Pfsense + Apple don't mix?
-
I've had trouble in the past with Apple Devices going through the captive portal, an Apple device needs to see a certain page on the Apple website in order to initiate the connection, I generally just allow the host name through the captive portal and it works.
I'm sure it came in on a certain iOS which may explain why some connect, are they running older versions of iOS?
-
The apple devices make a connection to one of a few URLs maintained by apple. They expect to see "Success" returned. If that's what they get, they assume they are on the internet. If they get anything else (like your captive portal page) they bring up a mini-browser and load again. The user sees your portal and signs on.
My main complaint is the timeout seems too short to enter a voucher, etc, after which the device gives up and switches back to another network.
What we need is an IETF standard for portal discovery. Maybe a DHCP option. Maybe extend WPAD.
-
I'm running on Squid + Squidguard. I believe the devices are updated to the latest version. I'm stumped.
-
No squid/squidguard here. Pretty sure that pretty much breaks captive portal. Priorities.
-
We need to utilise squid +squidguard for web filtering. Running it in a school after all.
-
OK so I turned off my Squid + Squidguard to see if iTunes would be able to update/install any apps on the tablet. No dice. :(
-
Huh? Dude it's just packets. There is nothing special about iTunes. If there's a portal you need to get through that before iTunes will be able to get out.
Or you need to identify every hostname and/or IP address iTunes uses and whitelist them in your CP. (Good luck with that.)
-
OK so I turned off my Squid + Squidguard to see if iTunes would be able to update/install any apps on the tablet. No dice. :(
Because these packages (at least squid) break the pfSense core portal code.
Save your settings, reinstall a clean pfSense - import settings and you'll find out what I already found out many years ago:
Devices that work best with the Cpative Portal are ….. Apple devices.
Never had to 'touch' settings in these devices - they just work out of the box.Better yet : when connecting to a Wifi network, they make a 'http' call to a random (the list is in iOS) site - as said, the result should be the text "Succes". (btw: Microsoft OS devices do the same thing also)
If no "Success", the iDevice presumes its behind a Portal, so it pops up a mini browser that will show ... by magic, the Captive Portal Login Page !If you NEED squid etc, you should use the latest version that works (== doesn't break the portal).
I'm not using it myself, so no advise from me about that issue. -
Gertjan -
Just to check again, i should install the latest version which is 4.3.9 (currently installed 2.7.9 pkg v. 4.3.6)
as well as squidguard's latest version which is 1.9.15 (currently installed is 1.9.14)Thanks. Sorry for being so newbie at this.
-
Apologies if this is in the wrong thread but I have a few issues using pfsense + Apple.
This can be, because many or all Apple devices are sending also a TOS signal from there devices, but
you can try out to disable this and see if its running then for you. -
Another option is a router doing captive portal duties then an upstream router doing your proxying/filtering.
pfSense is free, after all.
-
Have you done a packet capture to see what Apple's software update is trying to reach and then checked the firewall logs to determine what is where it's being blocked?
-
Well I managed to fix the iTunes issue. Apparently you have to add in the IPs that is linked to iTunes under Target Categories and adding;
54.214.28.210 17.158.28.83 17.172.116.74 17.172.116.75 17.158.10.52 17.172.116.36 17.154.66.156 23.9.237.102 150.101.152.240 17.173.255.108 17.167.138.24 150.101.98.211 150.101.98.200 150.101.98.226 150.101.98.211 150.101.98.234 150.101.213.173 150.101.98.211 17.151.36.30 17.142.160.7 208.72.242.165 173.192.76.134 66.235.139.206 150.101.96.224 150.101.96.232 17.154.66.11 69.54.181.89 17.111.65.223 23.37.139.27 23.37.139.27 150.101.98.200 23.7.18.217 17.151.36.30 17.149.240.70 151.101.152.219 150.101.152.234 17.154.66.38It worked fine after that.
