Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cannot connect when captive portal is enabled

    Scheduled Pinned Locked Moved Captive Portal
    24 Posts 4 Posters 4.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      muswellhillbilly
      last edited by

      Have you customised the captive portal page at all, or any other part of the captive portal components? If so, post any changes or amendments you've made.

      1 Reply Last reply Reply Quote 0
      • N
        nappy_d
        last edited by

        There have been no customizations.  Everything is vanilla and right out of the box, so to speak.  I have reinstalled the system 2x and get the same results everytime.

        This is the content of the custom portal page I created…

        
        Enter your username and password and click Login to access the Internet
        
        			 |			 
        
        			 |			 
        
        			 |			
        
        
        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          How can there be no customizations but you created a portal page?

          Your portal page is jacked. Delete it and use the built-in one to get it working then worry about your custom page.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • N
            nappy_d
            last edited by

            Thanks for all the input so far however it does not make a difference whether I upload custom portal page or go with what pfSense comes preloaded with, it does not work.

            As soon as the captive portal is disabled, this particular network interface works 100%.  Re-enable the captive portal and internet connection stops.

            Here is the same message that appears even with the default captive portal page

            It also shows that 1 is connected, my mobile phone but never does the portal auth page appear other than when I go to the test preview page..

            ![Screen Shot 2016-01-21 at 8.19.48 PM.png](/public/imported_attachments/1/Screen Shot 2016-01-21 at 8.19.48 PM.png)
            ![Screen Shot 2016-01-21 at 8.19.48 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-01-21 at 8.19.48 PM.png_thumb)
            ![Screen Shot 2016-01-21 at 8.30.15 PM.png](/public/imported_attachments/1/Screen Shot 2016-01-21 at 8.30.15 PM.png)
            ![Screen Shot 2016-01-21 at 8.30.15 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-01-21 at 8.30.15 PM.png_thumb)

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              What version of pfSense is this?

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • N
                nappy_d
                last edited by

                Here is what I am running..

                • Lenovo ThinkCenter M55

                • Second NIC for LAN TP-Link PCI-E 1GigE

                • Sub interface OPT1(vLAN25) used for some home automation gear

                • Sub interface OPT1(vLAN30) to be used for Guest WiFi

                • Version  2.2.6-RELEASE (i386)

                • built on Mon Dec 21 14:50:36 CST 2015

                • FreeBSD 10.1-RELEASE-p25

                • CPU Type Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz

                • 2 CPUs: 1 package(s) x 2 core(s)

                • Unifi AP-LR  connected to Netgear GS108

                • 40GB SSD

                • DHCP on all interfaces are providing leases.

                1 Reply Last reply Reply Quote 0
                • DerelictD
                  Derelict LAYER 8 Netgate
                  last edited by

                  Why are you running i386?

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • N
                    nappy_d
                    last edited by

                    It just happened to be the version I downloaded.  That aside, is this the cause of the issue I am running into?

                    I don't have an issue rebuilding.

                    1 Reply Last reply Reply Quote 0
                    • DerelictD
                      Derelict LAYER 8 Netgate
                      last edited by

                      I don't know. I would try amd64 before trying to find the cause of that.

                      Chattanooga, Tennessee, USA
                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      1 Reply Last reply Reply Quote 0
                      • M
                        muswellhillbilly
                        last edited by

                        @nappy_d:

                        I don't have an issue rebuilding.

                        Sounds like the best solution, though as Derelict suggests, use the amd64 version. I'd also test each step, leaving enabling the captive portal until the end. Use just the default CP page to ensure it's working before you try making any customisations or alterations. Then move on from that and ensure the CP continues working after each change. If it fails at any point, undo the last change you made and work on from there.

                        1 Reply Last reply Reply Quote 0
                        • N
                          nappy_d
                          last edited by

                          64bit is now installed and the same issue exisits.  I am unable to reach the captive portal page.

                          1 Reply Last reply Reply Quote 0
                          • M
                            muswellhillbilly
                            last edited by

                            How are you setting up your captive portal? What settings are you putting in for the authentication server? Are you really running this as a vanilla installation, or are you changing anything at all? Did you go through the steps I suggested in my last post?

                            1 Reply Last reply Reply Quote 0
                            • N
                              nappy_d
                              last edited by

                              @muswellhillbilly:

                              How are you setting up your captive portal? What settings are you putting in for the authentication server? Are you really running this as a vanilla installation, or are you changing anything at all? Did you go through the steps I suggested in my last post?

                              See reply number 6 above.  This is my configuration and there is nothing entered for the authentication server.

                              The instant that I enable a captive portal for OPT1, vLAN30, internet connectivity is lost and the captive portal auth page does not appear.

                              TP-Link PCI-E gigE NIC
                              vLAN1 172.16.0.1 is  the pfSense physical interface
                              vLAN30 172.16.11.1 is a sub interface on the TP-Link

                              1 Reply Last reply Reply Quote 0
                              • M
                                muswellhillbilly
                                last edited by

                                @nappy_d:

                                See reply number 6 above.  This is my configuration and there is nothing entered for the authentication server.

                                So how are you authenticating your users? Are you using local accounts?

                                Might be an idea to post a full screenshot of your captive portal settings.

                                1 Reply Last reply Reply Quote 0
                                • N
                                  nappy_d
                                  last edited by

                                  The current setup is:
                                  UniFi AP setup with 3 vLANS

                                  • vLAN1 my default vLAN and the physical(gig-E NIC) interface 172.16.0.1
                                  • vLAN30(172.16.11.0/24) is a sub-interface on the TP-Link gigE NIC
                                  • on my AP it is configured as open for Guest WiFi
                                  • I have configured one local account on the pfSense called Wifi(with a password).  Added this account to the capitve portal security group

                                  What works

                                  • No rules configured for vLAN30
                                  • connect my phone(or laptop) to the guest ssid
                                  • internet access works 100%
                                    What doesn't work
                                  • no rules configured for vLAN30
                                  • enable captive portal(See settings http://1drv.ms/1SakuBD)
                                  • no more internet access or redirection to the captive portal login page.
                                  1 Reply Last reply Reply Quote 0
                                  • DerelictD
                                    Derelict LAYER 8 Netgate
                                    last edited by

                                    If you have no rules configured interface VLAN30 will not pass any traffic.

                                    Chattanooga, Tennessee, USA
                                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                    1 Reply Last reply Reply Quote 0
                                    • N
                                      nappy_d
                                      last edited by

                                      @Derelict:

                                      If you have no rules configured interface VLAN30 will not pass any traffic.

                                      I have also configured the following rules attached and when configured no traffic passes when the captive portal is enabled.

                                      ![Screen Shot 2016-01-22 at 8.43.25 PM.png](/public/imported_attachments/1/Screen Shot 2016-01-22 at 8.43.25 PM.png)
                                      ![Screen Shot 2016-01-22 at 8.43.25 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-01-22 at 8.43.25 PM.png_thumb)
                                      ![Screen Shot 2016-01-22 at 8.44.40 PM.png](/public/imported_attachments/1/Screen Shot 2016-01-22 at 8.44.40 PM.png)
                                      ![Screen Shot 2016-01-22 at 8.44.40 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-01-22 at 8.44.40 PM.png_thumb)

                                      1 Reply Last reply Reply Quote 0
                                      • DerelictD
                                        Derelict LAYER 8 Netgate
                                        last edited by

                                        If you can't get through the portal you can't get onto the internet. That's kind of the point.

                                        Only passing TCP and UDP you won't be able to ping - that's ICMP. Just use any.

                                        Chattanooga, Tennessee, USA
                                        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                        Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                        1 Reply Last reply Reply Quote 0
                                        • N
                                          nappy_d
                                          last edited by

                                          Point taken on "use any".

                                          I am unfortunately still stuck on not being able to browse the internet from the guest WiFi vLAN when the captive portal is enabled. :(

                                          Now on a 64bit install and same issues.

                                          1 Reply Last reply Reply Quote 0
                                          • DerelictD
                                            Derelict LAYER 8 Netgate
                                            last edited by

                                            Post your CP config. You might have a combination of options that breaks it.

                                            Chattanooga, Tennessee, USA
                                            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                            Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.