With the recent deployment of 190 iPads at the school I work at, we needed to create a network that would seamlessly support iOS devices. Being a Catholic school all our internet traffic goes though the Catholic Education Network’s proxies, making it almost impossible to download and use iOS apps due to the lack of complete proxy support in the operating system.
While most apps probably would work through the proxy, most of them wont work well, Our solution for this was to setup another VLAN and an open SSID, the best wanky name we could think of for the new network was “iConnect”.
When connecting to the “iConnect” network, and thanks to a neat feature in iOS, the user is prompted for their credentials, after they are successfully authenticated, the user can begin to access the Internet.
The iConnect network does not require the user to setup any proxies, thanks to pfSense. I configured pfSense with the Squid proxy and captive portal modules. Squid runs in transparent mode with the Catholic Education Network’s proxies specified in the upstream settings, the captive portal module uses RADIUS to authenticate against our existing AD infrastructure.
When building the network, the first issue we ran into was not being able to access HTTPS sites, this is because it is impossible to use a transparent proxy to route HTTPS traffic, we had to get port 443 open for the WAN IP address of our pfSense box, once it was open, HTTPS sites worked as expected.
I’m currently in the process of writing a PHP page that makes it simple to do a quick lookup of a users browsing history, once complete I’ll post it here.See this post