I didn’t go through the SSL certificate and LetsEncrypt sounds grate, I > totally forgot about that project. Need to try that. > > I was convinced that packetfence generates self-signed certificate > automatically and after turning on HTTPS option I would have to accept that > cert in a web browser and would be able to see the portal login page. > > I’m also afraid about this: > > “Force the captive portal to use HTTPS for all portal clients.Note that > clients will be forced to use HTTPS on all URLs.This requires a restart of > the httpd.portal process to be fully effective.” > > Does it mean that when I implement SSL and turn the HTTPS option on, users > won’t be able to browse classic HTTP websites? What about other services like > internet radio, games etc? > > Best regards > > > wt., 2 paź 2018 o 15:42 Eric Naujock <naujo...@gmail.com > <mailto:naujo...@gmail.com>> napisał(a): > Good morning, > I just notices your message and I am betting that you will need to > setup a SSL certificate for this secure server portal website. Do you have a > signed (LetsEncrypt or similar) certificate for this site? If not you will > need to get one. Then you will likely not get those errors and your portal > will work for the duration of the certificate. For testing you could make a > self signed certificate but most browsers will have a fit with those. > >> On Oct 2, 2018, at 3:34 AM, Cezary Barciński via PacketFence-users >> <packetfence-users@lists.sourceforge.net >> <mailto:packetfence-users@lists.sourceforge.net>> wrote: >> >> Hello, >> >> I have a question or problem (packetfence 8.1 in inline mode): >> >> How to make packet fence guest authentication based on HTTPS instead of HTTP >> ? >> >> When I disable “Secure redirect” in Configuration>Advanced Access >> Configuration>Captive Portal all is good but then users have to register >> with HTTP. >> >> When I enable “Secure redirect” and unregistered user is trying to register, >> opens a web browser, and a website opens with certificate error. Can’t even >> to get to registration page, Can’t even add an exceptions in Mozilla. >> >> Can you help? >> >> THX >> >> _______________________________________________ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> <mailto:PacketFence-users@lists.sourceforge.net> >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> <https://lists.sourceforge.net/lists/listinfo/packetfence-users> >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
