Captive Portal bypass issue
-
-
That is IPv6 traffic hitting the IPv4 Limiters
It's fixed in 23.01: https://redmine.pfsense.org/issues/13290
-
@stephenw10 Confirmed. Kicked off a iPhone client on the captive portal and those messages are gone.
-
sorry for being kinda offtopic:
just wanted to say thanks for you guys/girls(?)...
...a) pointing out this "problem"
...b) having a discussion about it
...c) trying to reproduce the issue
...d) helping me getting my peace of mind back:)
Seriously: thanx for your ongoing support and (my personal opinion) the good work with pfsense so far...hope Santa has you on his list. -
The MAC address block entries now work as expected with the newly added patch.
https://redmine.pfsense.org/issues/13747#note-11
Please test and let us know.Steve
-
@stephenw10 How do i apply the patch?
https://github.com/pfsense/pfsense/blob/483512b3a3226132b7b249f7ea3e2146d3829c23/src/usr/local/captiveportal/index.php#L181
-
You may use the commit ID
7e5dbbfca68179fd29a685363625c810d4da6417in the System Patches package - see here: https://docs.netgate.com/pfsense/en/latest/development/system-patches.html -
Just add the commit ID in the patches package:
7e5dbbfca68179fd29a685363625c810d4da6417 -
@stephenw10 @marcosm
Thanks gents. I couldnt find the commitID.
I can confirm that this is fixed. The mac addresses not only cannot get on the network but there is a message indicating to the client that they are blocked.Also syslogs confirms block
I really dont know what to say but this has been a journey in troubleshooting and talking to the netgate team. Truly appreciate it.
Time to whip out the old wallet for that TAC sub
-
@michmoor said in Captive Portal bypass issue:
talking to the netgate team
Euh .... the solution was already on the forum.
13747 went from Not a bug, to Duplicate, to Bug again to get solved. I guess it's a question of finding the right words when writing feedback.The official patch, as always, is much nicer : why adding a line if removing something does the job
And be careful : https://redmine.pfsense.org/issues/13784 was added on the fly : A MAC can (23.01) be blocked the soft way, the user will see the message that his MAC is blocked. You can chose bewteen an error message, or a MAC block portal page to be uploaded. See here for info and example how to implement that.
Or : new, see 13784 : totally rejected : the MAC becomes part of the pf rules that block any interaction with the captive portal interface. I guess the user would be able to get a DHCP lease sorted out, and that's it, nothing more.
