Upgrade from 2.3.x to 2.4.4, captive portal not working

rdugaue

After updating my sg-1000 captive portal is not working. I've removed and re-added the captive portal on the interface, but no redirects to the login page happen. If I disable cp, I have internet again. Enable, surf to a page, no re-direct to login portal. There's nothing in cp logs that even an attempt was made. And logging all traffic on the interface also shows no traffic. Just to be sure I've also switch authentication to local (was using remote radius auth), no luck. But radius auth works, as I can test that and get back a login okay. So not sure where to start, it was working with 2.3.x before updating.

Gertjan

Hi,

Without knowing anything about your setup, i'll list some basic things to check.

https://www.netgate.com/docs/pfsense/captiveportal/captive-portal.html
This one https://www.netgate.com/docs/pfsense/captiveportal/captive-portal-troubleshooting.html !! as stated, most problems are DNS related.

Take a tour here https://www.youtube.com/watch?v=qb5TDpihnq4&t=103s

kengo

This post is deleted!

seitle

I think i have the same problem and it could be a DNS one.

If i open for example 10.0.1.1 i got redirected to the captive portal login. With, for example, google.com it don't happen.

I am using DNS resolver, DNS Query Forwarding unchecked. Also "DNS Server Override" in general settings is unchecked.

What could the problem be?

Gertjan

@seitle said in Upgrade from 2.3.x to 2.4.4, captive portal not working:

If i open for example 10.0.1.1 i got redirected to the captive portal login.

Exact.
The captive portal is an ordinary web server, and will reply as any other web server with a "login page".

With, for example, google.com it don't happen.

google.com will get resolved. Then the browser will throw out a request using this IP, and probably, because of web browse history, it will use https (port 443) - which, of course, can't be redirected (you can't break ssl).
http://www.google.com will work if the browser - or the certificate Google is using) doesn't "force" https usage.
http://www.google.com:80 should work right away (but is actually rarely needed, except for cripple browsers/devices).

Btw : as soon as a network connection is established - DHCP works - your device obtains an IP and gateway - and the OS (any OS these days) will "test" if it is behind a portal. If so, it will notify you popping a message (Windows) or opening a navigator that opens the portal login page (Mac OS, iOS). Android's : I don't know how they work, but when I see the big number of devices that connect to "my" portal, I guess they detect and work quiet well with the pfSense portal.

free4

@seitle said in Upgrade from 2.3.x to 2.4.4, captive portal not working:

I think i have the same problem and it could be a DNS one.

What could the problem be?

one of the potential problems could come from your own computer

is your computer configured to retrieve DNS servers from DHCP? or did you force your computer to use 8.8.8.8 / 1.1.1.1 like many computer-fanboys?

seitle

@gertjan said in Upgrade from 2.3.x to 2.4.4, captive portal not working:

google.com will get resolved. Then the browser will throw out a request using this IP, and probably, because of web browse history, it will use https (port 443) - which, of course, can't be redirected (you can't break ssl).
http://www.google.com will work if the browser - or the certificate Google is using) doesn't "force" https usage.
http://www.google.com:80 should work right away (but is actually rarely needed, except for cripple browsers/devices).

Btw : as soon as a network connection is established - DHCP works - your device obtains an IP and gateway - and the OS (any OS these days) will "test" if it is behind a portal. If so, it will notify you popping a message (Windows) or opening a navigator that opens the portal login page (Mac OS, iOS). Android's : I don't know how they work, but when I see the big number of devices that connect to "my" portal, I guess they detect and work quiet well with the pfSense portal.

Because i forgot to reply to your posting. Thank your for explanation. That was the solution. A redirect was not possible, because google.com won't accept http because of HSTS (?)

seitle

@free4 said in Upgrade from 2.3.x to 2.4.4, captive portal not working:

is your computer configured to retrieve DNS servers from DHCP? or did you force your computer to use 8.8.8.8 / 1.1.1.1 like many computer-fanboys?

the computer usually uses the pfsense as the dns server (dns resolver). Because of the restriction, not to fall back from https to http of visited sites a redirect was not possible. After someone connects to the network a notification is shown in the browser, to log somebody in. If someone closes this, he wouldn't notice that there is a portal to log in....