How to secure Captive Portal Login Page on PFsense 2
Problem:
The common problem of captive portal is ARP Spoofing that may allow an attacker to intercept data frames on a LAN, modify the traffic, stop the traffic altogether, or even sniff the username and password / voucher code in a captive portal login page.
Solution:
The simple solution is to use HTTPs which provides encrypted authentication of captive portal server, and protects against man-in-the-middle attacks or ARP Spoofing.
Creating a HTTPs Certificate
Go to System > Cert Manager
Click on CAs tab then click the (+) sign button
Follow Screen Shoot Below:
Note: Common Name is base on your router name/ IP Address and domain name which is in my case hostname is pfsense and domain name is hotspot.com, or just put IP Address of your "Wireless Adapter " on Common Name, to check your hostname and domain name, go to System > General Setup
Next click on (e) sign button
Copy "certificate data" and "certificate private key" into a notepad because we are going to use it to our captive portal HTTPs configuration
Now we created our certificate.
Enabling HTTPs on Captive Portal Page
Go to Services > Captive Portal
Check "Enable HTTPs Login" and set HTTPs server name to your Pfsense Server Name which is in our example we use "pfsense.hotspot.com" it might be different in your case.
paste the "Certificate Key" to "HTTPs certificate" and "Certificate private key" to "HTTPs private key" also copy and past the "Certificate Key" to "HTTPs intermediate key" then press Save to save our configuration..
Done, Enjoy
If you want to see more videos about PFsense Captive Portal, Please visit my YouTube Channel
Thank you :)
