No Internet on my captive portale
-
I found the "allowed IP address" section but still no interent.
I made a Nslookup to www.google.fr but I have a DNS request timeout.
-
My AP are on 192.168.10.0. They are located on vlans which allow communication.
Why are they not on LAN1 segment ?
Example 192.168.6.2.My AP's are all on the OPT1 segment (my Portal interface NIC)
pfSense is 192.168.2.1 (= NIC OPT1).
AP1 = 192.168.2.2 DNS = 192.168.2.1 Gateway = 192.168.2.1
AP2 = 192.168.2.3 DNS = 192.168.2.1 Gateway = 192.168.2.1
AP3 = 192.168.2.4 DNS = 192.168.2.1 Gateway = 192.168.2.1Of course, these AP's have SSH and GUI access, but there internal firewalled so that thy only accepts connection from 192.168.2.1
I can administer these AP's just fine from my LAN (192.168.1.0/24) segment - our Portal visitors can't access our AP's administration ports.Bonus: all AP's are enforced to allow a connections from ANY (client) to pfSEnse (192.168.2.1) - no where else, so clients can't see the shared drives of other clients.
They have no gateway configured because we can't do that on those APs…
So, a radio (Wifi) connection comes in.
How should it know where to send the packets to ? -
I can't do it because I have multiple networks .
My APs are not used only for Pfsense they are also used for users who wants to connect via a radius server located on another network.
So I had to give a network only for my APs. :-\
The APs are tagged on multiple vlans that includes the Pfsense ones.
-
The APs are tagged on multiple vlans that includes the Pfsense ones.
Good to mention after two days… Sigh. ::)
Produce some network diagram with complete information. Enough time wasted already.
-
Here is a schema to illustrate
-
Sorry, I cannot make anything useful out of that.
-
Sorry :-\ what king of information do you need?
-
Please, review this example. From the diagram you posted, I cannot even see what's connected where (WAN, LANx), let alone the IPs/subnets, VLANs, etc.
-
Okay let me know if it's good or not
-
Yeah it's awesome except that we again lost the VLANs…
-
oups…
-
Hi everybody,
just to tell you you that I'vez changed my NAT configuration on my Netasq and now it's working for the network which is in 192.168.6.0.
My other network on 192.168.110.0 still have no CP and no Internet.
This interface has been set on OPT1 I don't know if it can explain that…
-
I think the problem client don't redirect to captive portal page is your dns. Don't manual config dns on your computer. I have see this problem and resolve this by using this way.
-
I've managed to have internet on my Guest interface by working on the rules of pfsense , but no CP :(
I directly go to internet without authentication.
When I enter 192.168.110.253:8004 I see the CP but if I try to log in nothing happens.
I've entered the DNS adresse on the allowed IP addresses. Even the APs but it doesn't work.
This interface is an OPT1 I don't know if it matters.
-
…
and the rules on that interface are ?
Any special settings ? (looking at your schema's, I'm prepared to see a not-simple thing). -
No nothing special .
I put only 3 rules…
 -
Looks good to me.
First rule : doing what ? but ok.
Second rul : a pass-all.
Third rule : IPv6 will never make it here, the IPFW (or whatever) will block any incoming Ipv6 traffic. The portal code isn't IPv6-ready neither.When you disable the captive portal service, the interface does offer "Internet" access ?
-
Yes I still have Internet when I disable the CP
-
Perfect.
That proves that firewall rules for that NIC are ok.The issue must be: the captive portal doesn't understand your network setup.
Or: a DNS issue ? captive portal users should use the pfSense DNS and DHCP. -
I've setup a DHCP and my clients all have the pfsense as DNS and DHCP .
I really don't know what is happening.
I've setup the dns forwarder maybe I made a mistake.
