Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive portal troubleshooting (no redirect)

    Scheduled Pinned Locked Moved Captive Portal
    3 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      deeepdish
      last edited by

      Hello,

      I'm trying to get a captive portal working on a separate network (lets call the interface WIFIGUEST).

      • I have a new OPT interface defined, numbered on the network 10.254.254.254.
      • Created temporary any/any rule on WIFIGUEST interface.
      • Enable Captive Portal.
      • Setup vouchers.
      • Tried to browse to google (https and http), can't get login screen.
      • Tried uploading custom auth page.  Click on view displays the login as expected.  No redirect from client.
      • Reverted to default login screen.  No redirect from client.

      I'm a bit at a loss as I wasn't able to find any data on what underpins the captive portal.  From youtube examples, seems like a simple enable checkbox thing.  Logs show that the service is working (?? – no errors).  What services/processes should I be looking for?  Any specific troubleshooting that should be performed to diagnose the issue?

      Thanks.

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        Hi,

        • I have a new OPT interface defined, numbered on the network 10.254.254.254.

        Ok, why not.
        A DHCP server instance is running on this interface ?

        • Created temporary any/any rule on WIFIGUEST interface.

        Great !
        While this rule is applied, the counter will show that !
        The next rule (hidden !) will block everything.

        • Enable Captive Portal.

        And now its show time.
        => Generic : https://doc.pfsense.org/index.php/Connectivity_Troubleshooting
        => And : https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting

        If all goes well :
        Add needed firewall rules. Guest network that only needs an Internet connection use at least '10' rules' (at least, I have).
        Test again. not only the "access to the net", but also the rules.

        Then, and only then:

        - Setup vouchers.
        
        

        … and test them. Tools are present in the GUI.

        • Tried to browse to google (https and http), can't get login screen.

        https won't work ? That is a good sign. "Internet" would break down right know if that 'worked'. You can not intercept https. You browser will not accept that.
        The "http" check should work already because : see above. A simple http://www.google.com.

        First things first :
        Your device, that one you use to connect to the Internet, the one that should show you the login page, did it receive:
        A valid IP (from the DHCP server on the OPT1 interface) ?
        A gateway (== IP 10.254.254.254)
        A DNS (== 10.254.254.254)

        Now, if everything works great and you have that feeling that you alsoo understood why, then you have the green light to do this :

        • Tried uploading custom auth page.

        …. From youtube examples, seems like a simple enable checkbox thing.

        This is true. But ..  using Youtube yo setup a firewall / captive portal ….. I'm not sure.
        If you have a dedicated interface (== OPT1) and a pfSense box that is already set up ok, then activating a Portal on OPT1, with a simple "test user" in the Local pfSense user Mananger, some simple firewall rules ..... it might take 5 minutes max.

        Logs show that the service is working (?? – no errors).

        "Captive portal" has its own log.
        It's basically showing LOGIN attemps - and disconnects.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • D
          deeepdish
          last edited by

          Thank you.  Great tips.  I ended figuring out my issue.  I accidentally defined my entire network in the Allowed IP list not realizing this is a bypass list.  All is good, portal comes up.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.