Enable captive portal can't solv dns (need help)

ccsniper

when i enable captive portal service and pass authen but clients can't solv dns and access to internet .
,when i test stop service captive portal clients able to solv dns and access to internet  :'(

enyone can help me

thank you for advance

GruensFroeschli

Add on the captive portal page a "Allowed IP addresses" entry with as destination the DNS server of the clients.
Alternatively set your clients to use pfSense as DNS.

Gertjan

@GruensFroeschli:

Alternatively set your clients to use pfSense as DNS.

I just checked this, and after a ipconfig /all, I saw that my DNS is set to the IP of the portal server (pfsense = 192.168.2.1 in my case).
I think I didn't take anything of the default values, concerning pfsense.

It seems rather logic to me that wireless (portal) connections always should use DHCP, which will inform the client PC with all the needed settings, like IP, mask, gateway, DNS, DHCP, time server, etc.

That a simple "www.going-some-where.com" doesn't work right away doesn't mather, because it will be redirected to the 192.168.2.1:8000/…... (in my case) portal page anyway.
After auth, the URL will be re-writen with "www.going-some-where.com" and all ports are open to that client.

ccsniper

@GruensFroeschli:

Add on the captive portal page a "Allowed IP addresses" entry with as destination the DNS server of the clients.
Alternatively set your clients to use pfSense as DNS.

ok .i let "allowed ip address " at service captive protal page but it's still not work. (able to authen but could not to receive data)

I test ping to outside netwok (such as yahoo , google) from Diagnostics page , the server able to ping and solv dns success both wan - lan inetrface.
but,when i test ping from my clients i receive request timed out.

(my clients point gateway-DNS  to pfsense server and use default firewall rule )

Gertjan

A couple of question:

CP running from an OPTx interface ? or are you using a Wifi network card ?
Is the client PC using DHCP ? and, are you receiving an IP from the "CP" Interface ?
How do you connect to the "CP" interface ? If it's a simple network card (i.e. OPT1) you can use a classic network cable (crossed if from OPTx directly to client PC).
Do you see the login page ?
Do you use the local user manager ? (Skipping Radius for now)

What does the Status->Captive portal says ?
What does the Status->system logs->Portal auth says ?

ccsniper

@Gertjan:

A couple of question:

CP running from an OPTx interface ? or are you using a Wifi network card ?
Is the client PC using DHCP ? and, are you receiving an IP from the "CP" Interface ?
How do you connect to the "CP" interface ? If it's a simple network card (i.e. OPT1) you can use a classic network cable (crossed if from OPTx directly to client PC).
Do you see the login page ?
Do you use the local user manager ? (Skipping Radius for now)

What does the Status->Captive portal says ?
What does the Status->system logs->Portal auth says ?

• i use lan interface for CP service by default  and assign  DHCP service for my clients , my clients received ip / GW-DNS point to pfsense server.
• i check CP status is running  and see login page and passed authen.
• i use local authen.
• log in session found at CP status.
• when i disable CP service my clients able to access to internet and solv dns normally (use pfsense as GW and DNS)

this is CP log able to log  in-out
Sep 1 20:45:51 logportalauth[378]: LOGOUT: test, 00:1f:c6:c4:68:c0, 192.168.21.250
Sep 1 20:45:58 logportalauth[378]: LOGIN: test, 00:1f:c6:c4:68:c0, 192.168.21.250

thank you for advance    :-[

Gertjan

So, your CP is running from LAN.

What are the LAN firewall rules ?

Is it possible that you run CP from it's own OPT1 interface ? (another thread is going on right now about troubles running CP from LAN ….)
I would say : CP is meant to be running from OPTx, not from the network card 'LAN'.
I'm using the CP now for 3 years (LAN = compagny, CP = non trusted clients - I use pfsense for a hotel, with the classic setup)

ccsniper

@Gertjan:

So, your CP is running from LAN.

What are the LAN firewall rules ?

Is it possible that you run CP from it's own OPT1 interface ? (another thread is going on right now about troubles running CP from LAN ….)
I would say : CP is meant to be running from OPTx, not from the network card 'LAN'.
I'm using the CP now for 3 years (LAN = compagny, CP = non trusted clients - I use pfsense for a hotel, with the classic setup)

ok.i'm let enable CP on OPT1 interface it's work. ;)
thank you for advance