CP problem redirect to voucher page

stefanero

Hi there,

I have a little strange problem with the captive portal. Currently running version Thu Oct 14 01:16:12 EDT 2010 i386.

We have a distributed setup.

Inet –- PFsense (172.30.11.10) -- router -- WLAN (172.31.0.XX)
^-- WLAN (172.32.0.XX)
^-- WLAN....

So the strange thing is,

when I disable CP it works fine to connect from the WLAN to the inet
when I enable CP there should be a redirect to the CP voucher loing page. I can see the redirect URL in the browser, but it times out after a while.
when I open a webbrowser, browse to the IP of PFsense (I dont even do anything here just open), close browser, reopen again and browse to google, the redirect works to the voucher login page.

This keeps working for a couple days or until I reboot PFsense. Then my browser will timeout againe when not allowed to browse thruw CP.
Opening up PFsense admin site, and then rebrowse back to the Inet redirects me to the voucher page.

Does anyone have an idear and can help me out.

thnx a lot
stefan

stefanero

I tryed to dig this down a little

when the client is in the state of "not redirecting to the voucher" page, I send a ping from the pfSense to the client.

The ping worked, but still the redirect was not working correctly.

Also I did a ping from the client to the pfSense, but still the redirect to the voucher page was not happening when trying to access the Inet.

Only after I visited the pfSense Webinterface (admin login page) and then retry to open "google.com" for example the redirect to the voucher loing pages worked fine.

Hope this helps a little.

stefanero

eri--

You are blocking dns and have possibly no allow rule in firewall rules.
Check the wiki it has documentation for this.

stefanero

Well I do have 3 DNS servers setup in the allowed

"Allowed IP addresses" TAB,

and also the network where the clients come from are allowed todo "anything".

Let me explain the way I did it:

-open browser, browse to www.google.com –> times out , close browser
-open browser, browse to IP of pfsense --> the login pops up , close browser
-open browser, browse to www.google.com --> redirect to voucher page --> authenticate --> works fine

I dont change anything in the settings,
after I browse 1 time to the url of the pfSense server and connect to the webserver it works okey.

stefan

stefanero

Hi again,

I just digged out an old pfSense snapshot from Tue Aug 10 21:16:23 EDT 2010
and here the captive portal workes fine.

I installed pfSense from Aug 10 and loaded the current config to it, and here I dont have to access the pfSense admin-page from a client to get the redirect to the voucher page.

teh redirect here works out of the box, when connecting to google or whatever page.

sry to tell but looks to me like a bug in the CP somewhere.

stefanero

Alright, I even managed to narrow down where the error got introduced.

I have some old pfSense images still stored on my pc here,

the next one after Aug 10 was Fri Aug 27 23:40:39 EDT 2010

here it is not working anymore. So its "just" 17days of CP commits where this error might have been introduced.

Hope this helps a little

Stefanero

stefanero

Hi,

not sure if someone is working on this, since noone repleyed.

I will post netstat

Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 2196 74.125.43.99.8000 172.31.0.9.53012 FIN_WAIT_1
tcp4 0 0 74.125.43.99.80 172.31.0.9.53011 TIME_WAIT

I will rollback to Aug 20th snapshot since this worked fine…

If you need me to test smth or have any updates just let me know.

regards
Stefan

eri--

Try modifyin /usr/local/captiveportal/index.php

Remove line 46 which has:
header("Connection: close");

and retry.

stefanero

Hi there,

well did not help it, I commented it out

//header("Connection: close");

but its doing the same thing as before, just times out while connecting to it.
And then again connecting to the pfSense webserver, and reopening google it redirects directly to the voucher page…

Stefan

@ermal:

Try modifyin /usr/local/captiveportal/index.php

Remove line 46 which has:
header("Connection: close");

and retry.

stefanero

Hi there,

a little update.

it works on my least favorite OS now -> windows… the redirect happens, I just mostly never use windows but thats fixed now.

It does not work for *nix , like Linux / Android / iPad etc pp :)

hope this helps
stefan

stefanero

Hi,

is there any way I could help? There seams to be a difference on how windows works with the redirect to the captive portal, and the way *nix handle this.

Do you require some wireshark traces or smth like this.

Stefan

eri--

Yes if you have them.

But preferably you should not run the GUI on port 80.

stefanero

Hi erml,

I changed Port from 80 to 8080, but this did not change anything.

I will upload wireshark traces from a ubuntu system, I renamed the wireshark files to txt, since this is a valid extention.

The not working variante, was just opening a firefox and browse to www.google.com, I let it try for a couple of seconds and stopped it.

Then 2nd working one, was with a connect to pfsense ip in the beginning on port 8080 this time, and then reopen www.google.com

if you need anything let me know.

cu
stefanero

wireshark-portal-not-working.txt
wireshark-portal-working.txt

stefanero

OMG

I found it …

its the redirect page...

If I insert my own redirect page , I just simple copied the example code, and insert it into a html file and use this instead of the original -> it works.... :D

stefanero

Hi again,

working my way thruw.

If the redirect page is to "big" it wont work for *nix systems.

I will attach 2 very easy and simple html files, the smaller one works on *nix, the bigger one will fail with the same error as mentioned above.

you will notice only difference is , the two big blocks of "dummy text" in a table collum.

I checkd lighthttpd error log but could not see anything…

test-big.txt
test-small.txt