15.4. Captive Portal

You can find the Captive Portal Settings at Services → Captive Portal.

Captive Portal

Captive Portal is used to authenticate users before they can access the Internet.

15.4.1. Captive Portal Instance

Each instance of a captive portal can be bound to one or more interfaces. At the moment there is no user authentication implemented, only a checkbox will be checked to login the user.

Captive Portal

Users are identified via their devices MAC Address, please make sure to only have a Layer 2 network connected to the Captive Portal interface.

Enabled to enable or disable the Instance

Interfaces can be specified.

Idle Timeout will logout the user if he did not send any new traffic within this time.

Timeout the time (in minutes) a user stays logged in. Default is 0, which means no timeout

HTTPS to allow for the Captive Portal to run on HTTPS. A certificate must be selected as well. Be aware that the clients connecting must trust this certificate.

User Authentication Server enables the user authentication for the captive portal.

Authentication Server select one or multiple authentication servers that are defined in Authentication Server. Make sure the login template has a user and password field. The index_auth.html template provides a good example.

Main File is the index.html and will be presented to the user when they connects.

Captive Portal

Additional Files can be uploaded like css, js, images or error and success pages.

Mac Allow excludes MACs from the portal authentication.

IP Allow excludes IPs from the portal authentication.

Host Allow excludes Hosts destinations from the portal authentication. This can be used to allow homepages without authentication.

Note

Captive Portal settings are checked and run before DNAT. The allows and excludes have to be the address before any DNAT change of them.

15.4.2. Captive Portal Files

The main file is the index.html file. It can contain any style and js you like, just make sure it is either inlined or uploaded to additional files.

It is required to have an accept element like this <input type=”submit” name=”accept” class=”login login-submit” value=”Login” id=”login”> for the captive portal to check authentication. You can additionally add a redirect input element, if the user should be redirected after the login: <input name=”redirurl” type=”hidden” value=”https://www.voleatech.de”>

You can additionally add a error.html for error messages on authentication failures and a success.html when you want a special page after successful authentication. The success page only works when there is no redirect.

In any case the index.html is served if no other page can be found.

You can also download a set of example files on each Captive Portal Instance.