Captive portal troubleshooting (no redirect)



  • Hello,

    I'm trying to get a captive portal working on a separate network (lets call the interface WIFIGUEST).

    • I have a new OPT interface defined, numbered on the network 10.254.254.254.
    • Created temporary any/any rule on WIFIGUEST interface.
    • Enable Captive Portal.
    • Setup vouchers.
    • Tried to browse to google (https and http), can't get login screen.
    • Tried uploading custom auth page.  Click on view displays the login as expected.  No redirect from client.
    • Reverted to default login screen.  No redirect from client.

    I'm a bit at a loss as I wasn't able to find any data on what underpins the captive portal.  From youtube examples, seems like a simple enable checkbox thing.  Logs show that the service is working (?? – no errors).  What services/processes should I be looking for?  Any specific troubleshooting that should be performed to diagnose the issue?

    Thanks.



  • Hi,

    • I have a new OPT interface defined, numbered on the network 10.254.254.254.

    Ok, why not.
    A DHCP server instance is running on this interface ?

    • Created temporary any/any rule on WIFIGUEST interface.

    Great !
    While this rule is applied, the counter will show that !
    The next rule (hidden !) will block everything.

    • Enable Captive Portal.

    And now its show time.
    => Generic : https://doc.pfsense.org/index.php/Connectivity_Troubleshooting
    => And : https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting

    If all goes well :
    Add needed firewall rules. Guest network that only needs an Internet connection use at least '10' rules' (at least, I have).
    Test again. not only the "access to the net", but also the rules.

    Then, and only then:

    - Setup vouchers.
    
    

    … and test them. Tools are present in the GUI.

    • Tried to browse to google (https and http), can't get login screen.

    https won't work ? That is a good sign. "Internet" would break down right know if that 'worked'. You can not intercept https. You browser will not accept that.
    The "http" check should work already because : see above. A simple http://www.google.com.

    First things first :
    Your device, that one you use to connect to the Internet, the one that should show you the login page, did it receive:
    A valid IP (from the DHCP server on the OPT1 interface) ?
    A gateway (== IP 10.254.254.254)
    A DNS (== 10.254.254.254)

    Now, if everything works great and you have that feeling that you alsoo understood why, then you have the green light to do this :

    • Tried uploading custom auth page.

    …. From youtube examples, seems like a simple enable checkbox thing.

    This is true. But ..  using Youtube yo setup a firewall / captive portal ….. I'm not sure.
    If you have a dedicated interface (== OPT1) and a pfSense box that is already set up ok, then activating a Portal on OPT1, with a simple "test user" in the Local pfSense user Mananger, some simple firewall rules ..... it might take 5 minutes max.

    Logs show that the service is working (?? – no errors).

    "Captive portal" has its own log.
    It's basically showing LOGIN attemps - and disconnects.



  • Thank you.  Great tips.  I ended figuring out my issue.  I accidentally defined my entire network in the Allowed IP list not realizing this is a bypass list.  All is good, portal comes up.