Hello everyone
I introduce myself Pollux, new kid among the IPFire community.
Former IPcop user.
I allow myself to come to you so that you can enlighten me on my little problematic.
I am currently using a raspberry PI3 B with the latest version of IPFire (144).
It is in Green + Red configuration, a little special feature Green (Wifi) and Red (Eth). For use with Router / Firewall / Squid.
Currently authentication is done through the Captive Portal (coupon) and Squid is in transparent mode.
My little worry is this.
In the Squid logs, I have all the connections but only spotted by the ip. I would have liked a match to be made with the coupon or another means of identifying my captive portal users.
Hi,
unfortunately, this is not possible at the moment because the Captive Portal
authentication has nothing to do with Squid access.
I suggest using explicit proxy authentication instead.
Thanks, and best regards,
Peter Müller
Thank you for your reply.
Unfortunately it doesn’t help much; (
I use IPFire as part of a small association as a hot spot. It seems easier for me to authenticate my various users through a captive portal. The use of squid authentication seems to me too difficult with the disparity of hardware used (PS4, Mobil (Samsung / Apple / Huawei / …), PC, …).
I hope that one day there will be the possibility of linking the two systems.
Or at least have the logs of the users who connect to the captive portal.
After that I will only have to reconcile the authenticate IP of the captive portal logs to the IP of the Squid logs.
Anyway thank you for your help.
cordially
Hi,
rolling out proxy settings to the masses is a difficult task indeed
(some devices lack proxy support at all or do not sufficiently support
proxy authentication). However, while a proxy works at the application
layer (OSI 7), your assumption seem to be based on layer 3: Any IP
connection a client established can be traced back to a username.
While this is true in your scenario (what about clients opening ad-hoc
WLAN networks for others?), I doubt it will be for most environments,
particular when it comes to NAT.
Sorry for not being able to give you a more positive answer.
Thanks, and best regards,
Peter Müller