pfSense is one of the most versatile firewall systems available out there in the market. It uses BSD as its base operating system. pfSense is based on moonwall(another firewall distribution). System admin can customize it however they like, pfSense has large number of customization options. pfsense allows you to enable a captive portal on your network for authentication and authorization. Captive portal adds just another layer of abstraction and security to your network so that you could prevent any unauthorized use of your network. By setting up captive portal you can monitor everything on a user level.
pfSense captive portal module has tons of customization options but one thing that it does not have is the ability to have a user logout page. pfSense surely offers a popup logout window but popups are blocked by most modern day browsers. So there’s no way for your users to logout from your network. In this article we have explained how you can set up your own logout page for your pfSense distribution.
Logout page for pfSense captive portal
You can follow this very simple tutorial and set up a logout page for pfSense captive portal. We made some modifications to the “/usr/local/captiveportal/index.php” file. This file contains the logic code for captive portal. So the idea is to replace the index.php with our modified version of index.php file. Follow this very simple and short guide and setup your pfSense captive portal logout page.
First you need to have access to your pfSense machine CLI. Either you can type commands directly into the pfsense console or you can ssh your pfsense firewall.
To activate SSH access on pfSense, log into your pfSense Web Configurator, then go to Settings>Advanced and check “Enable Secure Shell” check box and save the settings as shown below.
Now make SSH connection to the firewall or type things directly into the pfSense CLI.
On pfSense console, press 8 and you will get the shell access with root user. Now change the working directory to /usr/local/captiveportal
#cd /usr/local/captiveportalType “ls -l” and you will see all the available files in this directory.
Now rename the index.php to index.php.backup. This way you will have a backup of your original index.php file. Thus, if anything goes wrong you can restore things back to the normal.
#mv index.php index.php.backupNow download the tarball using curl.
#curl https://olinux.net/pf/pfsense-logout.tar --output pfsense.tarAfter successfully downloading the tar file extract it.
#tar xvf pfsense.tarNow exit the console and activate the captive portal from the Web Configurator settings. Go to Services>Captive Portal and enable the captive portal. In order for this to work you are required to leave the “After authentication Redirection URL” field blank. You also need to leave the “Logout popup window” option unchecked in captive portal settings as shown below. Hit save and login through captive portal. Upon successful login user will be redirected to the logout page.
Try this and leave comments below if you face any difficulty, we’ll try to help you.
Hi,
Thanks for this quick and great tutorial.
I have a little issue, when user use the home button of their web browser, in stead of sending them to the custom page you’ve made, it’s disconnecting them instantly.
Is it normal ? Have I missed something ?
Best regards,
Siskid
It’s normal. The way the logout logic is placed, when user try to access the captive portal login page(If user is already logged in) he/she will be logged out…
Thanks for sharing but the logout page will only open from a temporary browser that will close when turning to a regular browser and can no longer be access. The logout work but you cant do anything from an iphone since you cant turn back to the logout page.
It will work on every android device since you can access the captive portal page directly from Chrome, Firefox, Opera, etc. As far as i-phones are concerned that’s the issue with iOS. That’s how they are built. But one thing that you can ask iOS users to do is to go to 8.8.8.8 in their browser(Safari, Firefox, Chrome). It will log them out.