Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    I can't get Captive Portal login page in any browser else Firefox

    Captive Portal
    7
    48
    14667
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      computerz_man last edited by

      Why I can't get  Captive Portal login page in any browser else Firefox…
      When client try to use the internet throw Chrome or Internet Explorer browsers he can't get the  Captive Portal login page, but if he try to use firefox, it works fine and get the login page ...?
      What is the problem?

      1 Reply Last reply Reply Quote 0
      • Gertjan
        Gertjan last edited by

        Hi,

        Browser are all the same. Their settings, not.
        pfSense works with all browsers.

        Did you flushed the browser's cache ? No Proxy activated ?

        More help is possible as soon as you start to give more info. From 'here', I can't see what's up.

        No "help me" PM's please. Use the forum.

        1 Reply Last reply Reply Quote 0
        • C
          computerz_man last edited by

          Thank you 'Gertjan' for replying, what's is the information which can help in that?
          There is not proxy and also I flushed the broweser's cache…
          only firefox show the login page but chrome and internet explorer not
          I take a look on internet options in the client side all settings are default  .....

          1 Reply Last reply Reply Quote 0
          • Gertjan
            Gertjan last edited by

            Check your default home page in your browsers.
            If it's a hpps:// make it http://…. example : http://www.google.com

            No "help me" PM's please. Use the forum.

            1 Reply Last reply Reply Quote 0
            • K
              Kriogen last edited by

              The auto-redirect in captive portal doesn't work if the default page that the browser tries to open is a https one.

              1 Reply Last reply Reply Quote 0
              • J
                jetberrocal last edited by

                I have similar problem.  IE does redirect to the CP Login page.

                I have a http site as default home page but still does not work.

                I am testing with IE 8.0 on Windows 2003 Server DC.  I even did a Reset to Factory and selected recommended default settings.

                1 Reply Last reply Reply Quote 0
                • Gertjan
                  Gertjan last edited by

                  @jetberrocal:

                  ….
                  I am testing with IE 8.0 on Windows 2003 Server DC.  I even did a Reset to Factory and selected recommended default settings.

                  A browser on a server edition doesn't "eat" a captive portal like that (mine, on a 2008 R2 did finally, but had to fiddle my OS somewhat - don't recall very wel).
                  Use a vanilla OS like … well, any OS with their navigators except "servers".

                  No "help me" PM's please. Use the forum.

                  1 Reply Last reply Reply Quote 0
                  • Derelict
                    Derelict LAYER 8 Netgate last edited by

                    Eliminate DNS and HTTPS as the problem by trying to open http://10.10.10.10/ in the browsers that will not connect.

                    This could be something like STS making http connections nearly impossible to originate from those browsers to those sites.

                    Chattanooga, Tennessee, USA
                    The pfSense Book is free of charge!
                    DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • J
                      jetberrocal last edited by

                      @Derelict:

                      Eliminate DNS and HTTPS as the problem by trying to open http://10.10.10.10/ in the browsers that will not connect.

                      This could be something like STS making http connections nearly impossible to originate from those browsers to those sites.

                      I do not know what is STS, but tried that address on the Server but still did not got the CP Login redirection.

                      1 Reply Last reply Reply Quote 0
                      • J
                        jetberrocal last edited by

                        @Gertjan:

                        @jetberrocal:

                        ….
                        I am testing with IE 8.0 on Windows 2003 Server DC.  I even did a Reset to Factory and selected recommended default settings.

                        A browser on a server edition doesn't "eat" a captive portal like that (mine, on a 2008 R2 did finally, but had to fiddle my OS somewhat - don't recall very wel).
                        Use a vanilla OS like … well, any OS with their navigators except "servers".

                        Tried with a Win 7.  I get the CP Login redirection but is not displayed, instead gives me a "Diagnose Connection Problems" error page.  The address bar clearly shows the CP Login address.

                        1 Reply Last reply Reply Quote 0
                        • Gertjan
                          Gertjan last edited by

                          @jetberrocal:

                          Tried with a Win 7.  I get the CP Login redirection but is not displayed, instead gives me a "Diagnose Connection Problems" error page.  The address bar clearly shows the CP Login address.

                          At that moment, was was your IP address of the Win 7 PC  ? Who gave it to you (was it pfSEnse who gave it - check wth the pfSense DHCP Lease list and log)
                          What is the gateway IP ? (THis IP should be the one that pfSene uses as the Captive portal).
                          What is / are your DNS ?

                          No "help me" PM's please. Use the forum.

                          1 Reply Last reply Reply Quote 0
                          • J
                            jetberrocal last edited by

                            The WEin 7 PC is a Domain attached computer. The Domain Controller is DC/DNS/DHCP Server.  The PC IP is given by the DC.  The gateway IP is the pfsense server IP.
                            Pfsense DNS is on default configuration.  When CP is off the PC gets the DNS resolution from the DC succesfully. The DC gets the DNS resolution from pfsense also.  I made the IP and the name of the pfsense server an Allowed IP/Host in CP.

                            Some times Chrome does not redirect either when openned.  I have to write in the address bar the http address manually to trigger the CP redirection.  I guess that is because chrome tries to get the home page from its cache.

                            Some time IE redirects to CP Login, but after login it fails with a no connection error.

                            1 Reply Last reply Reply Quote 0
                            • Gertjan
                              Gertjan last edited by

                              @jetberrocal:

                              The WEin 7 PC is a Domain attached computer. The Domain Controller is DC/DNS/DHCP Server.  The PC IP is given by the DC. …...

                              Domain what where ???

                              From what I made of it when pfSEnse + Captive portal was made :
                              An interface (NIC) on which the captive portal is running.
                              A wire from this NIC to a switch.
                              This switch goes to wall-mounted RJ45 plugs (back then, some devices didn't have Wifi build in !) and a bunch of Access Points (wire to radio devices).
                              My visitors bring allong there PC / Pad / Phone / whatever (a basic BJOD).

                              Example : by a NEW Dell portable - Phone or whatever. Unwrap it. Connect to the Wifi network. pfSense portal kick in - and it works.

                              Now, back to your 'domain' (from Microsoft ?) PC. This isn't a typical BJODevice …...

                              Do de test yourself : Your smartphone - the AP and your pfSense portal => That works ....

                              No "help me" PM's please. Use the forum.

                              1 Reply Last reply Reply Quote 0
                              • J
                                jetberrocal last edited by

                                I am currently in testing.  I have a Virtual network of DC and PC in LAN side and pfsense VM with fixed IP on LAN side and WAN DHCP assigned IP.  CP listens in LAN interface. DC (Windows 2003 server) has Firefox, Chrome, and IE 8.0 browsers, PC (Win 7) has Chrome and IE 8.0 browsers.  There are no wifi clients.

                                1 Reply Last reply Reply Quote 0
                                • J
                                  jetberrocal last edited by

                                  Notice that now, when CP Login is shown successfully, after doing the Login the PC fails to ping external sites (www.google.com) like being blocked.  I checked the CP status and the MAC address of the PC is registered successfully and active. So it should not be blocked.

                                  1 Reply Last reply Reply Quote 0
                                  • Gertjan
                                    Gertjan last edited by

                                    @jetberrocal:

                                    Notice that now, when CP Login is shown successfully, after doing the Login the PC fails to ping external sites (www.google.com) like being blocked.  I checked the CP status and the MAC address of the PC is registered successfully and active. So it should not be blocked.

                                    Your portal interface is on an interface - probably named initially OPTx.

                                    Please list the firewall rules (see GUI this time !) and gives us YOUR rules for this interface.
                                    Remember : by default, LAN has ONE rule : let all pass. By default, all other interfacse have ONE hidden rule (the list will be empty) : BLOCK ALL.
                                    Do you let in ICMP ? ("in" because it's from the point of view of the interface).

                                    No "help me" PM's please. Use the forum.

                                    1 Reply Last reply Reply Quote 0
                                    • J
                                      jetberrocal last edited by

                                      I do not have OPT interfaces, only LAN and WAN.  I think ICMP is allowed.  When I have CP off I can ping from inside to outside successfully.  With CP on I can ping the pfsense LAN IP.




                                      1 Reply Last reply Reply Quote 0
                                      • J
                                        jetberrocal last edited by

                                        I notice that I can ping the site which triggered the CP Login not other.

                                        Example. 
                                        I Open browser (Chrome).  The home page fails to load and does not trigger the CP Login.
                                        I write in the address bar a http address (http://www.jetsystemservices.com).  The CP Login is triggered. 
                                        I login successfully and the site is shown.  (External links in the site fails, youtube links)
                                        I go the command prompt in the browser computer and I can ping the www.jetsystemservices.com site. But I cannot ping other address.

                                        It is like CP only allows one address at a time instead of opening all internet.

                                        1 Reply Last reply Reply Quote 0
                                        • Gertjan
                                          Gertjan last edited by

                                          @jetberrocal:

                                          ….
                                          I Open browser (Chrome).  The home page fails to load and does not trigger the CP Login.

                                          Is this the locally build page that doesn't need any 'internet' access -
                                          or
                                          is this a page like http://www.google.com (and NOT https://www.google.com !!! ) that comes from the net ?

                                          @jetberrocal:

                                          ….
                                          I write in the address bar a http address (http://www.jetsystemservices.com).  The CP Login is triggered.

                                          Great !

                                          @jetberrocal:

                                          ….I login successfully and the site is shown.  (External links in the site fails, youtube links)

                                          at that moment, go here https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting
                                          and list us your ipfw rules and tables (what IN these tables)

                                          also, at that moment:
                                          open command prompt
                                          and
                                          ping www.yutoube.com

                                          The URL is resolved ?
                                          The ping replies ? (youtube.com might decide not to reply, that's ok)

                                          No "help me" PM's please. Use the forum.

                                          1 Reply Last reply Reply Quote 0
                                          • J
                                            jetberrocal last edited by

                                            The home page is http://www.google.com

                                            Ping to www.youtube.com does not resolve.

                                            ipfw execution:

                                            ipfw zone list
                                            Currently defined contexts and their members:
                                            2: em1,

                                            ipfw -x 2 table all list
                                            –-table(1)---
                                            192.168.56.100/32 mac 08:00:27:e8:c0:b4 2090
                                            ---table(2)---
                                            192.168.56.100/32 mac 08:00:27:e8:c0:b4 2091
                                            ---table(3)---
                                            192.168.56.1/32 2032
                                            ---table(4)---
                                            192.168.56.1/32 2033
                                            ---table(100)---
                                            192.168.56.1/32 0

                                            ipfw -x 2 show
                                            65291    0      0 allow pfsync from any to any
                                            65292    0      0 allow carp from any to any
                                            65301  99  3978 allow ip from any to any layer2 mac-type 0x0806,0x8035
                                            65302    0      0 allow ip from any to any layer2 mac-type 0x888e,0x88c7
                                            65303    0      0 allow ip from any to any layer2 mac-type 0x8863,0x8864
                                            65307    0      0 deny ip from any to any layer2 not mac-type 0x0800,0x86dd
                                            65310 2320 166643 allow ip from any to table(100) in
                                            65311 2242 298979 allow ip from table(100) to any out
                                            65312    4  1312 allow ip from any to 255.255.255.255 in
                                            65313    0      0 allow ip from 255.255.255.255 to any out
                                            65314    0      0 pipe tablearg ip from table(3) to any in
                                            65315    0      0 pipe tablearg ip from any to table(4) in
                                            65316    0      0 pipe tablearg ip from table(3) to any out
                                            65317    0      0 pipe tablearg ip from any to table(4) out
                                            65318  671 180692 pipe tablearg ip from table(1) to any in
                                            65319  86  16287 pipe tablearg ip from any to table(2) out
                                            65531 1696  82569 fwd 127.0.0.1,8003 tcp from any to any dst-port 443 in
                                            65532 1927 136541 fwd 127.0.0.1,8002 tcp from any to any dst-port 80 in
                                            65533 2939 379068 allow tcp from any to any out
                                            65534 3112 348052 deny ip from any to any
                                            65535    2    955 allow ip from any to any

                                            1 Reply Last reply Reply Quote 0
                                            • J
                                              jetberrocal last edited by

                                              Now I think got worst.

                                              I reinstall pfsense 2.3.1 amd64 from cero, even format the HD to make sure no files remained.  Did not install any package. I set the LAN IP static, WAN IP takes IP from Cable modem DHCP.  I turn off DHCP on LAN interface as the LAN side takes the IPs from the Windows Domain DHCP server.

                                              Added CP zone, with Local Authentication.  HTTPS Login unchecked.  Added the pfsense IP at Allowed IP Addresses.

                                              The Win7 computer access internet as if CP is turn off, is not blocked.

                                              Shell Output - ipfw -x 2 show

                                              65291  0      0 allow pfsync from any to any
                                              65292  0      0 allow carp from any to any
                                              65301  20    776 allow ip from any to any layer2 mac-type 0x0806,0x8035
                                              65302  0      0 allow ip from any to any layer2 mac-type 0x888e,0x88c7
                                              65303  0      0 allow ip from any to any layer2 mac-type 0x8863,0x8864
                                              65307  0      0 deny ip from any to any layer2 not mac-type 0x0800,0x86dd
                                              65310 131  17105 allow ip from any to table(100) in
                                              65311 155  88607 allow ip from table(100) to any out
                                              65312  0      0 allow ip from any to 255.255.255.255 in
                                              65313  0      0 allow ip from 255.255.255.255 to any out
                                              65314 582  80166 pipe tablearg ip from table(3) to any in
                                              65315  0      0 pipe tablearg ip from any to table(4) in
                                              65316  0      0 pipe tablearg ip from table(3) to any out
                                              65317 672 429906 pipe tablearg ip from any to table(4) out
                                              65318  0      0 pipe tablearg ip from table(1) to any in
                                              65319  0      0 pipe tablearg ip from any to table(2) out
                                              65532  0      0 fwd 127.0.0.1,8002 tcp from any to any dst-port 80 in
                                              65533  0      0 allow tcp from any to any out
                                              65534  0      0 deny ip from any to any
                                              65535  0      0 allow ip from any to any

                                              Shell Output - ipfw -x 2 table all list

                                              –-table(3)---
                                              192.168.56.0/24 2000
                                              ---table(4)---
                                              192.168.56.0/24 2001
                                              ---table(100)---
                                              192.168.56.1/32 0

                                              Note: the pfsense IP is 192.168.56.1/24, don't know why table(100) has 192.168.56.1/32

                                              1 Reply Last reply Reply Quote 0
                                              • Gertjan
                                                Gertjan last edited by

                                                @jetberrocal:

                                                …...
                                                ...... I turn off DHCP on LAN interface as the LAN side takes the IPs from the Windows Domain DHCP server.
                                                ......

                                                Added CP zone, ...............

                                                STOP.
                                                While you set up your portal settings, read the foot note.

                                                https://forum.pfsense.org/index.php?topic=111737.msg632639#msg632639

                                                ( => case solved ;) )

                                                No "help me" PM's please. Use the forum.

                                                1 Reply Last reply Reply Quote 0
                                                • J
                                                  jetberrocal last edited by

                                                  @Gertjan:

                                                  @jetberrocal:

                                                  …...
                                                  ...... I turn off DHCP on LAN interface as the LAN side takes the IPs from the Windows Domain DHCP server.
                                                  ......

                                                  Added CP zone, ...............

                                                  STOP.
                                                  While you set up your portal settings, read the foot note.

                                                  https://forum.pfsense.org/index.php?topic=111737.msg632639#msg632639

                                                  ( => case solved ;) )

                                                  OK.  I though that there was a posible work around.

                                                  Not being the case, for my needs CP in pfsense is not a viable solution.  In my case as many others, DHCP and primary DNS must be kept on the Windows Domain Controller.

                                                  1 Reply Last reply Reply Quote 0
                                                  • S
                                                    skron last edited by

                                                    DHCP Relay (and keeping DNS to DC) is not an option?

                                                    1 Reply Last reply Reply Quote 0
                                                    • J
                                                      jetberrocal last edited by

                                                      @skron:

                                                      DHCP Relay (and keeping DNS to DC) is not an option?

                                                      How will I use DHCP Relay?

                                                      My DHCP (DC/DNS) server IP is 192.168.56.10 (static, 255.255.255.0)
                                                      My pfsense IP is 192.168.56.1 (static, 255.255.255.0) in LAN side, WAN is DHCP assign from cable modem. I do not have any other interface.

                                                      1 Reply Last reply Reply Quote 0
                                                      • J
                                                        jetberrocal last edited by

                                                        It happens that I have a client that has a Win Server with AD/DNS but without DHCP because it has a Wifi Router that is doing the DHCP Server role.

                                                        So I can turn on DHCP on pfsense and configure the router to use the pfsense's dhcp.

                                                        How should I configure the pfsense dhcp to register addresses in the AD/DNS?

                                                        Once I get this dhcp running I can turn on CP in pfsense

                                                        1 Reply Last reply Reply Quote 0
                                                        • Derelict
                                                          Derelict LAYER 8 Netgate last edited by

                                                          No idea why you wouldn't just use Windows DHCP in that case.

                                                          Chattanooga, Tennessee, USA
                                                          The pfSense Book is free of charge!
                                                          DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                                                          Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                                          1 Reply Last reply Reply Quote 0
                                                          • J
                                                            jetberrocal last edited by

                                                            @Derelict:

                                                            No idea why you wouldn't just use Windows DHCP in that case.

                                                            I tried Captive Portal with DHCP in the AD, but it did not work.  Also in this thread was directed to the note referred by Gertjan on: June 21, 2016, 04:55:46 am , implying that DHCP must be done by pfsense as CP works correctly.

                                                            It was suggested to use DHCP relay but I do not how could I use that for this situation.

                                                            1 Reply Last reply Reply Quote 0
                                                            • J
                                                              jetberrocal last edited by

                                                              OH! Still does not work.

                                                              I turn dhcp off in the AD server and turn on dhcp on pfsense.  The PC aquired the IP succesfully as can be seen on the dhcp leases in pfsense.

                                                              But chrome does not call the CP login page.

                                                              1 Reply Last reply Reply Quote 0
                                                              • Derelict
                                                                Derelict LAYER 8 Netgate last edited by

                                                                Is the AD DHCP server in the same subnet as your clients? If not you will have to use DHCP relay to get there and put the proper scope in the DHCP Server.

                                                                What happens if you go to http://10.10.10.10/ in chrome?

                                                                Chattanooga, Tennessee, USA
                                                                The pfSense Book is free of charge!
                                                                DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                                                                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                                                1 Reply Last reply Reply Quote 0
                                                                • J
                                                                  jetberrocal last edited by

                                                                  My network is really simple.

                                                                  My LAN is 192.168.56.x, 255.255.255.0
                                                                  AD has static IP 192.168.56.10
                                                                  pfsense has static IP 192.168.56.1
                                                                  DHCP server sets:
                                                                  from 192.168.56.100 to 192.168.56.254
                                                                  DNS = 192.168.56.10
                                                                  Gateway = 192.168.56.1

                                                                  WAN is DHCP assigned by the Cable modem

                                                                  Trying http://10.10.10.10 gives me "took too long to respond" error

                                                                  ipfw zone list
                                                                  Currently defined contexts and their members:
                                                                  2: em1,

                                                                  Shell Output - ipfw -x 2 show

                                                                  65291    0      0 allow pfsync from any to any
                                                                  65292    0      0 allow carp from any to any
                                                                  65301  66  2424 allow ip from any to any layer2 mac-type 0x0806,0x8035
                                                                  65302    0      0 allow ip from any to any layer2 mac-type 0x888e,0x88c7
                                                                  65303    0      0 allow ip from any to any layer2 mac-type 0x8863,0x8864
                                                                  65307    0      0 deny ip from any to any layer2 not mac-type 0x0800,0x86dd
                                                                  65310 1569 143858 allow ip from any to table(100) in
                                                                  65311 1456 434214 allow ip from table(100) to any out
                                                                  65312  13  4327 allow ip from any to 255.255.255.255 in
                                                                  65313    0      0 allow ip from 255.255.255.255 to any out
                                                                  65314    0      0 pipe tablearg ip from table(3) to any in
                                                                  65315    0      0 pipe tablearg ip from any to table(4) in
                                                                  65316    0      0 pipe tablearg ip from table(3) to any out
                                                                  65317    0      0 pipe tablearg ip from any to table(4) out
                                                                  65318  878 108115 pipe tablearg ip from table(1) to any in
                                                                  65319  858 899391 pipe tablearg ip from any to table(2) out
                                                                  65532  282  14933 fwd 127.0.0.1,8002 tcp from any to any dst-port 80 in
                                                                  65533  223  25436 allow tcp from any to any out
                                                                  65534 2141 218858 deny ip from any to any
                                                                  65535    0      0 allow ip from any to any

                                                                  Shell Output - ipfw -x 2 table all list

                                                                  –-table(1)---
                                                                  192.168.56.100/32 mac 08:00:27:e8:c0:b4 2002
                                                                  ---table(2)---
                                                                  192.168.56.100/32 mac 08:00:27:e8:c0:b4 2003
                                                                  ---table(100)---
                                                                  192.168.56.1/32 0

                                                                  Note: The table(100) has 192.168.56.1/32 instead of /24. I have not added any Allow IP nor Allow Host at the zone.

                                                                  1 Reply Last reply Reply Quote 0
                                                                  • Gertjan
                                                                    Gertjan last edited by

                                                                    @jetberrocal:

                                                                    Note: The table(100) has 192.168.56.1/32 instead of /24. I have not added any Allow IP nor Allow Host at the zone.

                                                                    Table 100 contains the IP of the Captive Portal NIC.

                                                                    @jetberrocal:

                                                                    My network is really simple.

                                                                    My LAN is 192.168.56.x, 255.255.255.0
                                                                    AD has static IP 192.168.56.10
                                                                    pfsense has static IP 192.168.56.1
                                                                    DHCP server sets:
                                                                    from 192.168.56.100 to 192.168.56.254
                                                                    DNS = 192.168.56.10
                                                                    Gateway = 192.168.56.1

                                                                    Ok.
                                                                    and what are these setting on the device that you used to :
                                                                    @jetberrocal:

                                                                    Trying http://10.10.10.10 gives me "took too long to respond" error

                                                                    Who is this IP :
                                                                    @jetberrocal:

                                                                    –-table(1)---
                                                                    192.168.56.100/32 mac 08:00:27:e8:c0:b4 2002
                                                                    ---table(2)---
                                                                    192.168.56.100/32 mac 08:00:27:e8:c0:b4 2003
                                                                    ---table(100)---
                                                                    192.168.56.1/32 0

                                                                    ?
                                                                    Table 1 and 2 contain the "logged in users" - so "192.168.56.100" has been logged in successfully.

                                                                    No "help me" PM's please. Use the forum.

                                                                    1 Reply Last reply Reply Quote 0
                                                                    • J
                                                                      jetberrocal last edited by

                                                                      The device I am using for testing is a Win 7 Pro attached to the AD, that is assign an IP by the DHCP.  Since is only one the IP assigned is the first DHCP assign value which is 192.168.56.100.

                                                                      The test device using Chrome sometimes shows the CP Login page and I can logging successfully.  Thus the table shows in this occasion the device MACs.

                                                                      BUT after successful login, the trigger page is shown, but no other page.  The network is broken as if the login were unsuccessful but worst because the CP no longer is trigger.  (I close the browser, and remove/delete the line from the CP status in Diagnostics)

                                                                      I cant ping any Internet address not even resolve the addresses.

                                                                      I thought this was because the DHCP server was in the AD and not the pfsense, but I turn off the dhcp in the AD and activated the dhcp in pfsense and still have the same bad behavior.

                                                                      1 Reply Last reply Reply Quote 0
                                                                      • Gertjan
                                                                        Gertjan last edited by

                                                                        Consider this : if you address your browser to the right pace (the captive portal IP address) you should see the login page.
                                                                        A DHCP server gives more as a IP address for a client-device.
                                                                        It also hands over the gateway (and a DNS, etc), which should be pfSense, and not some other IP.

                                                                        First the gateway is inaccessible, but a browser startup up will be 'captured' by the portal interface. Authentication will make the firewall in front of the portal transparent, and of you go …

                                                                        What is the gateway that your server offers to its clients ?
                                                                        What is the gateway your clients are using ?

                                                                        No "help me" PM's please. Use the forum.

                                                                        1 Reply Last reply Reply Quote 0
                                                                        • J
                                                                          jetberrocal last edited by

                                                                          @Gertjan:

                                                                          Consider this : if you address your browser to the right pace (the captive portal IP address) you should see the login page.
                                                                          A DHCP server gives more as a IP address for a client-device.
                                                                          It also hands over the gateway (and a DNS, etc), which should be pfSense, and not some other IP.

                                                                          First the gateway is inaccessible, but a browser startup up will be 'captured' by the portal interface. Authentication will make the firewall in front of the portal transparent, and of you go …

                                                                          What is the gateway that your server offers to its clients ?
                                                                          What is the gateway your clients are using ?

                                                                          Gateway = 192.168.56.1 (Set by DHCP clients, Set manually for static clients)
                                                                          DNS = 192.168.56.10 (Set by DHCP, , Set manually for static clients)
                                                                          pfsense = 192.168.56.1 (see attach png for pfsense dashboard)

                                                                          ipconfig output:
                                                                          Ethernet adapter Local Area Connection:

                                                                          Connection-specific DNS Suffix  . : jetdom.local
                                                                            Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Desktop Adapter
                                                                            Physical Address. . . . . . . . . : 08-00-27-E8-C0-B4
                                                                            DHCP Enabled. . . . . . . . . . . : Yes
                                                                            Autoconfiguration Enabled . . . . : Yes
                                                                            Link-local IPv6 Address . . . . . : fe80::9990:1817:5cc5:4efb%11(Preferred)
                                                                            IPv4 Address. . . . . . . . . . . : 192.168.56.100(Preferred)
                                                                            Subnet Mask . . . . . . . . . . . : 255.255.255.0
                                                                            Lease Obtained. . . . . . . . . . : Monday, June 27, 2016 11:39:45 AM
                                                                            Lease Expires . . . . . . . . . . : Tuesday, June 28, 2016 8:00:03 PM
                                                                            Default Gateway . . . . . . . . . : 192.168.56.1
                                                                            DHCP Server . . . . . . . . . . . : 192.168.56.1
                                                                            DHCPv6 IAID . . . . . . . . . . . : 235405351
                                                                            DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-8B-C6-D4-08-00-27-E8-C0-B4

                                                                          DNS Servers . . . . . . . . . . . : 192.168.56.10
                                                                            NetBIOS over Tcpip. . . . . . . . : Enabled


                                                                          1 Reply Last reply Reply Quote 0
                                                                          • Gertjan
                                                                            Gertjan last edited by

                                                                            Humm.
                                                                            Can't find anything wrong.

                                                                            When your "192.168.56.100" is logged in - you can check that using the pfSEnse GUI Captive portal Satuts page - or inspecting table '100' using the ipfw show …. test - the barrier "capive-portal-pfsense" will be inexistent for that device ("192.168.56.100") - it's like the captive portal has been shut down for this device.
                                                                            So : my question is : if you shut down the portal function, does the 'internet' access work ?

                                                                            No "help me" PM's please. Use the forum.

                                                                            1 Reply Last reply Reply Quote 0
                                                                            • J
                                                                              jetberrocal last edited by

                                                                              I turn off the zone, and the Internet access started to work.

                                                                              1 Reply Last reply Reply Quote 0
                                                                              • J
                                                                                jetberrocal last edited by

                                                                                To clarify.  The pfsense IP is 192.168.56.1/24, but CP table(100) is register with 192.168.56.1/32.  I dont know why /32.

                                                                                1 Reply Last reply Reply Quote 0
                                                                                • Gertjan
                                                                                  Gertjan last edited by

                                                                                  @jetberrocal:

                                                                                  To clarify.  The pfsense IP is 192.168.56.1/24,

                                                                                  pfSense has an IP on it's LAN - it is 192.168.56.1 (or written as 192.168.56.1/32 ;) )

                                                                                  @jetberrocal:

                                                                                  but CP table(100) is register with 192.168.56.1/32.  I dont know why /32.

                                                                                  It means : This IP only - because the mask is '32'

                                                                                  edit : change the IPv4 firewall rule : remove the source (LAN net) and make it "all"

                                                                                  No "help me" PM's please. Use the forum.

                                                                                  1 Reply Last reply Reply Quote 0
                                                                                  • J
                                                                                    jetberrocal last edited by

                                                                                    Why pfsense  IP is written as 192.168.56.1/32 when the LAN Interface is setup as 192.168.56.1/24

                                                                                    I can't select /32 when setting the interface.

                                                                                    I only have the default firewall rules.  You mean to change the IP4 default rule?
                                                                                    What would be the implication?


                                                                                    1 Reply Last reply Reply Quote 0
                                                                                    • First post
                                                                                      Last post