captive portal is not working on mobiles
-
This post is deleted! -
This post is deleted! -
I modified your rfc8910.php to parse the url passed from the DHCP option 114 string such that it launches the correct login URL for each portal through the json data string without any additional files required. It is universal as long as the string placed in the DHCP option 114 server contains the subdomain.domain.com:port info. I checked it on 6 portals with voucher, user and freeRadius authentication. If keeping things clean is an objective, this approach is a one file solution to all DHCP option 114 RFC8910 syntax for user and venue options.
Note that I commented out the seconds_remaining code as it was throwing an exception on my portals authenticated by freeRadius. I did not debug that further.
-
Note: the Apple example has the json URL links inside double quotes as a string. In the above code that would suggest => "$rfc8910_url", not just => $rfc8910_url. In testing it worked equally well both ways.
-
$rfc8910_url = 'https://' . $_SERVER['HTTP_HOST'] . '/index.php?zone=' . $cpzone; .... "user-portal-url" => $rfc8910_url, "venue-info-url" => $rfc8910_url,Ok .... you've found the fun part
It was one line.
All reduced to a bare minimum.
I've also ditched the 'remaining time' lines, and use you version right now.
I still have to find a spare AP so I can spin of a second portal, but since you've tested it on 6 portals, you've got me already convinced.@EDaleH said in captive portal is not working on mobiles:
or a patch
Exact.
Now it's just one stand alone file, and for every portal network, the DHCP server needs an 'option 114' correctly set up, so ISC-DHCP is needed, not KEA.
It's very close to a click-and-play addition.So, very nice that this works. Last question : what are the side effects that we haven't discovered ?
-
@Gertjan said in captive portal is not working on mobiles:
I still have to find a spare AP so I can spin of a second portal
Check if your AP runs OpenWRT (https://openwrt.org/toh/start), it supports multiple VLans and StationIDs. I use an Archer C7 in the Lab and have 14 separate Captive Portals on it which are on two separate pfSense configurations simultaneously. I paid $20 CDN for it on Facebook Marketplace. You will need a simple level 2 managed switch, I bought a $35 CDN 8 port TP-Link unit (TL-SG108E) on Amazon and you will need to configure WAN, Lan, Opt1 network interfaces to support the setup of the VLans required for each Captive Portal. You needed a new project anyway, didn't you? FYI, I also use DHCP 114 on the DNS for a different OpenWrt Router setup as a hotspot on a pfSense Network. It loads the "logout" page through the index.php link on pfSense and will load on any device connected to the Hotspot. This provides service to individual, self contained, sites where they use it for local WIFI access and we control bandwidth/time/data quota through the single pfSense freeRadius account that serves them. In this way we distribute the load on pfSense and more important, we have more control over bandwidth/quota/time usage for multiple logins to a single account as pfSense's Captive Portal provides full bandwidth, quota and time to each individual login to a multiple concurrent logins user account. freeRadius does not suffer from the 4096GB limit issue so custom code disables that check and uses freeRadius to manage data, with custom code to manage time within captiveportal.inc. Most have 500 GB to 1 TB data limits per month and ran flawlessly in 2023. see Redmines 13843, 13844 for more info.
-
@EDaleH said in captive portal is not working on mobiles:
Check if your AP runs OpenWRT
They do....
I've 4 of these in the building.
Rather ancient
I'm not using any VLAN stuf, as I have a SG4100, so LAN ports enough.
A year or so I bought a TL-SG108E to 'play' with, but that never happened.I'm using the pfSense FreeRadius package just for the 'authorization', I'm (normally) not byte counting neither bandwidth limiting (accounting). My AP's limit the connection by themselves already (30 Mbits max).
My main down link/up link is about 1 Gbits/sec, so "the can have it". -
Once the access points are configured for VLan support, each packet will be tagged for a VLAN or not tagged for LAN. It is surprisingly easy to set up, especially if you already have the switch. Configure the appliance for WAN, LAN, OPT1 and put your "tagged" traffic on the OPT1 but specifying VLans, typically vlan1=> tag=10, Vlan2=> tag=20, etc. Then create multiple stationIDs on the access point with one untagged and the remainder associated with a specific tag/VLan. Each will have their own Captive Portal and authentication. Now it just works. If you still have that switch and enough ports to cover your premises, you are up and running. Two ports on the switch are for LAN and OPT1 to the appliance, the rest feed your network. Any additional switch along the way, that is not L2 and programmed, will strip the tags so you want a straight run to the AP to avoid loosing the "VLan tag". You only need worry about the tagged traffic on a network cable if there is a device (i.e. Access Point) that is processing tags, on the others any L1 switch will strip the tags or you connect that switch to your switch through a port on your L2 switch that is "managed" as an untagged port. Your APs may need to update their firmware but possibly not, just see if it has tagging options (VLan) under wireless setup for a station.
If you ever set it up, you will kick yourself for not having done it sooner.
-
G Gertjan referenced this topic on
-
G Gertjan referenced this topic on
-
G Gertjan referenced this topic on
-
B Bisho referenced this topic on
-
Hi,
@EDaleH and @Gertjan. Thank you for your valuable input on this topic.
I've submitted a new related topic https://forum.netgate.com/topic/188402/captive-portal-not-working-on-ios-devices-only-dhcp-114
I would appreciate it if you could have a look. However, here is what I asked if you prefer to keep it on this topic:
Iāve been helping a friend at a hotel set up the pfsenseās Captive Portal. It's working perfectly on PCs and Android devices, but when it comes to iOS devices, the portal page to enter the credentials never shows up.
Iām aware of the iOSās connection test HTTP request to http://captive.apple.com/hotspot-detect.html , but the problem here is that my friend is located in a country where Apple.com along with some other websites are blocked by the government for unknown reasons. So this site will neither give āSuccessā nor āFailedā because itās not even reachable.
Iām hoping for some clear guidance.
1. Is the DHCP 114 option the way to bypass the connection test HTTP request to http://captive.apple.com/hotspot-detect.html ?
2. If yes, what line(s) in Index.php has to be modified or added? Where do we force the iOS device to our desired redirection URL ?
3. If not, what can be done in our particular scenario ?Thank you,
-
B Bisho referenced this topic on
-
Moved to here.
-
B Bisho referenced this topic on
-
G Gertjan referenced this topic on
-
E EDaleH referenced this topic on