Re: [m0n0wall] no VPN-Tunnel with captive portal

From:	Lee Sharp <leesharp at hal dash pc dot org>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] no VPN-Tunnel with captive portal
Date:	Wed, 16 Mar 2011 10:54:29 -0400

On 03/16/2011 10:25 AM, rh at ffpx dot de wrote:

> thanks a lot for your tips - It works now fine! - But I am wondering,
> why all clients until now were able to connect via http and https to the
> internet only with passtrough by mac-address...?
> NOW as I put in the first IP in allowed IP-Addresses I had also to put
> other addresses to make them work again, since they were now suddenly
> blocked... - strange behaviour -...
>
> But as I see, security is not really easy to realize - there is a lot
> stuff to know...;-(

It has to do with the design of the captive portal.  To log in, you must 
open port 80 first.  Not 443...  And passthrough MAC really is just 
logging in without needing a password.  Kind of like ssh with 
certificates...  But allowed IP addresses bypasses the captive portal 
completely.  Clear as muddy water? :)

			Lee