Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    I can't get Captive Portal login page in any browser else Firefox

    Scheduled Pinned Locked Moved Captive Portal
    48 Posts 7 Posters 18.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jetberrocal
      last edited by

      I still have CP failing to work normally.

      I need CP with transparent Squid and squidguard, I need CP so squidguard can get the User name to select the group policy instead on general policy.

      I am desperate, please help.

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        @jetberrocal:

        …
        I need CP with transparent Squid and squidguard, I need CP so squidguard can get the User name to select the group policy instead on general policy.
        ...

        This seems a feature request to me.
        I advise you to have a look over here Post a bounty

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • J
          jetberrocal
          last edited by

          According to this threads what I want seems a posible thing:

          https://forum.pfsense.org/index.php?topic=74309.0
          https://forum.pfsense.org/index.php?topic=74572.0

          Squid has CP as Authentication selection so this should work.

          But if CP is not working obviously it can be done.

          I just want to make CP work first.  What I see is that it takes a genius to make CP work.

          1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan
            last edited by

            @jetberrocal:

            ..
            What I see is that it takes a genius to make CP work.

            I'm using pfSense because it has a Captive portal.
            I'm using it for my work, an hotel.
            It works perfectly for meany years now. Check it yourself : https://www.test-domaine.fr/munin/brit-hotel-fumel.net/pfsense.brit-hotel-fumel.net/portalusers.html

            Btw : never used "transparent Squid and squidguard" - I do not know what that is, neither why I should use it.
            I'm a fan of keeping things simple.

            Btw2 : I'm working at a hotel …. so I can do many things, but being a "genius" isn't among them - neither are my clients  ;)

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • J
              jetberrocal
              last edited by

              I am sure that CP works in thousands of installations, but in mine is broken.  I need help to fix it.

              Using CP with Squid and squidguard is a matter for other thread.  I removed squid from my installed packages before asking for help to eliminate the complications for now.

              But the problem persists and I dont know what to do. I already apply the last pfsense update.

              1 Reply Last reply Reply Quote 0
              • J
                jetberrocal
                last edited by

                I think that I found the problem.

                The DNS server was blocked by CP.  I added the DNS IP to the allowed IP list and now the clients are calling CP successfully on all browsers every time.  Only one glitch remains and that is another thread.  Clients work but not the Server.

                1 Reply Last reply Reply Quote 0
                • S
                  slybreiz
                  last edited by

                  @jetberrocal:

                  I think that I found the problem.

                  The DNS server was blocked by CP.  I added the DNS IP to the allowed IP list and now the clients are calling CP successfully on all browsers every time.  Only one glitch remains and that is another thread.  Clients work but not the Server.

                  Hello

                  or did you put your permission for your dns in pfsens e?

                  thank you

                  1 Reply Last reply Reply Quote 0
                  • GertjanG
                    Gertjan
                    last edited by

                    @jetberrocal:

                    …..
                    Shell Output - ipfw -x 2 table all list
                    ....
                    ---table(100)---
                    192.168.56.1/32 0

                    Note: the pfsense IP is 192.168.56.1/24, don't know why table(100) has 192.168.56.1/32

                    Because this is THE DNS (and gateway) exposed to the visitors - it better should be open so info directed to it (TCP, UDP as DNS) passes to the portal.
                    Without it, all breaks down.

                    Your DNS is not pfSense but some domain controller. Ok - seems possible to me, and in that case it's IP (the DNS) should be on the "Ok -> pass list", tab 2 or 3 off the Captive portal settings page.
                    DNS resolution, when connected to the captive portal network, before authenticating, should work.
                    And : your clients should obtain this IP when doing a DHCP request.

                    edit :

                    –-table(3)---
                    192.168.56.0/24 2000
                    ---table(4)---
                    192.168.56.0/24 2001

                    Styrange to see a network range here …. I always saw IP's a.b.c.d/32

                    Important : 2.4.2 uses a new ipfw : commands have been changed.
                    Instead of something like

                    ipfw -x zone1 table all list

                    you just use :

                    ipfw table all list

                    Like :

                    [2.4.2-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: ipfw table all list
--- table(cp_ifaces), set(0) ---
sis0 2100 37325185 24618774112 1512502144
--- table(cpzone1_auth_up), set(0) ---
192.168.2.59/32 10:08:b1:fc:1e:f3 2090 214274 14772741 1512502143
192.168.2.82/32 58:48:22:6d:42:5d 2086 2079 451586 1512501887
192.168.2.89/32 34:e2:fd:8e:fb:ab 2088 51716 2950375 1512502144
192.168.2.125/32 d0:a6:37:9c:a6:18 2094 3657 333132 1512500905
192.168.2.136/32 58:fb:84:7b:ce:97 2084 67268 26306433 1512502120
192.168.2.143/32 8c:f5:a3:82:82:8a 2092 21620 12444173 1512502139
--- table(cpzone1_host_ips), set(0) ---
192.168.2.1/32 0 6659422 231934073 1512502144
--- table(cpzone1_pipe_mac), set(0) ---
 64:80:88:99:9f:6c any 2075 8173 5291629 1512044939
 any 64:80:88:99:9f:6c 2074 7848 2035912 1512044939
--- table(cpzone1_auth_down), set(0) ---
192.168.2.59/32 10:08:b1:fc:1e:f3 2091 307250 344511258 1512502144
192.168.2.82/32 58:48:22:6d:42:5d 2087 2106 1383269 1512501887
192.168.2.89/32 34:e2:fd:8e:fb:ab 2089 96353 139312244 1512502139
192.168.2.125/32 d0:a6:37:9c:a6:18 2095 4692 5860415 1512501180
192.168.2.136/32 58:fb:84:7b:ce:97 2085 79171 38729751 1512502119
192.168.2.143/32 8c:f5:a3:82:82:8a 2093 22295 14812322 1512502116
--- table(cpzone1_allowed_up), set(0) ---
188.165.53.87/32 2084 5889 3757968 1512493220
192.168.2.2/32 2076 590 61194 1512501902
192.168.2.3/32 2078 462 43154 1512501390
192.168.2.4/32 2080 0 0 0
2001:41d0:2:927b::3/128 2084 0 0 0
--- table(cpzone1_allowed_down), set(0) ---
188.165.53.87/32 2085 8453 744349 1512493220
192.168.2.2/32 2077 146 11096 1512501436
192.168.2.3/32 2079 148 11248 1512501390
192.168.2.4/32 2081 0 0 0
2001:41d0:2:927b::3/128 2085 0 0 0

                    cpzone1_auth_up and cpzone1_auth_down contain the info from the devices used by clients:visitors actually logged in - 5 in this case.

                    cpzone1_allowed_up and cpzone1_allowed_down contains IP's of the addresses I entered my self on the related tabs on the captive portal setup page. These have access / are accessible without portal authentication.
                    Note : 192.168.2.2 - 192.168.2.3 -192.168.2.4 are my AP's

                    Table cpzone1_pipe_mac is contains the MAC of a guy I gave direct access without using any authentication.

                    Table cpzone1_host_ips should contain the DNS server for my clients/visitors.

                    Btw : names of tables also changed :

                    [2.4.2-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: ipfw list
01000 skipto tablearg ip from any to any via table(cp_ifaces)
01100 allow ip from any to any
02100 pipe tablearg ip from any to any MAC table(cpzone1_pipe_mac)
02101 allow pfsync from any to any
02102 allow carp from any to any
02103 allow ip from any to any layer2 mac-type 0x0806,0x8035
02104 allow ip from any to any layer2 mac-type 0x888e,0x88c7
02105 allow ip from any to any layer2 mac-type 0x8863,0x8864
02106 deny ip from any to any layer2 not mac-type 0x0800,0x86dd
02107 allow ip from any to table(cpzone1_host_ips) in
02108 allow ip from table(cpzone1_host_ips) to any out
02109 allow ip from any to 255.255.255.255 in
02110 allow ip from 255.255.255.255 to any out
02111 pipe tablearg ip from table(cpzone1_allowed_up) to any in
02112 pipe tablearg ip from any to table(cpzone1_allowed_down) in
02113 pipe tablearg ip from table(cpzone1_allowed_up) to any out
02114 pipe tablearg ip from any to table(cpzone1_allowed_down) out
02115 pipe tablearg ip from table(cpzone1_auth_up) to any layer2 in
02116 pipe tablearg ip from any to table(cpzone1_auth_down) layer2 out
02117 fwd 127.0.0.1,8002 tcp from any to any dst-port 80 in
02118 allow tcp from any to any out
02119 skipto 65534 ip from any to any
65534 deny ip from any to any
65535 allow ip from any to any

                    No "help me" PM's please. Use the forum, the community will thank you.
                    Edit : and where are the logs ??

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.