Captive portal shows blank page
-
Sorry for yet another topic that is similar to 100+ topics already about this subject. I have read those and don't think my case is alike as I cannot get it to work.
Here is the techinfo:
- PFSense comm edition 2.6.0-release on pc hardware
- 2 ethernet interfaces, 1 for WAN, 1 for LAN
- multiple VLANs with on interface LAN
- 1 of the vlans is "guest" with vlan ID 50, subnet is 192.168.50.254/24 (pfs = .254)
- DHCP active on interface "guest" with dns set to 192.168.50.254
- Captive portal is enabled on interface "guest" with mostly default settings (authentication set to none for testing)
- wifi AP also has vlan 50 configured for guest wifi
- dns resolver enabled on all interfaces
Here is the situation before activating captive portal:
- clients connect to wifi
- they get a 192.168.50.x ip address from dhcp with dns 192.168.50.254
- they can browse the internet (dns resolution and internet access are working)
Here is the situation after activating captive portal:
- clients connect to wifi
- they get a 192.168.50.x ip address from dhcp with dns 192.168.50.254
- nothing happens
So no redirection. There are no other routers, only pfsense. VLAN config is correct als all vlan's are working as expected without captive portal.
This is what I have tested:
- Disable mac filtering
- Set various redirect urls
- Add pfsense address in vlan "guest" to allowed ip
- add firewall rule allow any any on interface "guest"
Strange thing:
I have another VLAN, let's say "office" with VLANID 10 and subnet 192.168.10.254/24. I have a firewall rule "allow office subnet to any so i shoud be able to access captive portal in "guest".
As soon as I enable the captive portal on interface "guest", I can manually open the captive portal on "http://192.168.10.254:8002 (pfsense ip in office vlan). It shows the login page and when I login I am redirect to the "post redirect" url.
However when opening the same page with the pfsense ip in the guest subnet (http://192.168.50.254:8002) I also get a blank page. Now when I change the interface on wich the captive portal is configured (from "guest" to another interface) I can open http://192.168.50.254:8002 and the loginpage shows.
So the interface the captive portal is activated on is outputting a blank page (html reponse 200 and nginx headers received, just no content at all) and all other interfaces output the correct captive portal page.
Is this a bug or am I doing something wrong??
-
@vanlier said in Captive portal shows blank page:
Here is the situation before activating captive portal:
clients connect to wifi
they get a 192.168.50.x ip address from dhcp with dns 192.168.50.254
they can browse the internet (dns resolution and internet access are working)Important test ! Good to know.
@vanlier said in Captive portal shows blank page:
Here is the situation after activating captive portal:
clients connect to wifi
they get a 192.168.50.x ip address from dhcp with dns 192.168.50.254
nothing happensUsing the 'default' build in login page, right ?
You can't say that 'nothing happens' : you can't 'see it', but something happened.
Every OS on planet earth will throw out a http:// request as soon as it obtained a DHCP lease.Check here : Status > System Logs > System > GUI Service
Every OS using it own http request.
For my iPhone it's :
This is the page that it want to download :
http%3A%2F%2Fcaptive.apple.com%2Fhotspot-detect.html
Better known as :
http://captive.apple.com/hotspot-detect.html
Click on it and you'll see what happens.
You should see this :
If the html page doesn't contain "Success" then the device start to presume a captive portal is might be present.
Now, the OS launches a stripped down web browser, bot the full fledged IE, Chrome, Edge, Firefox, but a small bare bone browser. It's launched with the same web destination : http://captive.apple.com/hotspot-detect.html
First, again, "captive.apple.com" will get resolved (was already found during the same test, some ms before).
Then the browser connects to the IP on port 80 (remember : http), and asks for the page /hotspot-detect.htmlOn the pfSense side, this "some destination IP : port 80 " request gets redirected to the internal login portal web page server on port 800x" with the help if a firewall rule (pfSense 2.6.0 : ipfw rules - the newer pfSense uses pf now).
The portal page web browser does just one thing : it redirect the requesting browser to
(your case) http://192.168.50.254/index.php?zone.....
It also adds a 'zone' parameter, and 'redirect' parameter.
The result will be of course : the captive portal login page shows up.
So : to make this work, one thing needs to work for sure : DNS.
The captive portal firewall rule works, that is for sure. If not, Netgate and FreeBSD will go out of business tomorrow.[https://docs.netgate.com/pfsense/en/latest/troubleshooting/captiveportal.html](link url)
Btw : you already know that the 'default' pfSense 2.6.0 needs portal patches, right ?
@vanlier said in Captive portal shows blank page:
Disable mac filtering
That's of if you want to 'break' things.
@vanlier said in Captive portal shows blank page:
Set various redirect urls
https://www.google.com works fine.
@vanlier said in Captive portal shows blank page:
add firewall rule allow any any on interface "guest"
The GUI firewall rues ? None is needed (I guess ?), the authentication will still work.
But as soon as authenticated, yoy can go no where.
Use the default LAN pass all TCPv4* rule to begin with.@vanlier said in Captive portal shows blank page:
However when opening the same page with the pfsense ip in the guest subnet (http://192.168.50.254:8002
Invalid request.
The ?zone=xxxx parameters needs to be present.These :
don't work for you ?
