Captive portal troubleshooting (no redirect)
-
Hello,
I'm trying to get a captive portal working on a separate network (lets call the interface WIFIGUEST).
- I have a new OPT interface defined, numbered on the network 10.254.254.254.
- Created temporary any/any rule on WIFIGUEST interface.
- Enable Captive Portal.
- Setup vouchers.
- Tried to browse to google (https and http), can't get login screen.
- Tried uploading custom auth page. Click on view displays the login as expected. No redirect from client.
- Reverted to default login screen. No redirect from client.
I'm a bit at a loss as I wasn't able to find any data on what underpins the captive portal. From youtube examples, seems like a simple enable checkbox thing. Logs show that the service is working (?? – no errors). What services/processes should I be looking for? Any specific troubleshooting that should be performed to diagnose the issue?
Thanks.
-
Hi,
- I have a new OPT interface defined, numbered on the network 10.254.254.254.
Ok, why not.
A DHCP server instance is running on this interface ?- Created temporary any/any rule on WIFIGUEST interface.
Great !
While this rule is applied, the counter will show that !
The next rule (hidden !) will block everything.- Enable Captive Portal.
And now its show time.
=> Generic : https://doc.pfsense.org/index.php/Connectivity_Troubleshooting
=> And : https://doc.pfsense.org/index.php/Captive_Portal_TroubleshootingIf all goes well :
Add needed firewall rules. Guest network that only needs an Internet connection use at least '10' rules' (at least, I have).
Test again. not only the "access to the net", but also the rules.Then, and only then:
- Setup vouchers.
… and test them. Tools are present in the GUI.
- Tried to browse to google (https and http), can't get login screen.
https won't work ? That is a good sign. "Internet" would break down right know if that 'worked'. You can not intercept https. You browser will not accept that.
The "http" check should work already because : see above. A simple http://www.google.com.First things first :
Your device, that one you use to connect to the Internet, the one that should show you the login page, did it receive:
A valid IP (from the DHCP server on the OPT1 interface) ?
A gateway (== IP 10.254.254.254)
A DNS (== 10.254.254.254)Now, if everything works great and you have that feeling that you alsoo understood why, then you have the green light to do this :
- Tried uploading custom auth page.
…. From youtube examples, seems like a simple enable checkbox thing.
This is true. But .. using Youtube yo setup a firewall / captive portal ….. I'm not sure.
If you have a dedicated interface (== OPT1) and a pfSense box that is already set up ok, then activating a Portal on OPT1, with a simple "test user" in the Local pfSense user Mananger, some simple firewall rules ..... it might take 5 minutes max.Logs show that the service is working (?? – no errors).
"Captive portal" has its own log.
It's basically showing LOGIN attemps - and disconnects. -
Thank you. Great tips. I ended figuring out my issue. I accidentally defined my entire network in the Allowed IP list not realizing this is a bypass list. All is good, portal comes up.