Captive portal on multiple ifaces?

itsmorefun

Hello,
Will have possibility to run captive portal on multiple ifaces with pfSense 2.0?
Thank

eri--

Yeah, but its not yet included.

itsmorefun

Yesssssssssssss!!!!!!!!!!!!!!!!!!!!
Very very very Thank!!!!!
:D

eri--

https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/f8b1131038f1a8ced102c79ed6c72ef9dc05e6f1

Report more smiles ;)

itsmorefun

:o Good Work !
Thank you very much  :)
:D 8) ;) :) :D

itsmorefun

Hum,  :-
Seem not work.
I have try http://snapshots.pfsense.org/FreeBSD_RELENG_8_0/pfSense_HEAD/livecd_installer/pfSense-2.0-ALPHA-ALPHA-20090522-0021.iso.gz
If i select LAN, if user on LAN ask google, he have captive portail (ok)
If i select OPT1, if user on OPT1 ask google, he have captive portail (ok)
If i select LAN and OPT1, if a user on LAN ask google, he have portail, but if a user of OPT1 ask google he have google.  :'(

I will add interface and try with captive portail on OPT1 and OPT2…

Thank in advance.

itsmorefun

Same result,
With captive portal enabled on OPT1 and OPT2, only OPT1 packet are intercepted.

I will try to understand https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/f8b1131038f1a8ced102c79ed6c72ef9dc05e6f1 to find why that don't work…

Maybe a problem with:
341 # skip to traffic shaper if not on captive portal interface
342 add 1000 set 1 skipto 50000 all from any to any not layer2 not $cpif
343 # pass all layer2 traffic on other interfaces
344 add 1001 set 1 pass layer2 not $cpif

If I do "ipfw show | grep ed2" with only OPT1 selected:
01000     5    5344 skipto 50000 ip from any to any not layer2 not via ed2
01001     5    5344 allow ip from any to any layer2 not via ed2

If I do "ipfw show | grep ed3" with only OPT2 selected:
01000     5    5325 skipto 50000 ip from any to any not layer2 not via ed3
01001     5    5325 allow ip from any to any layer2 not via ed3

If I do "ipfw show | grep ed2" with OPT1 and OPT2 selected:
01000     5    5325 skipto 50000 ip from any to any not layer2 { not via ed2 or via ed3 }
01001     5    5325 allow ip from any to any layer2 { not via ed2 or via ed3 }

Maybe the problem is the interpretation of the "not" and the "or" ?

Thank for any help.

eri--

Can you update to the latest snapshot or try this modification?
https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/fca39472782bdbd06722c053cb345de6a8f754bd

Thanks

itsmorefun

Yes!!! You are a king  8)

It work  ;)

Juste two things,
->on Status: Captive portal:
The last line, the column Session start show: Warning: date() expects parameter 2 to be long, string given in /usr/local/www/status_captiveportal.php on line 107

->on Status: System logs: Portal Auth: When user have a firewall blocking input icmp some log with: php[43507]: /index.php: The command '/sbin/ping -c 1 -t 1 172.16.1.11' returned exit code '2', the output was 'PING 172.16.1.11 (172.16.1.11): 56 data bytes –- 172.16.1.11 ping statistics --- 1 packets transmitted, 0 packets received, 100.0% packet loss'
(172.16.1.11 is the ip of the user)

Very Thank

eri--

Should be fixed both of them.

Thanks for teh feedback.

itsmorefun

@ermal:

Should be fixed both of them.

Thanks for teh feedback.

Nice but https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/4fa2be6d7d7e2351e60805d7cbcb7d734945adb5 not work because $cpent is an array.

With "if (empty($cpent[0]))" it work

Thank
:)

eri--

Added to the repo a better fix https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/caec9484b7ad9fdf1613db7b05955a14281b4b9c

itsmorefun

@ermal:

Added to the repo a better fix https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/caec9484b7ad9fdf1613db7b05955a14281b4b9c

Nice, it work too

BUT after start the captive portal, while nobody log on, the captiveportal.db file is not created and the
status page show:
Warning: file(/var/db/captiveportal.db): failed to open stream: No such file or
directory in /usr/local/www/status_captiveportal.php on line 67 Warning: Invalid
argument supplied for foreach() in /usr/local/www/status_captiveportal.php on line
68
;D

Thank :)

itsmorefun

Thank Ermal (https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/93ed765955f8891b985805e4d49ba96f8694c6d7)
:-)

rt_rex

I did not test the captive portal feature on 2.0 .
One thing i did not understand about dual iface captive portal.
Assuming i have CAPtive portal enable on LAN and OPT1 and the CP interfaces are in diferent subnets (10.0.0.0/24,192.168.1.0/24), how do they do the http redirect to one single address ?
Or there is a field to config the two independent URL redirect ,one for each subnet?

Thanks

eri--

It will show the same login to different subnets.
That is all up to you in your login page php code if you want to show them different things.