[ previous ] [ next ] [ threads ]
 From:  A dot L dot M dot Buxey at lboro dot ac dot uk
 To:  Nicolas Moffa <nicolas dot moffa at free dot fr>
 Cc:  Henning Wangerin <mailinglists dash after dash 041101 underscore reply dash not dash possible at hpc dot dk>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Re: users configuration
 Date:  Thu, 17 Feb 2005 14:14:41 +0000

> Thank you for your answer but I think that you don't unsderstand really my
> problem.
> Students use more and more network configurations outside OFF campus (static IP,
> server proxy,...). Consequently, configurations are completly different for each
> student. If we must change all configurations of each mobile computer, it is a
> job too much complicated.
> This is why i would like that students, when they come ON campus (with their
> mobile computer for example), do not have anything to change in their
> configuration (outside configuration : family,...).
> We could call that : "Plug & Play configuration".
> Students ON campus, launch browser and access to the web after the
> authentication page without changes.
> m0n0wall 1.2b3 could not manage it ??
> If not, in a future version perhaps ??

the 'captive' portal is only able to grab activity on a limited range of HTTP,
in fact, I thinks its only port 80. (please correct me folks!)

we have a similar issue here - in that old systems are still configured to use 
eg proxy.our.site.com:3128 hardcoded into their apps. other folk we need
to deal with have proxy.their.site:8080  etc etc

fortunately our main 'clients' have 'autodetect' enabled. or have used the
auto config proxy.pac file - which they CANT get - and the m0n0wall captive
works fine (however, it DIDNT when during testing I enabled access direct
to the autoconfig machine - happened to be a main site web site too...which
was why I was allowing access - because then they COULD get their proxy...at
which point they then tried to use proxy:3128 for all web traffic...and captive
didnt work!

a quick answer would be a method to allow the admin to enter a few ports on which
to run the captive system - thinking aloud that would be 80,3128,8080 for
standard proxy configs.  but then would you want them to be using that proxy
AFTER they've authenticated? I mean, that'd mean having to open up
ports 3128 and 8080 to the WAN.....