Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problems after upgrade to 2.2 in captive portal

    Scheduled Pinned Locked Moved Captive Portal
    7 Posts 3 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      uaxero
      last edited by

      hi.
      first of all to thank for the fabulous work that the team pfsense .

      My problem is this , after upgrading to version 2.2 from 2.1.5 .
      access to captive portal does not work.

      My configuration is as follows .

      the captive portal runs on a dedicated interface with a virtual ip carp ,
      which use as gateway users.

      I have seen that the ip virutal carp is not added to ipfw rules that
      facilitate access to the login page

      this are the ipfw rules that actually i can see

      65310 allow ip from any to { 255.255.255.255 or 10.128.0.7 or 10.128.0.7 }
      in
      65311 allow ip from { 255.255.255.255 or 10.128.0.7 or 10.128.0.7 } to any
      out
      65312 allow icmp from { 255.255.255.255 or 10.128.0.7 or 10.128.0.7 } to
      any out icmptypes 0
      65313 allow icmp from any to { 255.255.255.255 or 10.128.0.7 or 10.128.0.7
      } in icmptypes 8

      the first ip 10.128.0.7 should be 10.128.0.2 wich is the ip virtual carp

      10.128.0.2 –-> ip virtual carp

      10.128.0.7 ---> phisycal ip interface

      I tried to manually put the rules and it works perfectly , but of course,
      this process should be automatic.

      also I have seen that:

      before in version 2.1.5

      em3: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0
      mtu 1500
              options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether xx:xx:xx:xx:xx:xx
              inet 10.128.0.7 netmask 0xffff0000 broadcast 10.128.0.255
              media: Ethernet autoselect (1000baseT <full-duplex>)
              status: active

      lan_vip15: flags=49 <up,loopback,running>metric 0 mtu 1500
              inet 10.128.0.2 netmask 0xffff0000
              carp: MASTER vhid 15 advbase 1 advskew 200

      now in version 2.2

      em3: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0
      mtu 1500
              options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether xx:xx:xx:xx:xx:xx
              inet 10.128.0.7 netmask 0xffffff00 broadcast 10.128.0.255
              inet 10.128.0.2 netmask 0xffffff00 broadcast 10.128.0.255 vhid 15
              nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
              status: active
              carp: BACKUP vhid 15 advbase 1 advskew 0

      this is a possible cause of this issue.

      before in ipfw_context

      captive: em3,lan_vip15,

      now in ipfw zone list

      captive: em3,

      any comment would be fantastic.</full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,promisc,simplex,multicast></up,loopback,running></full-duplex></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,promisc,simplex,multicast>

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        Sorry, 2.23 was ditched for …. let's say: bugs  ;)
        Try 2.2.2.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          There are no CARP virtual interfaces in 2.2.x versions as that's a deprecated concept in FreeBSD 10.x. CP never redirected to CARP IPs as far as I can recall. The gateway IP being CARP doesn't affect the redirect, which is to the interface IP.

          @Gertjan:

          Sorry, 2.23 was ditched for …. let's say: bugs  ;)
          Try 2.2.2.

          huh? No, 2.2.3 is coming out today and is better than 2.2.2 in many ways and worse in none.

          1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan
            last edited by

            @cmb:

            huh? No, 2.2.3 is coming out today and is better than 2.2.2 in many ways and worse in none.

            That goes without saying : 2.2.3 will be better as 2.2.2 ;)

            edit: aha : it's out :

            2.2.2-RELEASE (amd64)
            built on Mon Apr 13 20:10:22 CDT 2015
            FreeBSD 10.1-RELEASE-p9
            Update available. Click Here to view update.

            :)

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • U
              uaxero
              last edited by

              then you mean, that functionality will no longer be present from the 2.2 release?

              thanks

              1 Reply Last reply Reply Quote 0
              • U
                uaxero
                last edited by

                then as I can make high availability of captive portal if the gateway ip of clients is not already virtual?

                thanks

                1 Reply Last reply Reply Quote 0
                • C
                  cmb
                  last edited by

                  @uaxero:

                  then you mean, that functionality will no longer be present from the 2.2 release?

                  No, just saying in that context, lan_vip15 is no longer listed because it no longer exists.

                  You get redirected to 127.0.0.1, not the CARP IP, which is always how things worked. There is no need to do anything with the CARP IP there.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.