Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Not been able to get CP working on OPT1 tagged VLAN

    Scheduled Pinned Locked Moved Captive Portal
    3 Posts 2 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N8LBVN
      N8LBV
      last edited by

      Have everything up & running Properly without Captive portal.
      Wan Interface UP & working
      LAN UP & working
      OPT1 (LAN2) is up & working have a /24 subnet DHCP server and NAT to WAN for Internet access all working great & tested.

      I've tested this same arrangement on a physical box with 3 separate interfaces and it works fine there.

      This system is different in that it is a virtual machine running on Windows and VMware server.
      The physical server has two network interface.. my virtual machines bridge Their interfaces to either of the two physical NICS.

      My Windows server has 2 physical interfaces and one virtual interface (3rd interfaces is vlan tagged for the vlan I intend to use for wireless).
      This is using the Intel server NICs and setting up VLANs on the interfaces.

      I have the special vlan interface TAGGING vlan packets and sending them to a managed switch where it is vlan aware and also has ports setup as
      port vlan ports for the wireless access points.. I ONLY pass specific VLAN traffic to-from the port vlan ports on the switch.

      My pfsense (virtual machine) has 3 Interfaces. WAN LAN and OPT1

      The WAN and LAN are setup for what you'd call a normal or usual network allowing Internet access to the LAN and natting traffic to a single public IP.

      I have set up OPT 1 to do the same on another subnet as well (LAN2)

      All works and has been working great for some time.

      OPT1 is bridged to the wireless VLAN interface (virtual interface) on the physical server  which in turn is vlan tagging out to the managed switch which has port vlan ports to the wireless access points.
      which all works!!
      But if I turn on the captive portal for OPT1 clients on the OPT1 network still get a DHCP address can ping the address of the OPT1 interface but cannot get past the OPT1 interface or to the Internet
      Nor do they get the normal redirect login page.

      I suspect something that is being done on the CP is not compatible with tagged vlans somehow. :-(

      If you have any thoughts on something I might be missing that'd be great.. I realize this is not the normal or usual setup or use of the captive portal :-)
      But it IS cool. :-) and otherwise is allowing one server to do a lot of really cool things.
      & If you're not really used to working with VLANS this post might be really confusing without a visual network diagram.

      I feel more like I do now.

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        That's actually a very common captive portal setup. If you disable CP can the clients get out fine? With it enabled, do they get DNS? Their DNS server must be the DNS forwarder, or otherwise you must put in the DNS server as an allowed IP.

        1 Reply Last reply Reply Quote 0
        • N8LBVN
          N8LBV
          last edited by

          Thank You.. I feel like a total idiot.
          I thought all along I had the DNS forwarder on but I had disabled it earlier as it wasn't needed before bringing up the CP.
          I also forgot that it is needed for the CP for obvious reasons URGH!

          Works great..

          This thing (PFSense) is awesome we are starting to get some paid jobs because of how well done this is and how reliable it is and how impressive the user interface is.
          It's seriously the ONLY web interface I have ever used that I'd say was done right.
          I plan to be rolling in a year of PAID support with our next big job even if I could get away without it.

          I feel more like I do now.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.