Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive Portal weirdness - client not being redirected to login page

    Scheduled Pinned Locked Moved Captive Portal
    10 Posts 4 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      Grogorio
      last edited by

      I have a client machine (Ubuntu 16.04) which is not being redirected to the captive portal login page. The only way I can get the redirection to CP login page is by entering 10.10.10.10 in the browser.

      IP and DNS on the client are automatically served from pfSense (2.3.2 i386 nanobsd) and look normal.

      Other clients are being redirected in the expected manner.

      Weird thing is, if I boot the errant machine using a live USB stick, it works as expected. What could be up with it? It's my testing/setup pc so I'd really like to sort it out.  :'(

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Completely up to the client. Nothing to do with the portal.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • G
          Grogorio
          last edited by

          and yet it works perfectly with captive portal disabled, using the DNS specified by pfSense

          1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan
            last edited by

            @Grogorio:

            ….
            Weird thing is, if I boot the errant machine using a live USB stick, it works as expected. What could be up with it? It's my testing/setup pc so I'd really like to sort it out.  :'(

            Using other words : when you change the settings on your machine, it works.
            This pretty well explains what's up  ;D

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • G
              Grogorio
              last edited by

              Well thanks guys, but I'd pretty much worked the WHAT out for myself. What I'm trying to understand is WHY?  ::)

              So far I've traced it to the /etc/resolv.conf part of the client networking and some extra DNS entires my VPN client quietly added there, but I'm still struggling to fix it.

              Even though this appears to boil down to a linux networking issue I still feel it's relevant to this forum, since the problem is only manifest when attempting to connect via a captive portal.

              If I find a fix I will post it, in the meantime any constructive suggestions or insights are welcome

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                If a client is configured (by VPN or whatever) to use DNS servers that are not passed by the captive portal things are not going to work right. That client is going to have to do something like use a browser on 10.10.10.10 to get the portal to come up.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • GertjanG
                  Gertjan
                  last edited by

                  @Grogorio:

                  Even though this appears to boil down to a linux networking issue I still feel it's relevant to this forum, since the problem is only manifest when attempting to connect via a captive portal.

                  If your VPN software changes the routing table, and overrides everything your device gets from DHCP, then yes, classic : a portal (any portal, goto McvDnalds and  it won't work neither) won't work.

                  VPN software 'thinks' that it has a direct Internet connection - establishes a connection to the VPN server - and changes the routing si any traffic goes to this server and now where else.

                  What you can do : DO not start the VPN client at boot - first : login to the Captive portal. Your connecting will be ok. THEN (and only then) launch VPN client.

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  1 Reply Last reply Reply Quote 0
                  • G
                    Grogorio
                    last edited by

                    If a client is configured (by VPN or whatever) to use DNS servers that are not passed by the captive portal things are not going to work right. That client is going to have to do something like use a browser on 10.10.10.10 to get the portal to come up.

                    VPN is definitely NOT active in this case (If my VPN is active, I cannot even connect to pfSense). However I think you are right in the sense that something is up with that VPN.

                    What I tried was removing the VPN nameservers in my /etc/resolv.conf file. Didn't work. However if I replace them with pfSense nameservers it works, but I think it's a bit of a fudge, client shouldn't have to edit system files to get things moving. Seems even when the VPN is not active there is something lurking in the system from the previous session.

                    I would need to investigate further, but need to get back to work and right now I'm just happy it's working again.  ;D

                    1 Reply Last reply Reply Quote 0
                    • DerelictD
                      Derelict LAYER 8 Netgate
                      last edited by

                      Again, all those are client problems and have nothing to do with the captive portal.

                      Chattanooga, Tennessee, USA
                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      1 Reply Last reply Reply Quote 0
                      • J
                        jetberrocal
                        last edited by

                        Have you tried to add the VPNs DNS IPs to the Allowed IP Addresses?

                        If that works then you may request a feature to pfsense CP for having a per MAC address Allowed IP Addresses.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.