Captive portal not working in RC1? Status?

0tt0

Ok, I've setup captive portal correctly, and added some different FW rules, one allowing some specific traffic into the LAN (I have captive portal active only on OPT1) and all this seem to work as intended, when traffic flows.

There's just one problem, the captive portal doesn't seem to stop any traffic at all. I've seen some different discussions on it not working in various versions and am not sure what status is right now. (Also, I wasn't aware that there was any later RCs at all! The banner at this page only refer to the RC1 being available, via a blog post.)

So, assuming captive portal is broken in RC1, will it work in RC3, and will that upgrade introduce any other problems? I have made extensive work on my install the latest week and everything works now, except captive portal then, but I really don't have any time for any new problems right now, so some comment on this would be appreciated.

TIA,

0tt0

Replying to myself…

I have now applied "pfSense-Full-Update-1.2.3-20091004-0733" and captive portal still doesn't work.

Exactly the same behavior as with RC1. All routing and firewalling to the extra physical interface seem to be correct and working.

What could I possible be doing wrong, if anything? "Enable captive portal" is ticked and interface is active and working. I have a client accessing that interface via an AP connected to that interface and that client can surf anywhere without seeing any logon screen.

And yes, I have "Local user manager" chosen under "Authentication", not "No authentication".

In what versions are captive portal known to be working?

BTW: I am sure it worked in 1.2.2, I once switched it on to see how it worked.

TIA,

0tt0

Still replying to myself…

I now use:

1.2.3-RC3
built on Sun Oct 4 07:33:41 UTC 2009
FreeBSD 7.2-RELEASE-p4 i386

and c.portal still doesn't work.

I thought that someone would have some kind of tip on troubleshooting.
As previously noted I have had c.portal active in earlier versions of pfS so I'm not so humble when it comes to me doing things wrong here, unless internal workings have altered somehow.

I have tried to reboot after enabling but that changes nothing.

TIA,

--- Adding..

I now actually found some differences between browsers, but still no working c.portal

When using Ffox:

When changing cportal setting, turning it on, Ffox stops dead and cannot reload opened pages untill I reboot pfS

MSIE:

When using MSIE at the same time I can verify that this is not the case, when doing the same I can reload opened pages in MSIE BUT when doing so (and having turned on the portal) traffic still flows through the MSIE browser without being stopped.

Can anyone explain this?

--- Added info:

Installed packages:

Backup
Dashboard
FreeSWITCH
Lightsquid
TFTP
arping
bandwidthd
darkstat
freeradius
imspector
phpSysInfo
squid
squidGuard
vnstat

squidguard is the only one not started

htgtech

Try adding your DNS ips to the allowed IP addresses as "to" ips. I did this and it fixed the problem.

dotdash

Wow, do you need all of those packages? I have seen reports of squid not working with the captive portal. Try removing squid and testing.

htgtech

I have squid running on my install and captive portal worked fine, just had to had the dns ips to the to- allowed.

0tt0

@htgtech:

Try adding your DNS ips to the allowed IP addresses as "to" ips. I did this and it fixed the problem.

Thanx for the tip, will try. (I don't remember doing any such thing earlier when I tested it and got it to work. But will test.

0tt0

@dotdash:

Wow, do you need all of those packages? I have seen reports of squid not working with the captive portal. Try removing squid and testing.

:) Well a few of them provide very useful features. I think one, freeradius, could/should if possible, be part of the main system.

I would guess that the following would "never" (or perhaps "not likely") impact on main networking components or disrupt main services of the system:

Backup
TFTP
arping
freeradius

They are either separate services or more client type apps.

The rest I think feels like they are closer to interfaces etc and perhaps could cause problems in theory.

These provide functionalities that to different degrees are present in the system:

bandwidthd
darkstat
vnstat

I do however think bandwidthd and vnstat are somewhat useful occasionally.

Cheers,

dotdash

@htgtech:

I have squid running on my install and captive portal worked fine, just had to had the dns ips to the to- allowed.

Perhaps you could lend some insight to this thread: http://forum.pfsense.org/index.php/topic,20097.0.html

0tt0

I have to do some more testing (I had a large value of timeout set at first) but it looks like your tip on entering ISP's IPs works!

Thanks htgtech! I have waited a long time for someone to help me solve this.

However.. I do not understand why that worked, the interface where the portal is now active uses pfSense internally on that interface as DNS through DHCP, why would entering any other DNS into "allowed addresses" solve this problem? Obviously I'm missing something there..

I use squid in transparent mode on this interface as well and it seems to work, I never disabled squid during these testing.

Thanks,

0tt0

Well this seem not to be very stable, I'll start a new thread..