[Captive portal] Can't get to the login page.

wizencrowd

Thanks for the fast reply

The ethernet adapter virtualbox thing is just a virtual network card from Virtualbox, it is from an virtual machine.

I changed my lan domain to lan.mylocal, do I need to change it in my DNS resolver settings too? Or is there no point of using the resolver.

here is the screenshot ( I don't know how top copy it)

.jpg)
.jpg_thumb)

Gertjan

WAN settings ? ("Block private networks and loopback addresses" checked, or not ?)

Btw : how do you connect to the console ?

wizencrowd

Block private networks and loopback addresses is checked.

The pfsense is installed on a server, on the server I connected a monitor and keyboard.

Gertjan

@wizencrowd:

Block private networks and loopback addresses is checked.

You agree with me that your WAN IP  (192.168.5.10/24, probably obtained by an upstream router) IS a "private network IP" ?
Better remove that check, your WAN is using a private network.

wizencrowd

Ok, I unchecked that. But now I don't know what's wrong… I'm still not getting redirected to the login page. I Can't make an other interface because I don't have an extra network port. So do I need the resolver or not?

Gertjan

@wizencrowd:

Ok, I unchecked that. But now I don't know what's wrong… I'm still not getting redirected to the login page.

Neither do I.

What you should know :
Install a clean pfSEnse.
Accept the default for LAN.
Assign WAN and set it up. Check connectivity to the Internet. (and yes, by default pfSense expects a WAN IP on the WAN interface, a private IP form an upstream router could work,, but … see above)
Add a "captive portal user" in the Local pfSense user manager.
Activate the portal - on LAN should work (the default LAN firewall rule is ok).

At this stadium, the captive portal works.
Your system : it isn't ok.

The question is : what more did you change ?

@wizencrowd:

I Can't make an other interface because I don't have an extra network port.

There is no rush, but keep in mind setting up and exploitation a captive portal (untrusted network) will be easier with a dedicated interface.
Its always advisable to start with easy things, and complicate live afterwards when the basic are understood  ;)

@wizencrowd:

So do I need the resolver or not?

pfSEnse - and you network need a DNS that works.
The default Resolver is just fine.
For some (special ?) scenarios the Forwarder is needed - like - example - for those who want to communicate all DNS traffic to OpenDNS.

wizencrowd

Hello

After a Long time I started working on it again. But I found something strange… I took the server to my home and the captive portal worked perfect there. I got instantly the login page when I connect with the server just like you described. But when I'm doing it now at school it doesn't work. I have the exact same programs and browser... It is so weird. The only way I can get to the login page is with a URL like Google.com. At home it works perfect...

And idea where the problem could be? I thought it was maybe my dns resolver?


Gertjan

Images/settings look fine.

Can you post your LAN firewall rules ?

When a router/firewall works fine at one place (home) and not good elsewhere (work, school) you have a 99 % that settings should be adapted for upstream routers, ISP awkward issues or other 'special' (read : not 'normal') issues.

Btw - not realted, but : why choosing 192.168.1.100 as a gateway IP - in the middle of the range ?
What's wrong with 192.168.1.1 or 192.168.1.254 if you have to. Leaving everything from start (.1) to end (.253) when /24 for the DHCP pool and static devices.

wizencrowd

I took a screenshot from the firewall Rules. I never changed something there so maybe that is the problem.

I took that as default gateway because 192.168.1.1 is the default gateway. But I'll change it to 192.168.1.254. Thanks for the note!


wizencrowd

I don't know that this is the porblem but I noticed it. Does the DNS field need to be empty? (Screenshot attached)

I did an Ipconfig /all in cmd and is the DNS normal? Shoudln't it be 192.168.1.100.?

C:\Users\Cédric>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : DESKTOP-BVILFUI
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : lan.mylocal

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : lan.mylocal
   Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connection
   Physical Address. . . . . . . . . : 80-C1-6E-F3-E0-C5
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::242d:b758:ed7b:8946%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.102(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : woensdag 21 maart 2018 9:27:36
   Lease Expires . . . . . . . . . . : woensdag 21 maart 2018 11:22:19
   Default Gateway . . . . . . . . . : 192.168.1.100
   DHCP Server . . . . . . . . . . . : 192.168.1.100
   DHCPv6 IAID . . . . . . . . . . . : 58769774
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-21-5D-11-A5-80-C1-6E-F3-E0-C5
   DNS Servers . . . . . . . . . . . : 192.168.1.100
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VirtualBox Host-Only Network:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
   Physical Address. . . . . . . . . : 0A-00-27-00-00-0C
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::ece7:22f2:9ed:e6c1%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 403308583
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-21-5D-11-A5-80-C1-6E-F3-E0-C5
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{A790479C-BEFB-467D-829C-2399C5193B24}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.lan.mylocal:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : lan.mylocal
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes


Gertjan

Exact, no need to fill that field.

Don't need to check the next field neither : "DNS Server Override". For a solid, secure DNS functionality you could use what Internet is offering since the day it was born : use the root DNS **.
pfSense uses a Resolver out of the box. Keep it that way.

** except, of course, if your ISP wants you to use its DNS servers (and blocks all other "port 53 request" to other destination) then you are out of luck. Consider ditching the ISP.

wizencrowd

Is this A problem?