I had a need to create a captive portal at a customer site without installing a new piece of hardware.
I decided to create a OpenBSD VM with the following configuration to make users authenticate on the gateway before being allowed internet access.
The OpenBSD VM needs two virtual NIC’s. I configured my networking in OpenBSD as follows:
1 2 |
|
The file /etc/mygate
needs to have the IP of the current working gateway. Mine was:
1
|
|
The file /etc/resolv.conf
must have the correct DNS server in it. Mine was:
1 2 |
|
First I setup pf and ip forwarding. Then I setup /etc/pf.conf
with the following configuration:
1 2 3 4 5 6 7 8 9 10 11 |
|
This configuration blocks everything except ssh and inserts the authpf rules once a user validates on the firewall.
Once you have pf.conf set properly it’s time to configure authpf. Create the following files:
1 2 3 4 5 6 7 |
|
Add the following to authpf.rules
:
1 2 |
|
Once this is all setup restart the VM. Change the gateway on the client computers to point to 192.168.0.101 initially they wont be allowed any internet access.
To get internet access they will need to ssh to the captive portal (192.168.0.101) and login. Once they login as long as they keep the window open they will be allowed unrestricted access.