Can someone please help me get captive portal working?



  • Hello,

    I am attempting to get captive portal to work for my wireless AP. I have my wireless AP set on my OPT1 interface. It is bridged in with my LAN so that I can access my firewall via LAN instead of bridging into WAN. I setup captive portal and enabled it, but no matter what, NONE of my laptops bring up the captive portal page. I allowed port forward into the nat 192.168.1.1:8000 and added firewall rules. I did this to both the LAN, and OPT1 interface to see if I can narrow down the problem. I am a total noob with networking/bsd/firewalls so please help me in dumbass terminology :D.

    What do I need to do to get it working?

    Thx!!!



  • Can anyone advise?????

    I still cannot get CP to work. Very simple problem, just don't know where to go. Google and search isnt doing anything :( I just want it to work!!



  • I also read online that CP will not work on a bridged interface??? How do I get my AP online if its not bridged to WAN or LAN???? Please let me know what I need to apply for firewall/nat rules…. I have a feeling this is what the issue is.



  • Noone knows? A link? Anything???



  • Any solutions?



  • I suggest you start reading what a captive portal is and how it works.
    http://wikipedia.com and http://google.com are good places to start.

    After that you could try to read the docs and howto's.
    http://forum.pfsense.org/index.php/topic,7001.0.html

    Your clients have to be able to resolve DNS requests.
    Either by having pfSense ans primary DNS, or by allowing the IP of your DNS per default for everyone.

    I'm not sure what exactly you did, but you write "I allowed port forward into the nat 192.168.1.1:8000 and added firewall rules."
    and this doesnt make much sense.
    Maybe you could reformulate what you did.

    Also before you try to do anything fancy why not just get it running basically?
    Like allowing anything to anything and create rules that restrict access afterwards.



  • Thank you so much for the reply. I am new to pfsense and know little. I am learning though :/

    Basically all I want to do is have cp auth screen. I will delete my firewall rules if I need too…... I basically have my pfsense setup out of the box accept for openvpn, I have not touched anything else. As far as the DNS settings on my machines that I am connecting to my wireless access point, they are automatic DHCP/DNS through winblows and linux. Yet CP still doesn't work. Do I need to set pfsense to hand my machines out DNS? If so, please let me know how?

    Thanks for the help!! Sorry im such a pain in the butt noob. I want to learn :(

    -Brandon



  • @GruensFroeschli:

    I suggest you start reading what a captive portal is and how it works.
    http://wikipedia.com and http://google.com are good places to start.

    After that you could try to read the docs and howto's.
    http://forum.pfsense.org/index.php/topic,7001.0.html

    I have did this, as well as followed the vid clips. Still doesn't work. Thats why im asking here in the forums. I guess I gotta figure out how to get pfsense to make my clients receive DNS requests. I don't know how to do this, I can try googling.



  • I have successfully setup captive portal on a number of systems and will attempt to help you.

    To setup your opt1 interface without bridging you will need to go to your rules and setup a rule to allow the opt1 interface traffic to the WAN or LAN as desired. In my case I setup a rule that states the interface that it applies to and I set the rule to 'any' this allows the traffic out to the LAN or the WAN.

    Make sure your Optional interface is setup with its own subnet.

    Next you need to go to DHCP and set the range for the optional interface using Opt1's subnet.

    For a test turn off captive portal and make sure you can access the internet from the Optional Inteface. If you can't a website to pull up then you find a ping-able IP on the net and try to ping that if that works then you know you have a DNS problem. If it works then you are ready to configure captive portal.

    Simple test for captive portal is to simply enable it and save the change and then add a user from the users tab.

    P.S. If you use a proxy server for your WAN or your browser is set to use a proxy it will take a special configuration change to get this to work. So if you use a proxy please share that info.



  • Hey,

    I figured out what to do in a way, I disabled bridge mode, and set my subnet for opt1 wifi to 192.168.2.1. What do I need to do to my wireless router? I had it set as an AP and I couldn't get connectivity at all, I reset it last night. How do I need to configure my router? Turn off DHCP? Its a netgear wireless N.

    Fill me in with advise.

    Thx guys!!!



  • If you want your wireless bridged directly to the OPT1 interface then disable DHCP on your Netgear. Then you could connect the Ethernet from OPT1 interface to any of the ports on the back of your netgear wireless N except for the WAN port. This will bridge your Netgear wireless to the OPT1 interface.



  • cool, better understanding now :)

    You say if I want my wireless bridged to the opt1 interface? I thought captive portal will not work on a bridged interface? Let me tell you my setup, I have 3 NIC's in my pfsense box, WAN, LAN, And OPT1 that goes directly into my netgear router. What do I need to bridge this too?

    Do I need another network card or something? Im kinda lost :(

    And also, I know the subnet needs to be changed on the router, but if I set my router as a SOLE AP, I cannot access to the wireless router it all, it gives me a direct connection to my LAN when I had it bridged. Can I configure the subnet through pfsense for my ap at 192.168.2.1?

    Thanks man!!!!!



  • First you need to do these instructions.

    @mcrane:

    I have successfully setup captive portal on a number of systems and will attempt to help you.

    To setup your opt1 interface without bridging you will need to go to your rules and setup a rule to allow the opt1 interface traffic to the WAN or LAN as desired. In my case I setup a rule that states the interface that it applies to and I set the rule to 'any' this allows the traffic out to the LAN or the WAN.

    Make sure your Optional interface is setup with its own subnet.

    Next you need to go to DHCP and set the range for the optional interface using Opt1's subnet.

    For a test turn off captive portal and make sure you can access the internet from the Optional Inteface. If you can't a website to pull up then you find a ping-able IP on the net and try to ping that if that works then you know you have a DNS problem. If it works then you are ready to configure captive portal.

    Simple test for captive portal is to simply enable it and save the change and then add a user from the users tab.

    Plug a computer into your optional interface and see if you can get the DHCP address if you get that then try to get to the internet. Once you know the Optional interface is working then you can move on to the instructions below. Doing everything all at once will keep you from making any progress at all. So do it step by step, verify its working then move on.

    When I said bridging I'm not talking about bridging with pfSense. I was talking about setting up
    your wireless Netgear in a way that makes it work like a switch rather than a firewall of its own.
    So with that in mind look at what I wrote again in the previous post.

    @mcrane:

    If you want your wireless bridged directly to the OPT1 interface then disable DHCP on your Netgear. Then you could connect the Ethernet from OPT1 interface to any of the ports on the back of your netgear wireless N except for the WAN port. This will bridge your Netgear wireless to the OPT1 interface.



  • GREAT information dude!!! Thank you so much. I should have though of even doing this in the first place lol. I am going to plug my laptop into the the opt1 interface to make sure I can even get dhcp. I will fill you in on the results.

    But as far as setting the subnet for the interface, do I do that through pfsense?

    Thanks



  • @mechanicalmetal:

    But as far as setting the subnet for the interface, do I do that through pfsense?

    On PFSense go to the menu 'Interfaces' then to 'Opt1'
    Set 'Bridge with' to none and
    Set the 'IP configuration' to something like 10.2.0.1 / 24 or you could use 192.168.2.1 / 24 your choice on the IP you want.

    Services -> DHCP Server -> Opt1
    And set up a DHCP range for your optional interface.

    Firewall -> Rules -> Opt1 tab
    Action: Pass
    Interface: Opt1
    Protocol: any
    Source: any
    Destination: any
    Description: Opt to Any

    That should be enough to get your Opt1 interface working for a laptop or anything connected to it.


Log in to reply