Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cannot connect when captive portal is enabled

    Scheduled Pinned Locked Moved Captive Portal
    24 Posts 4 Posters 4.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nappy_d
      last edited by

      I am having an issue trying to activate a captive portal.

      • I have configured OPT2 which is a sub interface on vLAN30 of my gigE NIC
      • I have then connected my UniFi-AP-LR to my NetGeat GS108 switch with vLAN30
      • I have created an Open SSID on the UniFi
      • I am now able to connect and browse the internet.
      • Now I create a captive portal for this vLAN but no clients are able to browse the internet or get to the Captive Portal page

      When I test my captive portal page, this is the error that appears.

      Any thoughts on what may be my issue?

      T.I.A….
      ![Screen Shot 2016-01-20 at 6.52.43 PM.png](/public/imported_attachments/1/Screen Shot 2016-01-20 at 6.52.43 PM.png)
      ![Screen Shot 2016-01-20 at 6.52.43 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-01-20 at 6.52.43 PM.png_thumb)

      1 Reply Last reply Reply Quote 0
      • M
        muswellhillbilly
        last edited by

        Have you customised the captive portal page at all, or any other part of the captive portal components? If so, post any changes or amendments you've made.

        1 Reply Last reply Reply Quote 0
        • N
          nappy_d
          last edited by

          There have been no customizations.  Everything is vanilla and right out of the box, so to speak.  I have reinstalled the system 2x and get the same results everytime.

          This is the content of the custom portal page I created…

          
          Enter your username and password and click Login to access the Internet
          
          			 |			 
          
          			 |			 
          
          			 |			
          
          
          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            How can there be no customizations but you created a portal page?

            Your portal page is jacked. Delete it and use the built-in one to get it working then worry about your custom page.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • N
              nappy_d
              last edited by

              Thanks for all the input so far however it does not make a difference whether I upload custom portal page or go with what pfSense comes preloaded with, it does not work.

              As soon as the captive portal is disabled, this particular network interface works 100%.  Re-enable the captive portal and internet connection stops.

              Here is the same message that appears even with the default captive portal page

              It also shows that 1 is connected, my mobile phone but never does the portal auth page appear other than when I go to the test preview page..

              ![Screen Shot 2016-01-21 at 8.19.48 PM.png](/public/imported_attachments/1/Screen Shot 2016-01-21 at 8.19.48 PM.png)
              ![Screen Shot 2016-01-21 at 8.19.48 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-01-21 at 8.19.48 PM.png_thumb)
              ![Screen Shot 2016-01-21 at 8.30.15 PM.png](/public/imported_attachments/1/Screen Shot 2016-01-21 at 8.30.15 PM.png)
              ![Screen Shot 2016-01-21 at 8.30.15 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-01-21 at 8.30.15 PM.png_thumb)

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                What version of pfSense is this?

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • N
                  nappy_d
                  last edited by

                  Here is what I am running..

                  • Lenovo ThinkCenter M55

                  • Second NIC for LAN TP-Link PCI-E 1GigE

                  • Sub interface OPT1(vLAN25) used for some home automation gear

                  • Sub interface OPT1(vLAN30) to be used for Guest WiFi

                  • Version  2.2.6-RELEASE (i386)

                  • built on Mon Dec 21 14:50:36 CST 2015

                  • FreeBSD 10.1-RELEASE-p25

                  • CPU Type Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz

                  • 2 CPUs: 1 package(s) x 2 core(s)

                  • Unifi AP-LR  connected to Netgear GS108

                  • 40GB SSD

                  • DHCP on all interfaces are providing leases.

                  1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate
                    last edited by

                    Why are you running i386?

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • N
                      nappy_d
                      last edited by

                      It just happened to be the version I downloaded.  That aside, is this the cause of the issue I am running into?

                      I don't have an issue rebuilding.

                      1 Reply Last reply Reply Quote 0
                      • DerelictD
                        Derelict LAYER 8 Netgate
                        last edited by

                        I don't know. I would try amd64 before trying to find the cause of that.

                        Chattanooga, Tennessee, USA
                        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                        Do Not Chat For Help! NO_WAN_EGRESS(TM)

                        1 Reply Last reply Reply Quote 0
                        • M
                          muswellhillbilly
                          last edited by

                          @nappy_d:

                          I don't have an issue rebuilding.

                          Sounds like the best solution, though as Derelict suggests, use the amd64 version. I'd also test each step, leaving enabling the captive portal until the end. Use just the default CP page to ensure it's working before you try making any customisations or alterations. Then move on from that and ensure the CP continues working after each change. If it fails at any point, undo the last change you made and work on from there.

                          1 Reply Last reply Reply Quote 0
                          • N
                            nappy_d
                            last edited by

                            64bit is now installed and the same issue exisits.  I am unable to reach the captive portal page.

                            1 Reply Last reply Reply Quote 0
                            • M
                              muswellhillbilly
                              last edited by

                              How are you setting up your captive portal? What settings are you putting in for the authentication server? Are you really running this as a vanilla installation, or are you changing anything at all? Did you go through the steps I suggested in my last post?

                              1 Reply Last reply Reply Quote 0
                              • N
                                nappy_d
                                last edited by

                                @muswellhillbilly:

                                How are you setting up your captive portal? What settings are you putting in for the authentication server? Are you really running this as a vanilla installation, or are you changing anything at all? Did you go through the steps I suggested in my last post?

                                See reply number 6 above.  This is my configuration and there is nothing entered for the authentication server.

                                The instant that I enable a captive portal for OPT1, vLAN30, internet connectivity is lost and the captive portal auth page does not appear.

                                TP-Link PCI-E gigE NIC
                                vLAN1 172.16.0.1 is  the pfSense physical interface
                                vLAN30 172.16.11.1 is a sub interface on the TP-Link

                                1 Reply Last reply Reply Quote 0
                                • M
                                  muswellhillbilly
                                  last edited by

                                  @nappy_d:

                                  See reply number 6 above.  This is my configuration and there is nothing entered for the authentication server.

                                  So how are you authenticating your users? Are you using local accounts?

                                  Might be an idea to post a full screenshot of your captive portal settings.

                                  1 Reply Last reply Reply Quote 0
                                  • N
                                    nappy_d
                                    last edited by

                                    The current setup is:
                                    UniFi AP setup with 3 vLANS

                                    • vLAN1 my default vLAN and the physical(gig-E NIC) interface 172.16.0.1
                                    • vLAN30(172.16.11.0/24) is a sub-interface on the TP-Link gigE NIC
                                    • on my AP it is configured as open for Guest WiFi
                                    • I have configured one local account on the pfSense called Wifi(with a password).  Added this account to the capitve portal security group

                                    What works

                                    • No rules configured for vLAN30
                                    • connect my phone(or laptop) to the guest ssid
                                    • internet access works 100%
                                      What doesn't work
                                    • no rules configured for vLAN30
                                    • enable captive portal(See settings http://1drv.ms/1SakuBD)
                                    • no more internet access or redirection to the captive portal login page.
                                    1 Reply Last reply Reply Quote 0
                                    • DerelictD
                                      Derelict LAYER 8 Netgate
                                      last edited by

                                      If you have no rules configured interface VLAN30 will not pass any traffic.

                                      Chattanooga, Tennessee, USA
                                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                      1 Reply Last reply Reply Quote 0
                                      • N
                                        nappy_d
                                        last edited by

                                        @Derelict:

                                        If you have no rules configured interface VLAN30 will not pass any traffic.

                                        I have also configured the following rules attached and when configured no traffic passes when the captive portal is enabled.

                                        ![Screen Shot 2016-01-22 at 8.43.25 PM.png](/public/imported_attachments/1/Screen Shot 2016-01-22 at 8.43.25 PM.png)
                                        ![Screen Shot 2016-01-22 at 8.43.25 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-01-22 at 8.43.25 PM.png_thumb)
                                        ![Screen Shot 2016-01-22 at 8.44.40 PM.png](/public/imported_attachments/1/Screen Shot 2016-01-22 at 8.44.40 PM.png)
                                        ![Screen Shot 2016-01-22 at 8.44.40 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-01-22 at 8.44.40 PM.png_thumb)

                                        1 Reply Last reply Reply Quote 0
                                        • DerelictD
                                          Derelict LAYER 8 Netgate
                                          last edited by

                                          If you can't get through the portal you can't get onto the internet. That's kind of the point.

                                          Only passing TCP and UDP you won't be able to ping - that's ICMP. Just use any.

                                          Chattanooga, Tennessee, USA
                                          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                          Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                          1 Reply Last reply Reply Quote 0
                                          • N
                                            nappy_d
                                            last edited by

                                            Point taken on "use any".

                                            I am unfortunately still stuck on not being able to browse the internet from the guest WiFi vLAN when the captive portal is enabled. :(

                                            Now on a 64bit install and same issues.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.