[Captive portal] Can't get to the login page.
-
This is what I got from my guest pc with ipconfig /all:
Microsoft Windows [Version 10.0.14393] (c) 2016 Microsoft Corporation. Alle rechten voorbehouden. C:\Users\Cédric>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : DESKTOP-BVILFUI Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : captiveportal.com Ethernet adapter VirtualBox Host-Only Network: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter Physical Address. . . . . . . . . : 0A-00-27-00-00-0B DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::3c27:eb32:821d:fd1a%11(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : DHCPv6 IAID . . . . . . . . . . . : 403308583 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-21-5D-11-A5-80-C1-6E-F3-E0-C5 DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1 fec0:0:0:ffff::2%1 fec0:0:0:ffff::3%1 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Ethernet: Connection-specific DNS Suffix . : captiveportal.com Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connection Physical Address. . . . . . . . . : 80-C1-6E-F3-E0-C5 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::242d:b758:ed7b:8946%12(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.102(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : woensdag 7 februari 2018 8:34:10 Lease Expires . . . . . . . . . . : woensdag 7 februari 2018 10:34:09 Default Gateway . . . . . . . . . : 192.168.1.100 DHCP Server . . . . . . . . . . . : 192.168.1.100 DHCPv6 IAID . . . . . . . . . . . : 58769774 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-21-5D-11-A5-80-C1-6E-F3-E0-C5 DNS Servers . . . . . . . . . . . : 192.168.1.100 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter isatap.captiveportal.com: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : captiveportal.com Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{A790479C-BEFB-467D-829C-2399C5193B24}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:453:f4f6:ab3b:cc2f(Preferred) Link-local IPv6 Address . . . . . : fe80::453:f4f6:ab3b:cc2f%15(Preferred) Default Gateway . . . . . . . . . : :: DHCPv6 IAID . . . . . . . . . . . : 520093696 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-21-5D-11-A5-80-C1-6E-F3-E0-C5 NetBIOS over Tcpip. . . . . . . . : DisabledThis is what I got when I pinged to test-domaine.fr.
C:\Users\Cédric>ping test-domaine.fr Pinging test-domaine.fr [5.196.43.182] with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 5.196.43.182: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)My image:
The domain Guest.com is not mine, But what can I use then? What do I need to use then because I have no domain?
And about the interface, I don't have extra network ports so I can't assign a new interface. Or Can I do it without?
The Ip that I filled in on the picture should be my default gateway? I thought it was the Ip of my pfsense server(LAN Ip).
Already Thanks for spending so much time to help with my problem. And I'm sorry if I make stupid mistakes but it's the first time that I do stuff like this. :)
-
C:\Users\Cédric>ping test-domaine.fr Pinging test-domaine.fr [5.196.43.182] with 32 bytes of data:No replies, that's ok, but DNS works - test-domaine.fr resolved to 5.196.43.182 which is ok.
Not related, but I don't understand why you chose 192.168.1.100 as your IP LAN pfSense. Keep it on 192.168.1.1/24 and only remove it from there if you understand the impact.
What is this :
Ethernet adapter VirtualBox Host-Only Network?
Ethernet adapter Ethernet: Connection-specific DNS Suffix . : captiveportal.comI guess you do not own this domain neither : captiveportal.com
It belongs to some one on the Internet.
Visit System => General Setup and look for "domain" - ready carefully what has been said there. Name your LAN domain like "lan.mylocal" - only use domain name that you own - or one that does not exist on the net.What are your LAN firewall rules ?
WAN settings ?
(just copy this screen and/or mention everything you took from default:)Using username "admin". Authenticating with public key "rsa-key-20150201" Passphrase for key "rsa-key-20150201": pfSense - Netgate Device ID: 20cc46df89385827e0897 *** Welcome to pfSense 2.4.2-RELEASE-p1 (amd64) on pfsense *** WAN (wan) -> rl0 -> v4/DHCP4: 192.168.10.11/24 LAN (lan) -> fxp0 -> v4: 192.168.1.1/24 v6: 2001:470:1f13:5c4:2::1/64 PORTAL (opt1) -> sis0 -> v4: 192.168.2.1/24 HENETV6 (opt2) -> gif0 -> v6: 2001:470:1f12:5c4::2/128 OPT3 (opt3) -> ovpns1 -> v4: 192.168.3.1/24 v6: 2001:470:ccba:2::1/64 0) Logout (SSH only) 9) pfTop 1) Assign Interfaces 10) Filter Logs 2) Set interface(s) IP address 11) Restart webConfigurator 3) Reset webConfigurator password 12) PHP shell + pfSense tools 4) Reset to factory defaults 13) Update from console 5) Reboot system 14) Disable Secure Shell (sshd) 6) Halt system 15) Restore recent configuration 7) Ping host 16) Restart PHP-FPM 8) Shell Enter an option:You are testing with de default, build in login portal pages, right ?
Btw : I really, really advise you to look for a old unused PC (billions exist) with an extension slot that works.
Slide in a dual - preference Intel double NIC card (a couple of $) - and use the third interface called OPT1 as the captive portal interface.
You are not working on a home setup, but for a school. -
Thanks for the fast reply
The ethernet adapter virtualbox thing is just a virtual network card from Virtualbox, it is from an virtual machine.
I changed my lan domain to lan.mylocal, do I need to change it in my DNS resolver settings too? Or is there no point of using the resolver.
here is the screenshot ( I don't know how top copy it)
.jpg)
.jpg_thumb) -
WAN settings ? ("Block private networks and loopback addresses" checked, or not ?)
Btw : how do you connect to the console ?
-
Block private networks and loopback addresses is checked.
The pfsense is installed on a server, on the server I connected a monitor and keyboard.
-
Block private networks and loopback addresses is checked.
You agree with me that your WAN IP (192.168.5.10/24, probably obtained by an upstream router) IS a "private network IP" ?
Better remove that check, your WAN is using a private network. -
Ok, I unchecked that. But now I don't know what's wrong… I'm still not getting redirected to the login page. I Can't make an other interface because I don't have an extra network port. So do I need the resolver or not?
-
Ok, I unchecked that. But now I don't know what's wrong… I'm still not getting redirected to the login page.
Neither do I.
What you should know :
Install a clean pfSEnse.
Accept the default for LAN.
Assign WAN and set it up. Check connectivity to the Internet. (and yes, by default pfSense expects a WAN IP on the WAN interface, a private IP form an upstream router could work,, but … see above)
Add a "captive portal user" in the Local pfSense user manager.
Activate the portal - on LAN should work (the default LAN firewall rule is ok).At this stadium, the captive portal works.
Your system : it isn't ok.The question is : what more did you change ?
I Can't make an other interface because I don't have an extra network port.
There is no rush, but keep in mind setting up and exploitation a captive portal (untrusted network) will be easier with a dedicated interface.
Its always advisable to start with easy things, and complicate live afterwards when the basic are understood ;)So do I need the resolver or not?
pfSEnse - and you network need a DNS that works.
The default Resolver is just fine.
For some (special ?) scenarios the Forwarder is needed - like - example - for those who want to communicate all DNS traffic to OpenDNS. -
Hello
After a Long time I started working on it again. But I found something strange… I took the server to my home and the captive portal worked perfect there. I got instantly the login page when I connect with the server just like you described. But when I'm doing it now at school it doesn't work. I have the exact same programs and browser... It is so weird. The only way I can get to the login page is with a URL like Google.com. At home it works perfect...
And idea where the problem could be? I thought it was maybe my dns resolver?
 -
Images/settings look fine.
Can you post your LAN firewall rules ?
When a router/firewall works fine at one place (home) and not good elsewhere (work, school) you have a 99 % that settings should be adapted for upstream routers, ISP awkward issues or other 'special' (read : not 'normal') issues.
Btw - not realted, but : why choosing 192.168.1.100 as a gateway IP - in the middle of the range ?
What's wrong with 192.168.1.1 or 192.168.1.254 if you have to. Leaving everything from start (.1) to end (.253) when /24 for the DHCP pool and static devices. -
I took a screenshot from the firewall Rules. I never changed something there so maybe that is the problem.
I took that as default gateway because 192.168.1.1 is the default gateway. But I'll change it to 192.168.1.254. Thanks for the note!
 -
I don't know that this is the porblem but I noticed it. Does the DNS field need to be empty? (Screenshot attached)
I did an Ipconfig /all in cmd and is the DNS normal? Shoudln't it be 192.168.1.100.?
C:\Users\Cédric>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : DESKTOP-BVILFUI Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : lan.mylocal Ethernet adapter Ethernet: Connection-specific DNS Suffix . : lan.mylocal Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connection Physical Address. . . . . . . . . : 80-C1-6E-F3-E0-C5 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::242d:b758:ed7b:8946%13(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.102(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : woensdag 21 maart 2018 9:27:36 Lease Expires . . . . . . . . . . : woensdag 21 maart 2018 11:22:19 Default Gateway . . . . . . . . . : 192.168.1.100 DHCP Server . . . . . . . . . . . : 192.168.1.100 DHCPv6 IAID . . . . . . . . . . . : 58769774 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-21-5D-11-A5-80-C1-6E-F3-E0-C5 DNS Servers . . . . . . . . . . . : 192.168.1.100 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter VirtualBox Host-Only Network: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter Physical Address. . . . . . . . . : 0A-00-27-00-00-0C DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::ece7:22f2:9ed:e6c1%12(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : DHCPv6 IAID . . . . . . . . . . . : 403308583 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-21-5D-11-A5-80-C1-6E-F3-E0-C5 DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1 fec0:0:0:ffff::2%1 fec0:0:0:ffff::3%1 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter isatap.{A790479C-BEFB-467D-829C-2399C5193B24}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.lan.mylocal: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : lan.mylocal Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Teredo Tunneling Pseudo-Interface: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes
 -
Exact, no need to fill that field.
Don't need to check the next field neither : "DNS Server Override". For a solid, secure DNS functionality you could use what Internet is offering since the day it was born : use the root DNS **.
pfSense uses a Resolver out of the box. Keep it that way.** except, of course, if your ISP wants you to use its DNS servers (and blocks all other "port 53 request" to other destination) then you are out of luck. Consider ditching the ISP.
-
Is this A problem?
