Captive portal is not displayed in Windows 10
-
'm having the following problem: The captive portal page is not displayed in Windows 10. It tries to load the page but it is not accessed. I've tested it in other browsers and nothing. The funny thing is that on a computer with Windows 7, on the same cable and in the same VLAN, the page loads normally.
My PC with Windows 10 has the IP that it should have
The DNS server that it should have
The same way I configured it in pfsense, but when I try to access the captive portal directly
http://172.16.100.5:8002/index.php?zone=captive_portal_wifiIt tries to load the page but cannot.
I've already tested the connectivity with the server using a ping and they communicate.
What should I review in Windows 10 or pf to solve this problem?
-
@brunow said in Captive portal is not displayed in Windows 10:
What should I review in Windows 10
You mean : one single copy of your Windows 10 ?
Because Windows 10 was quiet popular during a couple of years, it still is actually, as many PCs don't meet de OS requirements, so it's still used a lot.For what i can tell, there is no real difference between Windows 7, 8, 8.1 10 or 11 : they all works fine, they are, since Windows .... Vista (?) "Portal compatible".
@brunow said in Captive portal is not displayed in Windows 10:
The DNS server that it should have
Your PC would be set up fine as it was set up the first day when you put your hands on it.
If you don't recall : DHCP (client) is activated on all interfaces.
if you installed your own 'firewall' solution afterwards, then yeah, things can get a bit harder.@brunow said in Captive portal is not displayed in Windows 10:
I've already tested the connectivity with the server using a ping and they communicate.
Ok, that good. But ping alone doesn't say much, it's DNS that should work.
As the captive portal help pages proposes : "If it doesn't work, get the one who messed up DNS, and have him undo what he did, and you'll be fine".Check :
Check the DHCP log page : when you connect your device, did you see the DHCP lease logs for your device ?
If so : check your device, runipconfig /allYou got a Gateway and DNS and both are the captive portal interface IP ?
You got an device IP ? and network ?Is unbound / the resolver listing on the pfSense captive portal interface ?
Do you see (packet capture on port 53 on the captive portal interface, use UDP and TCP) DNS traffic coming in , And getting answered ? -
I didn't explain it properly, I apologize for that.
I said Windows 10 because I'm using pnetlab to test all this before taking it to production. Before Windows 10, I tested a PC with Windows 7 and it worked perfectly. When I tested Windows 10 and Windows 11, the same problems appear:
I connect the PC with Windows 10/11 to a switch port (the same one that was previously in Windows 7 where the captive portal worked) Microsoft Edge opens with a link in the address bar "msftconnecttest.com/redirect" and the page tries to load indefinitely and doesn't appear.
Because of this, I asked if there was any reason why the captive portal doesn't appear in Windows 10, specifically.
My PC with Windows 10/11 receives the IP address and DNS from my pfsense DHCP server. The ip is correct (172.16.100.14) and the dns server on windows is the ip of my pfsense is (172.16.100.5)
I only have 172.16.100.5 as my DNS serverThere is no log of blocking in pfsense coming from the ip of my windows 10/11
By the way:
I tested opnsense (same thing happens)
-
@brunow said in Captive portal is not displayed in Windows 10:
"msftconnecttest.com/redirect" and the page tries to load indefinitely and doesn't appear.
Ah, that"s an easy one.
Simple said : you've broken DNS. You shouldn't do that.
It's the very first issue mentioned under Troubleshooting Captive PortalCaptive Portal Does not Redirect
as that is what happens to you.
Normally, your browser, when it uses "msftconnecttest.com" - isn't it "www.msftconnecttest.com" ??see here it start to resolve that www.msftconnecttest.com to an IPv4.
Then the browser use the IPv4, I've found 92.122.166.177, and uses port '80' (remember : http ! ) and this connection attempts gets intercepts at pfSense, the portal firewall, and the portal web server answers with a .... not msn.com but a captive portal login page.
So, to restart and answer faster : if DNS fails, everything stops.edit : Btw : you could check your local DNS server if a A request for www.msftconnecttest.com" arrives and get handled.
As far as I know, "msftconnecttest.com" doesn't have a A (IPv4) record. -
I did everything in the article and it didn't solve my problem.
It still doesn't redirect, so I tried to enter the address manually
172.16.100.5:8000
This is the address and port where the captive portal is waiting for connections, but the same thing happens, it tries to load indefinitely and nothing appears.Look:
-
What are the GUI firewall rules on your captive portal interface ?
Let's check where - on what interfaces - nginx, the web server for the portal and the GUI, is running :
[24.03-RELEASE][root@pfSense.bhf.tld]/root: sockstat -4 | grep 'nginx' root nginx 71678 5 tcp4 *:8003 *:* root nginx 71438 5 tcp4 *:8003 *:* root nginx 71102 5 tcp4 *:8003 *:* root nginx 70898 5 tcp4 *:8003 *:* root nginx 70870 5 tcp4 *:8003 *:* root nginx 70745 5 tcp4 *:8003 *:* root nginx 70584 5 tcp4 *:8003 *:* root nginx 70417 5 tcp4 *:8002 *:* root nginx 70351 5 tcp4 *:8002 *:* root nginx 70065 5 tcp4 *:8002 *:* root nginx 69853 5 tcp4 *:8002 *:* root nginx 69822 5 tcp4 *:8002 *:* root nginx 69569 5 tcp4 *:8002 *:* root nginx 69269 5 tcp4 *:8002 *:* root nginx 68500 5 tcp4 *:443 *:* root nginx 68500 8 tcp4 *:80 *:* root nginx 68226 5 tcp4 *:443 *:* root nginx 68226 8 tcp4 *:80 *:* root nginx 68168 5 tcp4 *:443 *:* root nginx 68168 8 tcp4 *:80 *:*For some reason, you think yours is using port 8000 ?
I see 8002 for http and 8003 for https.
Why, oh why, choosing a router static interface IP like 172.16.100.5 ?
Why not dot .1 or if you have to, dot .254 ?
I know, it should work.As my LAN uses the default 192.168.1.1/24 I picked 192.168.2.1/24 for my portal interface.
-
@Gertjan
Hi,
Launch cmd
type ipconfig /all
and display the result -
@Gertjan
I did some interesting tests before, but before that I'll give you some details about my scenario.As I said before, I'm testing everything in pnetlab before taking it to production:
The pf sense has only one network board that is connected to a switch interface in trunk mode, passing vlans 10 and 20, 20 is the WAN and 10 is the LAN.
This user computer - vlan10 is Windows 7 and, obviously, is connected to vlan 10.
The other computer, Win, is also in vlan 10 but it's Win 10, which is where the whole problem lies. To do some tests I disabled the captive portal in vlan 10 and even so my PC, Win, can't access the pfsense web interface, it can only ping.
I removed this Windows from VLAN 10 and connected it to the PF Sense's PHYSICAL LAN interface and Windows 10 was able to access PF Sense and the Captive Portal page.
This gives me some clues as to what the problem is. Could it be the VLAN? But why does this problem only happen on Windows 10 and not Windows 7?
I checked the logs and there is no record of my Windows 10's IP being blocked. Could the request be stopping at the switch?
-
Also answering your other questions,
The cp was running on port 8000 because I was testing it on another firewall.I set my pfsense IP to 172.6.100.5 on purpose, without any specific reason.
-
@brunow said in Captive portal is not displayed in Windows 10:
Could the request be stopping at the switch?
if it has broken ports, or you are using bad (broken) cables, then yes ;)
A switch, a non-administered switch, can't block anything.
If the switch is manageable, then call the admin of the switch. Let him solve the issue, or fire him.Your image is a physical setup of your network, with some details about how the "Virtual" part is assigned. I've never used the devices you use, except pfSense. So all I can say is "... ok ...."
I don't use VLAN at all, as I have to apply the rule "keep it simple" as this implies "nothing to learn".Btw : Why would you keep a Mikrotik in place if you have a pfSense ;)
My advise : use a router, and this could be any PC you find out there, add an extra 5 $ network card into it, or better : a quad NIC if you want more interfaces (and wind up with a situation where you don't need VLAN, so one big can of worms less) and you have the perfect setup to test about everything, captive portal included.
Later on, with the acquired experience, you can go wild with convoluted setups but I'll bet you'll say : "no-way ..."
