Captive portal block whatsup
-
@ahsunh said in Captive portal block whatsup:
but when disable captive portal whatsapp audio calls connected and working fine.
The captive portal uses two firewalls on it's interface.
The first one, called ipfw, is a set of rules which you can't modify. One of the rules contains a 'table' with permitted IP's and MAC addresses.
When a captive portal user logs in, tteh IOP and MAC address of its device are added to the table with permitted devices. The result is : for that device, the ipfw firewall becomes transparent.
The second firewall is the one you see in the GUI, the one you can modify yourself.Btw : you can see what ipfw does. Look here : Troubleshooting Captive Portal.
When you read Troubleshooting Captive Portal - and look at the rules, you'll discover that there is no captive portal application or something like that. It's just a set of rules, and a web server.
Better yet : the device that makes an captive portal possible is not pfSense, it's your device.There are 4 golden captive portal rules :
-
DNS should work. Devuices, logged into the portal, and the ones not yea logged on, should have access to the pfSEnse DNS. This is typuically the resolver (unbound) listening on the captive portal interface. The classic UDP/TCP port 53 : do not block these with the GUI rules.
-
Test captive portal access with this GUI Firewall rule :
This GUI firewall rule has been tested : it works.
-
Make your live easier on yourself : use a dedicated interface for the captive portal. The fact that you need a captive portal means you have to give access to non-trusted devices. These do not belong on a trusted network like LAN.
-
Always test debug the captive portal with wired devices. You can't see/feel/know if the radio connect isn't disturbed by other radio devices. hone calls need a steady fluid continues data stream to make voice quality possible. This can be made possible over wire. Radio connections add a lot of invisible (to the end user) issues.
Also : there is no such thing as saying : "it doesn't work".
Where are the firewall log lines that indicate that requests from the device on which whatapp is used, are blocked ?If "everything" works except one service from company X, then you might say to yourself :
" How much did I pay for this free service ? "
This is not a joke any more : Whatssapp (facebook) does takes a break ones in a while. -
-
@gertjan Thankyou for you response.
- Not facing this issue on below version 2.5.2
2.only issue facing on whatsapp audio calls only
Attached is screenshot or WIFIvlan interface of captive portal FYI
- Not facing this issue on below version 2.5.2
-
The first image is the bottom part of second image ? Or is it another interface ?
And the tests ?
For example : test number 2 ?
Place the rule I've shown at position 1. This will make the portal 100 % transparent as soon as the user is logged in.
It still doesn't work : the issue isn't pfSense.
It works : redo your rules.Did you restarted pfSense recently ? Most firewall rule states are just 0/0 whihc means that the rules didn't match traffic.
Btw :
You have multiple WAN's, right ? What happens when you remove all the 'gateway' entries in all the rules, so the portal users use the default gateway ? -
@gertjan yes bottom of same image.
and i roll back to 2.5.2 of pfsense with same setting and it is working fine in 2.5.2.
whatsapp audio calls connected successfully in captive portal users of 2.5.2. -
@Gertjan Thank you for your answer
As @ahsunh said , the same setup was working fine with 2.5.2 version , the issue happened after the Upgrade to 2.6, and FYI I have two setup in two different countries, that was working fine before the upgrade to 2.6.
DNS, captive portal , .... everything works fine just WhatsApp call (chat works).
As I mentioned in my first post , I DID TEST OTHER VOIP APP like Instagram, they are working fine , this issue is only with whatsapp.
I did a test allowing some whatapp's public IP --> WhatsApp call WORKS
-
Hello, I actually have the same problem with WhatsApp Call. A connection is not possible. In addition, we have also noticed that VPN connections are also no longer possible. Has anyone here possibly already found a solution?
-
@Knolli appreantly 2.6 has an issue with UDP, no solution has been found yet as far as I know.
You can go back to 2.5.2 to make everything work as normally. -
@moelharrak
Thank you. I‘ve been trying to find the problem for a while now, unfortunately without success. I will now carry out a recovery. -
-
Confirm this. Been having the same issue since upgrading from 2.5.2 to 2.6.0. Hoping for a solution soon for this
-
@adminacp said in Captive portal block whatsup:
Hoping for a solution soon for this
What about the solution posted yesterday? :)
See The pfSense forum, subsection "Captive portal". That's the place where you posted.
This thread for for example : UDP/ICMP is not working after upgrade to 2.6.0, you will find also that the System Pacthes pfSense package has been updated, and that it contains now a fix : "Fix Captive Portal handling of non-TCP traffic after login (Redmine #12834) "
-
Thank you for you answer,
The patch failed
-
@moelharrak said in Captive portal block whatsup:
The patch failed
That's it : 3 words, no details, nothing ??!?
Have you found : new System Patches v2.0 ?
So : install that official pfSense package "System Patches" first :
Open System => Patches and you'll see :
There will be a Blue Apply button.
Your mission : click it. Done.Keep this pfSense package "System Patches" updated.
-
Hi,
I'm using pfsense 2.6.0, the latest version of "System Patches" is :
- I see no "Fix Captive Portal ..."
- I tried that manually to add the commit ID, but it says patch failed
- I see no "Fix Captive Portal ..."
-
Now The "System_Patches" version 2.0_4 is installed, the issue was in the "System Update" Previous stable version was selected.
- Patch installed and now UDP seems working with the captive portal.
Need to do more tests.
Thank you very much
- Patch installed and now UDP seems working with the captive portal.
-
@gertjan Sorry for the late reply. Done doing the suggestion and now everything work. Thank you!
-
Boa Tarde.
Estava com problemas em chamadas do whatsapp, tanto vídeo quanto áudio atrás de um captive portal. Instalei o Pacote "System Patches" e apliquei o Patch do Captive Portal... conforme orientado. Reiniciei o servidor e tudo voltou a funcionar 100%. Estarei realizando mais testes, mas de momento esta resolvido.
Obrigado pela ajuda!
Rafael Mendes
-
Perfect, this work fine for me!
-
@gertjan
Hi... I am new to this forum and have a similar problem with my pfsense+ Version 22.01 (don't know if this is the same as 2.6).
With the previous Version WLAN Call for our mobile phones worked without problems....since the update no more....when I disable the captive portal then WLAN Call works.
I have also in the meantime installed the System Package 2.0_4
Unfortunately WLAN Call still doesn't work.
Do you have an idea how to solve this? -
@bilgram said in Captive portal block whatsup:
System System Package 2.0_4
Installing System Package 2.0_4 isn't enough.
One more click is needed :Click Apply.
edit : strange. I"ve said the same thing already in this thread.
Your issue is different ? And if so, more details please.
What is "WLAN Call" ? A call using some VOIP protocol on a device that is connected to a Wifi network, that is also your captive portal ? (guess so). -
@gertjan
Wow....thanks for the speedy reply..:-))
I read the thread but didn't understand it...or should I say I can't see where I can find the "Apply" Button....
I installed the Patch 2.0_4 over the Package Manager and as you can see the Patch is fully installed....according to the Package Manager...
Otherwise it would be in red...
Where do I find this "one more click"??
FYI:
WLAN Call allows mobile devices to telephone over wireless LAN Network (DSL) WITHOUT using a mobile provider e.g. O2 or Vodafone. The provider however has to allow this or rather hass to make this service available...
Our mobile devices are in our so called "neutral" zone which is actually our external Network and every device in this Network goes over the captive portal.