Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive Portal Problems

    Captive Portal
    2
    4
    739
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      christian.arminio
      last edited by

      Hello,

      I write here because I have an issue that relating Captive Portal .
      After di FW Upgrade of my PFsense Server to 4.2.4 releases, My captive portal has become really unstable and to solve the problem I have the reboot the server .

      I pass some user via CaptivePortal/IP Address Allowed and only this IP are working without auth,
      I have enabled some web site via CaptivePortal/AllowedHostname and also is working .

      Under my captive portal I have some UBNT CPE that required the connection to unms server that is using wss:// protocol and I d like to enable this connection without authentication to check if a client is ready to receive a new account from radius server when is expired .

      My reply is a little bit confused but my questions are :

      • What I can do to check why my captive portal stops to working after some times? (Log shows that user are connected, but they can not surf on the web, ping versus pfsense is ok, if pfsense is rebooted user can reauthenticate and then they have internet again)

      • How I can Enable wss:// into captive portal so ubiquiti cpe can connect to unms server ? (I try to enable the wss:// server hostname, but without success)

      I use PFsense on a dedicated server without virtual machine, before the firmware upgrade everything is fine .
      Now the version is the 4.2.4

      @vuarame as jimp said to enable only a IP to surf on the web without auth you have to add it under Captiveportal/EnabledIPAdd and set like IP_To_enable/32 .

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        @christian.arminio:

        …. PFsense Server to 4.2.4 releases, ....

        I advise you to use the official versions : https://www.pfsense.org/download/

        @christian.arminio:

        • What I can do to check why my captive portal stops to working after some times? (Log shows that user are connected, but they can not surf on the web, ping versus pfsense is ok, if pfsense is rebooted user can reauthenticate and then they have internet again)

        First, use this page : https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting right know, and see the ipfw firewall rules.
        Remember : these are not the GUI rules !!
        See the logged n devices etc (== captive portal users)
        When things go bad, use https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting again, and check if all the rules are still  there.

        If so : from the console, the connection is still ok ?
        You ditched all the packages, right ? (so we're not fighting a "oh, snort blocked them all and I forget to tell that I have a not-correctly installed snort because I thought that that has nothing to do with it" (all this is just an example of course, but you get the picture).

        @christian.arminio:

        Now the version is the 4.2.4

        Really like to see a screen shot of that version  :)

        @christian.arminio:

        @vuarame as jimp said to enable only a IP to surf on the web without auth you have to add it under Captiveportal/EnabledIPAdd and set like IP_To_enable/32 .

        As you said your self :
        @christian.arminio:

        I pass some user via CaptivePortal/IP Address Allowed and only this IP are working without auth,

        Add the IP (and/or MAC on the other list) of your "UBNT CPE" devices.

        I have several basic AP's on my Captive portal network - they are all whitelisted, so the can sync the time, send logs to a syslog server on another LAN segment, etc etc

        Btw : The captive portal is all about IP's and MAC's, and totally not related to protocoles like wss://

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • C
          christian.arminio
          last edited by

          Hello,

          thanks for your reply .
          https://ibb.co/jwx4XR

          I try add my unms server to captive portal portal hostname white list but if the user is not logged unms connections is not possible .

          https://ibb.co/dgj7mm

          I don't know is possible to fix .
          Any advice is really appreciated.

          1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan
            last edited by

            When devices present on the captive portal network segment (OPTx) want to communicate with other devices, present on other LAN segments (LAN or OPTy) you have to add firewall rule(s) on OPTx.

            Example, I have a captiive portal on OPT1, 192.168.2.1/24 and several APs (192.168.2.2, 3, 4 ,5). These APs syslog to a syslog server on my LAN (192.168.1.1/24 using 192.168.1.14). I white-listed the IP's of these APs on the captive portal's setup pages and I setup a firewall rule on OPT1 so these IP's can communicate with an IP on my LAN.

            Using host names (why not IP's ?) is fine, but check if every device, including pfSense can really resolve these domaine names to IP's.

            All this doesn't explain why it could work sometimes, and sometimes it doesn't. I never had to reboot my pfSense to make things work.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.