Is this L2 layout possible?

istvan.kelemen · Joined: 04 Mar 2015 Posts: 19 Location: Switzerland

And one more thing, outlook is passing through the authentication even redirect "https and http" is disabled.

istvan.kelemen · Joined: 04 Mar 2015 Posts: 19 Location: Switzerland

Would a valid public ssl certificate resolve the HTTPS redirection issue?

sorry for asking that much Sad

alan · **Forum facilitator** Joined: 26 Sep 2003 Posts: 4435

I am pretty sure FirstSpot is not located correctly in your network. The key is that FirstSpot needs to be a "gateway", i.e. the client outgoing path needs to go through FirstSpot first before reaching the Internet. Also, FirstSpot is THE ONLY path for the client to access the Internet.

So we are back to simplify you network in order to get the basic working first. Again, our network topology diagram is a good starting point for you to setup FirstSpot.
_________________
~ Patronsoft Limited ~

alan · **Forum facilitator** Joined: 26 Sep 2003 Posts: 4435

Regarding your https question, FirstSpot doesn't change the packets after authentication, so any traffic (including https) will pass through FirstSpot correctly.
_________________
~ Patronsoft Limited ~

istvan.kelemen · Joined: 04 Mar 2015 Posts: 19 Location: Switzerland

Sure, my network is correct, FS and WLAN are in the same L2 domain, dns is 8.8.8.8 dhcp is FS as well as the only one GW.

The test account most probably stucked in logged in.

Will a valid SSL cert solv the following problem?

It works fine, but the HTTPS pages are not redirected, instead the following ssl error shows:

Firefox:

www.facebook.com uses an invalid security certificate. The certificate is not trusted because it is self-signed. The certificate is only valid for 172.20.0.1 (Error code: sec_error_unknown_issuer)

Chroome:

Your connection is not private

Attackers might be trying to steal your information from www.facebook.com (for example, passwords, messages, or credit cards).

ReloadHide advanced
www.facebook.com normally uses encryption to protect your information. When Chrome tried to connect to www.facebook.com this time, the website sent back unusual and incorrect credentials. Either an attacker is trying to pretend to be www.facebook.com, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chrome stopped the connection before any data was exchanged.

You cannot visit www.facebook.com right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.

NET::ERR_CERT_AUTHORITY_INVALID

istvan.kelemen · Joined: 04 Mar 2015 Posts: 19 Location: Switzerland

Last question for today, I promisse :D

"This account was suspended or has expired, Please contact your system administrator!"

Where can I change this message?

alan · **Forum facilitator** Joined: 26 Sep 2003 Posts: 4435

You mean that when initial page is https, you get the above "warning"? That is normal as FirstSpot needs to intercept the https page to redirect to login page. The is the security mechanism by https (SSL), or otherwise anyone will be able to break into the https page.

No, even a valid SSL cert won't solve this problem as the destination URL has been changed.

Please use http page as initial page for FirstSpot login.
_________________
~ Patronsoft Limited ~

alan · **Forum facilitator** Joined: 26 Sep 2003 Posts: 4435

For the user account error, you need to change the user attribute under Configuration Manager -> Users. Make sure the expiry date is correct.
_________________
~ Patronsoft Limited ~

istvan.kelemen · Joined: 04 Mar 2015 Posts: 19 Location: Switzerland

"You mean that when initial page is https, you get the above "warning"? That is normal as FirstSpot needs to intercept the https page to redirect to login page. The is the security mechanism by https (SSL), or otherwise anyone will be able to break into the https page.

No, even a valid SSL cert won't solve this problem as the destination URL has been changed.

Please use http page as initial page for FirstSpot login."

Yes, I know, but the casual users are not, so that is the problem.

"For the user account error, you need to change the user attribute under Configuration Manager -> Users. Make sure the expiry date is correct."

I am getting this message when I had signed up an account before, but have not paid yet. At the next login this message has shown for 3-4 seconds long. Then the page is redirected to paypal. I want to change this messaget to something like "your payment has not sent yet, please wait few seconds" or so...

alan · **Forum facilitator** Joined: 26 Sep 2003 Posts: 4435

You can change the text at either:

1) Configuration Manager -> UI Customization

2) add custom string for PHP variable $lang['expiry_date'] in the file custom_lang.php. Refer to chapter 3 (UI Customization section, page 30) of firstspot_guide.pdf for details.
_________________
~ Patronsoft Limited ~

istvan.kelemen · Joined: 04 Mar 2015 Posts: 19 Location: Switzerland

I did not fint this, where is it exactly?

And the other issue:

"Redirect option

Redirect URL (e.g. http://www.patronsoft.com)
www.livescore.com"

After the login it tries to redirect to 172.20.0.1/www.livescore.com

Is this redirection only for local web server?

alan · **Forum facilitator** Joined: 26 Sep 2003 Posts: 4435

If you cannot find it under UI Customization, you need to add it under custom_lang.php.

For Redirect URL, try to put http:// in front.
_________________
~ Patronsoft Limited ~

istvan.kelemen · Joined: 04 Mar 2015 Posts: 19 Location: Switzerland

Thank you so muc, both worked. Best support eva!