Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No Auth Page

    Scheduled Pinned Locked Moved Captive Portal
    5 Posts 4 Posters 861 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • deuceD
      deuce
      last edited by

      I have 2.4.3-RELEASE-p1 on a Netgate SG-3100.

      I have a VLAN1 (if: mvneta1) 10.47.101.0/24
      I have a VLAN20  (if: mvneta1.20) 10.47.201.0/24

      The LAN is connected to a EdgeSwitch, vlan1 untagged/vlan20 tagged.
      The EdgeSwitch is connected to a Ubiquiti AP Pro, Regular SSID untagged/Guest WiFi tagged 20.

      The regular SSID on the VLAN1 works fine, resolves fine, pings gateway fine, peachy.
      The guest SSID on the VLAN20 does not ping the gateway (10.47.201.1), but it DOES get internet/resolve fine.

      When I turn on the Captive Portal the device connects, and tries to connect to 10.47.201.1:8002 to get the Auth Page.
      As it cannot connect to the 10.47.201.1, obviously this is the reason for no auth page.

      If I put the MAC in override, it works fine, even with the Captive Portal enabled.

      It appears that my problem is that it cannot directly connect to the gateway at 10.47.201.1 but I for the life of me cannot figure out why.

      NAT is on automatic, though it didn't change when I put manual entries in.
      Firewall Rule on the mvneta1.20 VLAN IF allows all protocols/ports to pass
      Routing tables show 10.47.201.0/24 to netif mvneta1.20 as well as 10.47.201.1 to lo0

      What am I missing? Why can't my devices connect to the gateway/auth page?

      Thanks in advance.

      1 Reply Last reply Reply Quote 0
      • G
        Gloom
        last edited by

        Silly question but have you put rules in place to allow the connections to the interface on VLAN20 from the subnet?

        Never underestimate the power of human stupidity

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          @Gloom:

          Silly question but have you put rules in place to allow the connections to the interface on VLAN20 from the subnet?

          Post those rules.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan
            last edited by

            @deuce:

            ….
            What am I missing? Why can't my devices connect to the gateway/auth page?

            Don't worry, you are not the only one.
            It happens more and more : people try to the use the captive portal (not a straight forward, very known function, but, it actually works after 60 seconds of your "setup time") but then things go down-hill fast : they are used a virtual environment and to make sure that the chance that it works right away is completely obliterated : the are using VLAN's from day one.

            I tend to say :
            No VLAN's
            No Virtual thing.
            Just a box loaded with pfSense, and if you have to, activate the portal on LAN, if not, make your live even more easier : use a dedicated interface for the captive portal.
            If everything works after some time and many tests : call it a day.
            The nest day, add a complexity like VLAN's.
            Make it work again. Repeat the whole process.
            Etc.
            Finally, if you feel up to it, add another layer : "virtual" the whole thing.

            An approach like this worked great in the old days. When things started to "not work", we knew when it happens, and very shortly after that, also why. Btw, the small gap between these points was called "learning process"  ;)

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • deuceD
              deuce
              last edited by

              @Gloom:

              Silly question but have you put rules in place to allow the connections to the interface on VLAN20 from the subnet?

              Hrm What do you mean? Should I need an additional rule besides the Firewall Rule on the mvneta1.20 VLAN IF that allows all protocols/ports to pass?

              This is the only rule I have in that IF:

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.