Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Changes to Captive Portal in 2.6.0?

    Scheduled Pinned Locked Moved
    Captive Portal
    3
    5
    1.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dansgul
      last edited by

      I just upgraded from 2.5.2 to 2.6.0 and all hell broke loose!

      Some background on my setup:
      pfSense is fronting a LAN that has 100 or so AD domain clients for our teaching rooms and lecture theatres.
      The LAN is configured with a Captive portal, with RADUIS authentication to cater for guests in the teaching spaces.
      The AD domain clients are added to the Mac passthrough in the CP to allow them to do their domain logins and be directly managed by SCCM etc.
      There is no NAT.

      Upgrading to 2.6.0 breaks the ability for the AD domain PCs to logon to the domain, and SCCM can no longer access the clients.
      Our monitoring tools also cant contact any devices via ICMP behind the firewall despite them being in the pass though list.
      Internet access remains fine.

      This was all working fine in 2.5.2, and indeed it still is after I reverted.

      I have seen some posts while searching mentioning that the CP in 2.6.0 no longer allows ICMP or UDP ? But I haven't managed found any specific info on that despite hunting.

      But, I am suspecting this change my be the cause of the behavior I am seeing if that is indeed the case?

      So, my questions:

      1. Os this a bug? And should a MAC passthrough allow all traffic to pass including ICMP and UDP?

      2. If not, and ICMP and UDP are now blocked why the change? Can anyone point me to the change log where or posts where it's discussed?

      3. What is the work around for this, if any?
        If UDP and ICMP aren't going to be allowed through when a MAC passthrough is added this is a massive problem for anyone with a similar setup, and I can't all the Windows services/AD/etc to use TCP only!

      TIA

      Dan

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Rebel Alliance @dansgul
        last edited by

        @dansgul I've never set up Captive Portal but have read the forum threads.

        Install the System Patches package and you'll see a recommended patch:
        Fix Captive Portal handling of non-TCP traffic after login (Redmine #12834)

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        D 1 Reply Last reply Reply Quote 0
        • D
          dansgul @SteveITS
          last edited by

          @steveits thanks for the heads up . I'll give that a go

          D 1 Reply Last reply Reply Quote 0
          • D
            dansgul @dansgul
            last edited by

            Just to confirm

            Fix Captive Portal handling of non-TCP traffic after login (Redmine #12834)

            Fixed the issue I had with pass through Mac addresses on the CP of 2.6.0

            Many thanks for the info.

            Dan

            A 1 Reply Last reply Reply Quote 0
            • A
              aspiringnetworkadmin @dansgul
              last edited by

              @dansgul Hi Sir sorry to interrupt.

              We have the same problem Sir and I already apply 'Fix Captive Portal handling of non-TCP traffic after login' the Reboot my pfsense but still don't work.

              This is my case Sir.

              "I really need help with my issue. I have a Active Directory LDAP and I bind it on my pfsense(Working good) then I configure my Captive Portal on my pfsense.

              My problem is after I login my user credentials(LDAP AD) I can't access internet. BUT if I disable my Captive Portal my internet is working good and I can browse any sites.

              P.S. My DNS and DCHP is on my window server."

              1 Reply Last reply Reply Quote 0
              • First post
                Last post