No Internet on my captive portale
-
There are ARUBA APs.
The DHCP is configured only on the Pfsense 's lans interfaces.
The APs don't do anything special. They just have SSIDs that points to the pfsense's network that's it.
-
Do you use NAT on your pfsense?
-
When you connected to the GUI or Telnet or SSH interface of one of your AP's, can you:
ping a remote location ?
Does it resolve when ping www.google.com ?
ping 92.168.6.253 (and why is LAN1 not 192.168.6.1 ? - your first AP on this segment 192.168.6.2, etc ?)
The gateway of every AP on LAN1 segment is set to 92.168.6.253 ?
The DNS of every AP on LAN1 segment is set to 92.168.6.253 ?Btw The IP's of your AP's should be on the "Allowed IP addresses list" on the captive portal, so they can 'NTP', etc for their own needs.
Also: never ever use the WAN network plug on an AP when using it as a simple AP - you can use other available 'switch' network RJ45 plugs.
-
I left the NAT configuration by default…
My AP can communicate with all my servers including Pfsense.
My AP are on 192.168.10.0. They are located on vlans which allow communication.
They have no gateway configured because we can't do that on those APs...
Where can I find the "Allowed IP addresses list"
-
I found the "allowed IP address" section but still no interent.
I made a Nslookup to www.google.fr but I have a DNS request timeout.
-
My AP are on 192.168.10.0. They are located on vlans which allow communication.
Why are they not on LAN1 segment ?
Example 192.168.6.2.My AP's are all on the OPT1 segment (my Portal interface NIC)
pfSense is 192.168.2.1 (= NIC OPT1).
AP1 = 192.168.2.2 DNS = 192.168.2.1 Gateway = 192.168.2.1
AP2 = 192.168.2.3 DNS = 192.168.2.1 Gateway = 192.168.2.1
AP3 = 192.168.2.4 DNS = 192.168.2.1 Gateway = 192.168.2.1Of course, these AP's have SSH and GUI access, but there internal firewalled so that thy only accepts connection from 192.168.2.1
I can administer these AP's just fine from my LAN (192.168.1.0/24) segment - our Portal visitors can't access our AP's administration ports.Bonus: all AP's are enforced to allow a connections from ANY (client) to pfSEnse (192.168.2.1) - no where else, so clients can't see the shared drives of other clients.
They have no gateway configured because we can't do that on those APs…
So, a radio (Wifi) connection comes in.
How should it know where to send the packets to ? -
I can't do it because I have multiple networks .
My APs are not used only for Pfsense they are also used for users who wants to connect via a radius server located on another network.
So I had to give a network only for my APs. :-\
The APs are tagged on multiple vlans that includes the Pfsense ones.
-
The APs are tagged on multiple vlans that includes the Pfsense ones.
Good to mention after two days… Sigh. ::)
Produce some network diagram with complete information. Enough time wasted already.
-
Here is a schema to illustrate
-
Sorry, I cannot make anything useful out of that.
-
Sorry :-\ what king of information do you need?
-
Please, review this example. From the diagram you posted, I cannot even see what's connected where (WAN, LANx), let alone the IPs/subnets, VLANs, etc.
-
Okay let me know if it's good or not
-
Yeah it's awesome except that we again lost the VLANs…
-
oups…
-
Hi everybody,
just to tell you you that I'vez changed my NAT configuration on my Netasq and now it's working for the network which is in 192.168.6.0.
My other network on 192.168.110.0 still have no CP and no Internet.
This interface has been set on OPT1 I don't know if it can explain that…
-
I think the problem client don't redirect to captive portal page is your dns. Don't manual config dns on your computer. I have see this problem and resolve this by using this way.
-
I've managed to have internet on my Guest interface by working on the rules of pfsense , but no CP :(
I directly go to internet without authentication.
When I enter 192.168.110.253:8004 I see the CP but if I try to log in nothing happens.
I've entered the DNS adresse on the allowed IP addresses. Even the APs but it doesn't work.
This interface is an OPT1 I don't know if it matters.
-
…
and the rules on that interface are ?
Any special settings ? (looking at your schema's, I'm prepared to see a not-simple thing). -
No nothing special .
I put only 3 rules…
