Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive portal

    Scheduled Pinned Locked Moved Italiano
    1 Posts 1 Posters 3.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cdc1975
      last edited by

      Ciao a tutti,

      Ho installato per prova un pfsense 2.0 su ALIX.2D13 e vorrei provare la funzione di captive portal.

      Il problema è il server non mi reindirizza correttamente alla pagina di autenticazione, ottengo infatti da firefox l'errore "Questa pagina non reindirizza in modo corretto. Firefox ha rilevato che il server sta reindirizzando la richiesta per questa pagina in modo che non possa mai essere completata."

      Se accedo a http://192.168.1.1:8000 ho solo una pagina bianca.

      Riporto il file di configurazione di prova, ho provato + volte a ripartire dal default factory ma non riesco mai a trovare l'intoppo. Nell'elenco delle problematiche legate alla 2.0 non trovo nessuna segnalazione a riguardo.

      Se qualcuno mi può dare un suggerimento lo ringrazio anticipatamente.

      Config file:

      <pfsense><version>6.3</version>
      <lastchange><theme>pfsense_ng</theme>
      <sysctl><desc>Set the ephemeral port range to be lower.</desc>
      <tunable>net.inet.ip.portrange.first</tunable>
      <value>default</value>
      <desc>Drop packets to closed TCP ports without returning a RST</desc>
      <tunable>net.inet.tcp.blackhole</tunable>
      <value>default</value>
      <desc>Do not send ICMP port unreachable messages for closed UDP ports</desc>
      <tunable>net.inet.udp.blackhole</tunable>
      <value>default</value>
      <desc>Randomize the ID field in IP packets (default is 0: sequential IP IDs)</desc>
      <tunable>net.inet.ip.random_id</tunable>
      <value>default</value>
      <desc>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</desc>
      <tunable>net.inet.tcp.drop_synfin</tunable>
      <value>default</value>
      <desc>Enable sending IPv4 redirects</desc>
      <tunable>net.inet.ip.redirect</tunable>
      <value>default</value>
      <desc>Enable sending IPv6 redirects</desc>
      <tunable>net.inet6.ip6.redirect</tunable>
      <value>default</value>
      <desc>Generate SYN cookies for outbound SYN-ACK packets</desc>
      <tunable>net.inet.tcp.syncookies</tunable>
      <value>default</value>
      <desc>Maximum incoming/outgoing TCP datagram size (receive)</desc>
      <tunable>net.inet.tcp.recvspace</tunable>
      <value>default</value>
      <desc>Maximum incoming/outgoing TCP datagram size (send)</desc>
      <tunable>net.inet.tcp.sendspace</tunable>
      <value>default</value>
      <desc>IP Fastforwarding</desc>
      <tunable>net.inet.ip.fastforwarding</tunable>
      <value>default</value>
      <desc>Do not delay ACK to try and piggyback it onto a data packet</desc>
      <tunable>net.inet.tcp.delayed_ack</tunable>
      <value>default</value>
      <desc>Maximum outgoing UDP datagram size</desc>
      <tunable>net.inet.udp.maxdgram</tunable>
      <value>default</value>
      <desc>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</desc>
      <tunable>net.link.bridge.pfil_onlyip</tunable>
      <value>default</value>
      <desc>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</desc>
      <tunable>net.link.bridge.pfil_member</tunable>
      <value>default</value>
      <desc>Set to 1 to enable filtering on the bridge interface</desc>
      <tunable>net.link.bridge.pfil_bridge</tunable>
      <value>default</value>
      <desc>Allow unprivileged access to tap(4) device nodes</desc>
      <tunable>net.link.tap.user_open</tunable>
      <value>default</value>
      <desc>Verbosity of the rndtest driver (0: do not display results on console)</desc>
      <tunable>kern.rndtest.verbose</tunable>
      <value>default</value>
      <desc>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</desc>
      <tunable>kern.randompid</tunable>
      <value>default</value>
      <desc>Maximum size of the IP input queue</desc>
      <tunable>net.inet.ip.intr_queue_maxlen</tunable>
      <value>default</value>
      <desc>Disable CTRL+ALT+Delete reboot from keyboard.</desc>
      <tunable>hw.syscons.kbd_reboot</tunable>
      <value>default</value>
      <desc>Enable TCP Inflight mode</desc>
      <tunable>net.inet.tcp.inflight.enable</tunable>
      <value>default</value>
      <desc>Enable TCP extended debugging</desc>
      <tunable>net.inet.tcp.log_debug</tunable>
      <value>default</value>
      <desc>Set ICMP Limits</desc>
      <tunable>net.inet.icmp.icmplim</tunable>
      <value>default</value>
      <desc>TCP Offload Engine</desc>
      <tunable>net.inet.tcp.tso</tunable>
      <value>default</value>
      <desc>TCP Offload Engine - BCE</desc>
      <tunable>hw.bce.tso_enable</tunable>
      <value>default</value></sysctl>
      <system><optimization>normal</optimization>
      <hostname>fw</hostname>
      <domain>intranet.net</domain>
      <group><name>all</name>

      <scope>system</scope>
      <gid>1998</gid>
      <member>0</member></group>
      <group><name>admins</name>

      <scope>system</scope>
      <gid>1999</gid>
      <member>0</member>
      <priv>page-all</priv></group>
      <user><name>admin</name>
      <fullname>System Administrator</fullname>
      <scope>system</scope>
      <groupname>admins</groupname>
      <password>$1$eRkJYBdc$eNo4qKmZCiBWpJHTq92Bc.</password>
      <uid>0</uid>
      <priv>user-shell-access</priv>
      <md5-hash>21232f297a57a5a743894a0e4a801fc3</md5-hash>
      <nt-hash>a281fad8d0de9635da57c0fe96220aa2</nt-hash></user>
      <user><scope>user</scope>
      <password>$1$rMNP4/sN$t.dayWIxkXO84LNFHdLyU0</password>
      <md5-hash>c9f5c29cf490da28e0ee29dddc7151c5</md5-hash>
      <nt-hash>f51df19a5bd2d915a4347ad5088bef14</nt-hash>
      <name>test</name>
      <fullname><expires><authorizedkeys><uid>2000</uid></authorizedkeys></expires></fullname></user>
      <nextuid>2001</nextuid>
      <nextgid>2000</nextgid>
      <timezone>Europe/Rome</timezone>
      <time-update-interval><timeservers>1.europe.pool.ntp.org</timeservers>
      <webgui><protocol>https</protocol>
      <ssl-certref>4bfd8e989ef1e</ssl-certref></webgui>
      <disablenatreflection>yes</disablenatreflection>
      <cert><refid>4bfd8e989ef1e</refid>
      <name>webConfigurator default</name>
      <crt>crt></crt></cert>
      <cert><refid>4bfe2e83641cd</refid>
      <name>CERTIFICATO-CP</name>
      <caref>4bfe2e348fde3</caref></cert>
      <enablesshd>enabled</enablesshd>
      <dnsserver>208.67.222.222</dnsserver>
      <dnsserver>208.67.220.220</dnsserver>
      <dnsallowoverride><dns1gwint>none</dns1gwint>
      <dns2gwint>none</dns2gwint>
      <dns3gwint>none</dns3gwint>
      <dns4gwint>none</dns4gwint>
      <ca><refid>4bfe2e348fde3</refid>
      <name>certCP</name>

      <serial>1</serial></ca></dnsallowoverride></time-update-interval></system>
      <interfaces><wan><enable><if>vr1</if>
      <mtu>1500</mtu>
      <media><mediaopt><ipaddr>10.39.251.140</ipaddr>
      <subnet>24</subnet>
      <spoofmac></spoofmac></mediaopt></media></enable></wan>
      <lan><enable><if>vr0</if>
      <ipaddr>192.168.1.1</ipaddr>
      <subnet>24</subnet>
      <media><mediaopt></mediaopt></media></enable></lan></interfaces>
      <staticroutes><pppoe><username><password></password></username></pppoe>
      <pptp><username><password></password></username></pptp>
      <dhcpd><lan><enable><range><from>192.168.1.10</from>
      <to>192.168.1.100</to></range>
      <defaultleasetime><maxleasetime><netmask></netmask>
      <failover_peerip><gateway><domain><domainsearchlist><ddnsdomain><tftp><ldap><next-server><filename><rootpath></rootpath></filename></next-server></ldap></tftp></ddnsdomain></domainsearchlist></domain></gateway></failover_peerip></maxleasetime></defaultleasetime></enable></lan></dhcpd>
      <pptpd><mode><redir><localip></localip></redir></mode></pptpd>
      <ovpn><dnsmasq><enable><hosts><host>fw</host>
      <domain>intranet.net</domain>
      <ip>192.168.1.1</ip></hosts></enable></dnsmasq>
      <snmpd><syslocation><syscontact><rocommunity>public</rocommunity></syscontact></syslocation></snmpd>
      <diag><ipv6nat><ipaddr></ipaddr></ipv6nat></diag>
      <bridge><syslog><nat><ipsecpassthru><enable></enable></ipsecpassthru></nat>
      <filter><rule><id><type>pass</type>
      <interface>wan</interface>
      <max><max-src-nodes><max-src-conn><max-src-states><statetimeout><statetype>keep state</statetype>
      <os><protocol>tcp</protocol>
      <source>
      <any><destination><any></any></destination></any></os></statetimeout></max-src-states></max-src-conn></max-src-nodes></max></id></rule>
      <rule><id><type>pass</type>
      <interface>lan</interface>
      <max><max-src-nodes><max-src-conn><max-src-states><statetimeout><statetype>keep state</statetype>
      <os><source>
      <network>lan</network>

      <destination><any></any></destination></os></statetimeout></max-src-states></max-src-conn></max-src-nodes></max></id></rule></filter>
      <shaper><ipsec><preferredoldsa></preferredoldsa></ipsec>
      <aliases><proxyarp><cron><minute>0</minute>
      <hour></hour>
      <mday>      </mday>
      <month></month>
      <wday>      </wday>
      <who>root</who>
      <command></command>/usr/bin/nice -n20 newsyslog
      <minute>1,31</minute>
      <hour>0-5</hour>
      <mday></mday>
      <month>      </month>
      <wday></wday>
      <who>root</who>
      <command></command>/usr/bin/nice -n20 adjkerntz -a
      <minute>1</minute>
      <hour>3</hour>
      <mday>1</mday>
      <month>      </month>
      <wday></wday>
      <who>root</who>
      <command></command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh
      <minute>      /60</minute>
      <hour></hour>
      <mday>      </mday>
      <month></month>
      <wday>      </wday>
      <who>root</who>
      <command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout
      <minute>1</minute>
      <hour>1</hour>
      <mday></mday>
      <month>      </month>
      <wday></wday>
      <who>root</who>
      <command></command>/usr/bin/nice -n20 /etc/rc.dyndns.update
      <minute>      /60</minute>
      <hour></hour>
      <mday>      </mday>
      <month></month>
      <wday>      </wday>
      <who>root</who>
      <command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot
      <minute>/5</minute>
      <hour>      </hour>
      <mday></mday>
      <month>      </month>
      <wday>*</wday>
      <who>root</who>
      <command></command>/usr/bin/nice -n20 /usr/local/bin/checkreload.sh</cron>
      <wol><rrd><enable></enable></rrd>
      <load_balancer><monitor_type><name>ICMP</name>
      <type>icmp</type>
      <desc>ICMP</desc></monitor_type>
      <monitor_type><name>TCP</name>
      <type>tcp</type>
      <desc>Generic TCP</desc></monitor_type>
      <monitor_type><name>HTTP</name>
      <type>http</type>
      <desc>Generic HTTP</desc>
      <options><path>/</path>
      <host>200</host></options></monitor_type>
      <monitor_type><name>HTTPS</name>
      <type>https</type>
      <desc>Generic HTTPS</desc>
      <options><path>/</path>
      <host>200</host></options></monitor_type>
      <monitor_type><name>SMTP</name>
      <type>send</type>
      <desc>Generic SMTP</desc>
      <options><send>EHLO nosuchhost</send>
      <expect>250-</expect></options></monitor_type></load_balancer>
      <widgets><sequence>system_information-container:col1:show,captive_portal_status-container:col1:close,carp_status-container:col1:close,cpu_graphs-container:col1:close,gateways-container:col1:close,gmirror_status-container:col1:close,installed_packages-container:col1:close,interface_statistics-container:col1:close,interfaces-container:col2:show,ipsec-container:col2:close,load_balancer_status-container:col2:close,log-container:col2:close,picture-container:col2:close,rss-container:col2:close,services_status-container:col2:close,traffic_graphs-container:col2:close</sequence></widgets>
      <revision><time>1274950593</time>

      <username>admin</username></revision>
      <l7shaper><container></container></l7shaper>
      <dnshaper><gateways><gateway_item><interface>wan</interface>
      <gateway>10.39.251.5</gateway>
      <name>netscreen</name>
      <weight>1</weight>
      <descr><defaultgw></defaultgw></descr></gateway_item></gateways>
      <openvpn><captiveportal><page><timeout>60</timeout>
      <interface>lan</interface>
      <maxproc><idletimeout><enable><auth_method>local</auth_method>
      <reauthenticateacct><httpsname>fw.intranet.net</httpsname>
      <bwdefaultdn><bwdefaultup><certificate></certificate>
      <cacertificate><private-key></private-key>
      <redirurl>http://www.google.it</redirurl>
      <radiusip><radiusip2><radiusport><radiusport2><radiusacctport><radiuskey><radiuskey2><radiusvendor>default</radiusvendor>
      <radmac_format>default</radmac_format>
      <logoutwin_enable></logoutwin_enable></radiuskey2></radiuskey></radiusacctport></radiusport2></radiusport></radiusip2></radiusip></cacertificate></bwdefaultup></bwdefaultdn></reauthenticateacct></enable></idletimeout></maxproc></page></captiveportal></openvpn></dnshaper></wol></proxyarp></aliases></shaper></syslog></bridge></ovpn></staticroutes></lastchange></pfsense>

      Ecco anche l'output del comando ipfw list:

      65291 allow pfsync from any to any
      65292 allow carp from any to any
      65301 allow ip from any to any layer2 mac-type 0x0806
      65302 allow ip from any to any layer2 mac-type 0x888e
      65303 allow ip from any to any layer2 mac-type 0x88c7
      65304 allow ip from any to any layer2 mac-type 0x8863
      65305 allow ip from any to any layer2 mac-type 0x8864
      65306 allow ip from any to any layer2 mac-type 0x888e
      65307 deny ip from any to any layer2 not mac-type 0x0800
      65310 allow udp from any 68 to { 255.255.255.255 or 192.168.1.1 } dst-port 67 in
      65311 allow udp from any 68 to { 255.255.255.255 or 192.168.1.1 } dst-port 67 in
      65312 allow udp from { 255.255.255.255 or 192.168.1.1 } 67 to any dst-port 68 ou
      t
      65313 allow icmp from { 255.255.255.255 or 192.168.1.1 } to any out icmptypes 0
      65314 allow icmp from any to { 255.255.255.255 or 192.168.1.1 } in icmptypes 8
      65315 allow udp from any to { 255.255.255.255 or 192.168.1.1 } dst-port 53 in
      65316 allow udp from { 255.255.255.255 or 192.168.1.1 } 53 to any out
      65317 allow tcp from any to { 255.255.255.255 or 192.168.1.1 } dst-port 8000 in
      65318 allow tcp from { 255.255.255.255 or 192.168.1.1 } 8000 to any out
      65319 allow tcp from any to { 255.255.255.255 or 192.168.1.1 } dst-port 443 in
      65320 allow tcp from { 255.255.255.255 or 192.168.1.1 } 443 to any out
      65321 allow ip from table(3) to any in
      65322 allow ip from any to table(4) out
      65323 pipe tablearg ip from table(5) to any in
      65324 pipe tablearg ip from any to table(6) out
      65325 allow ip from any to table(7) in
      65326 allow ip from table(8) to any out
      65327 pipe tablearg ip from any to table(9) in
      65328 pipe tablearg ip from table(10) to any out
      65329 allow ip from table(1) to any in
      65330 allow ip from any to table(2) out
      65531 fwd 127.0.0.1,8000 tcp from any to any in
      65532 allow tcp from any to any out
      65533 deny ip from any to any
      65534 allow ip from any to any layer2
      65535 allow ip from any to any

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.