Captive Portal turned on but not working

  • I have problem, I was turn on Captivate Portal on VLAN but it allows all users to internet without asking any username or password.
    I Use Local User Manager, I have defined login and error page, I have enabled DHCP and DNS forwarding.
    Did somebody give me advice where I found solution.

    Thank you.

  • I have the same issue but with a radius server. I upgraded to 1.2.1 and it hasnt worked sense. I have tried disableing captive portal, re-enabling it, using local authentication, and tried openeing up the firewall rules to allow captive portal out with no fw rules. Im a little lost at this point too…

  • I can confirm this issue as well. I'm still using 1.2.1-RC something…

    I've got a feeling it'll work without VLANS but I can't test it right now.

  • Same problem here.

    …I really don't want to down-grade.

  • Same problem here. Have been using this fine in production on v1.2 with several VLANS.

    After upgrading to v1.2.1, CP stopped working/forcing users to authenticate.

    Users on that VLAN interface with the Captive Portal are able to use the network without authenticating. This does not prevent them, however, from logging in by manually visiting the CP login page.

  • Anyone know if 1.2.2 fixes this issue? I didn't see anything about it on the fixes page…

  • Still not working 1.2.2.

  • Works for me, but the only VLAN install I have handy and can experiment with is on 2.0. I would expect it to work the same though, as the only difference related to CP between 1.2 and 1.2.1/1.2.2 is the FreeBSD version change. I know CP works on 1.2.1/1.2.2 without VLANs.

  • Thanks for the help,

  • There is something going on with ipfw and VLANs, which is leaving CP and VLANs inoperable. I checked out an affected system, and it isn't going to be straight forward to figure out. The traffic is matching ipfw rules on a different VLAN interface for some reason. All the underlying configuration is completely correct, so there seems to be some sort of bad interaction between ipfw and VLANs in FreeBSD 7.0.  I won't have time to resolve it immediately, but it's on my todo list for sometime in the next week.

  • Someone who can replicate this - please try a 1.2.3 snapshot from here:

    And report back on whether you can still duplicate this. Odd thing is, there are installs with VLANs and CP on 1.2.2 that do work fine.

    1.2.3 is currently FreeBSD 7.1, and I'm curious if that makes any difference. 1.2.2 uses the same CP as 2.0, and it works fine in 2.0. The only significant difference there is 2.0 has been FreeBSD 7.1 for a while and 1.2.2 is 7.0.

  • …just upgraded and when I click the captive portal section in the gui I get this:

    Parse error: syntax error, unexpected '[', expecting T_VARIABLE or '$' in /usr/local/www/services_captiveportal.php on line 515

  • @mrguitar:

    …just upgraded and when I click the captive portal section in the gui I get this:

    Parse error: syntax error, unexpected '[', expecting T_VARIABLE or '$' in /usr/local/www/services_captiveportal.php on line 515

    Same here.
    The error on line 86 (index.php) disappeared - this one is new.
    (Just upgraded to 1.2.3)

    Edit : Humm, open  /usr/local/www/services_captiveportal.php in any descent editor like vi and goto line 515 - change this





  • Thanks Gertjan,

    I added the 'g' variable and the page loads now. However I'm into "business hours" so testing is a little difficult. I should have something to test in a couple of hours. One thing I've noticed is that I'm running the CP on a vlan, and the setup page has a link to view the current CP page. That link is pointing to LANIP:8000 shouldn't it be VLANIP:8000?

    The current setting would make sense for a test page, but it doesn't load.

    Again, I should be able to report something soon.

  • That problem with product_name is fixed now.

  • OK I finally had time to test this and the CP doesn't work w/ VLANs. :(
    Everything appears to be identical to 1.2.2.

  • VLAN's & CP are working for me with "1.2.3-PRERELEASE-TESTING-VERSION built on Thu Feb 19 21:52:48 EST 2009".


  • Slam, are you using Authentication on your CP? (if so what type)?

    I've been trying to get this working for a little while with mixed success - but my success seems to vary depending on authentication type…

    • As I've never had CP working and am fairly new to pfSense there is every chance its something on my network, or something I'd doing causing my issues, but its nice to hear it is working for someone - I'll upgrade asap.

  • I am using local authentication for CP at the moment, I will test authentication against freeradius thats sitting on a dmz'd vlan sometime later this week.

    I recommend upgrading to pfs 1.2.3, it has fixed many of the issues Ive had in the past, hopefully it'll fix yours.


  • There are some issues with VLANs and CP under some specific circumstances - but I don't know what those circumstances are. Haven't had time to look at it, and I can't personally replicate it. It works fine for quite a few people, but there are at least a handful who it doesn't work for. It's not related to authentication settings or authenticated vs. non-authenticated, those who see this don't even get the portal screen, it just gets passed through.

  • I had time to upgrade to 1.2.3-PRERELEASE-TESTING-VERSION built Feb 7 and am still having the problem. I started with a fresh config and built it from scratch to make sure it wasnt an issue with my backup…


  • I had time last night to setup and test 1.2.3-PRERELEASE-TESTING-VERSION built on Sat Mar 7 09:51:09 EST 2009 with Captive Portal on one of my VLANs - I'm seeing the same issue others have reported where its just allowing direct access to the internet…  I'll trying to do some more testing and report back with any additional info (just to make sure its not me).

    Not sure if its any help, but...
    I'm using the embedded version with Alix hardware. I'm using VLAN tags 3, 8 and 10 (CP is running on vlan tag 10).  They are all VLANs on the LAN interface and the LAN interface is
    configured with a network / IP but its not really used. The rest of the VLAN functionality seem to be working correctly.

  • Provide this output:

    ipfw list
    sysctl net.inet.pfil

  • Having failed to get it working, I had to go for an alternative config, I'll try and set it up again and post the config. 
    Unfortunately this is at a charity where I just help out in my own time so it may take me a few days to sort.

    Thanks for your help.

  • What is the status on these issues?

    I am planing on a major reconfiguration and will probably use only VLAN internally and need to know it's working. And I will also use captive portal and it will surely be on a VLAN interface.

    Also, it's apparent reading through different areas in the forum that 1.2.2 seems to have broken a lot of stuff, I've seen a number of posts dealing with packages that no longer works after 1.2.2 upgrade etc and I have personally experienced (and reported) a number of problematic package issues on 1.2.2.


  • ermal -
    Where do I need to input this into to get the info you need the shell? Do I enter each line individually or all together as one? Sorry for the newb question….


  • I'm having pretty much this same behavior, but in 1.2-RELEASE with no vlan's as stated in my thread from a few days ago.  Maybe there's something else at play here?

  • Just give the output of the commands i have asked above.

  • The problem arises when you use the untagged interface at the same time as a tagged one… ipfw forwards the packet for the untagged interface witch contains the tagged interface.