Anyway, from what I saw, once authenticated (user/pass or trial) the user is able to browse any HTTPS site, isn't it ??
Yes, once authenticated traffic is not restricted, no matter if HTTPs or whatever, no need to specify anything.
A workaround could be to invite users to visit a valid HTTP site (i.e. the restaurant one) to be brought to the login page ......
Exactly. Any HTTP request will brought up the captive portal page.
I have found that over-complicating things can be avoided by this simple approach:
- Tell the staff to advice people to browse to some simple URL; e.g. say the hotspot static DNS entry hostname is "restaurant": advice customers to just enter "restaurant" (or "wifi", or "internet", or any simple word, just make sure you create an static DNS entry so that it actually resolves to the captive portal IP)
- Put google HTTPS in walled garden. Most people will have google as home page, or will try accessing it, most times the search results will include http sites that will "catch" and redirect to the captive portal.
Does it matter if only trial auth has to be used ??