Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Windows 10 Voucher authentication page reappears after entering correct and valid voucher

    Captive Portal
    3
    9
    744
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Snailkhan last edited by

      Hi,
      I have Captive portal that is working fine with andorid/ios/Winodw7-8.1. However on windows 10 machines when a user connects to the wifi ssid they get an ip from the dhcp server on the pfsense box that is also hosting captiveportal.
      however when they enter the voucher on the authentiction page it reappears again. tried with Edge/Chrome/IE (in IE disabled popup blocker/addin/added the site to compatibility view ) . no change. the authenticaiton page appears and after entering the voucher it re appears again. the voucher code is valid and looking at the logs in pfsense captive portal below messages is shown.

      below are logs from server where i tried two different voucher codes.

      Jun 20 13:04:52 logportalauth 88423 Zone: GUESTSSID - Voucher login good for 720 min.: W3wvP4, 64:6e:69:a3:57:55, 10.11.202.136
      Jun 20 13:05:14 logportalauth 88423 Zone: GUESTSSID - CONCURRENT LOGIN - REUSING IP 10.11.202.136 WITH DIFFERENT MAC ADDRESS ac:81:12:05:32:80: kMG5H4, ac:81:12:05:32:80, 10.11.202.136
      Jun 20 13:05:14 logportalauth 88423 Zone: GUESTSSID - Voucher login good for 719 min.: W3wvP4, 64:6e:69:a3:57:55, 10.11.202.136
      Jun 20 13:12:19 logportalauth 27981 Zone: GUESTSSID - CONCURRENT LOGIN - REUSING IP 10.11.202.136 WITH DIFFERENT MAC ADDRESS ac:81:12:05:32:80: kMG5H4, ac:81:12:05:32:80, 10.11.202.136
      Jun 20 13:12:19 logportalauth 27981 Zone: GUESTSSID - Voucher login good for 712 min.: W3wvP4, 64:6e:69:a3:57:55, 10.11.202.136
      Jun 20 13:12:41 logportalauth 27981 Zone: GUESTSSID - CONCURRENT LOGIN - REUSING IP 10.11.202.136 WITH DIFFERENT MAC ADDRESS ac:81:12:05:32:80: kMG5H4, ac:81:12:05:32:80, 10.11.202.136
      Jun 20 13:12:41 logportalauth 27981 Zone: GUESTSSID - Voucher login good for 712 min.: W3wvP4, 64:6e:69:a3:57:55, 10.11.202.136
      Jun 20 13:13:29 logportalauth 27981 Zone: GUESTSSID - CONCURRENT LOGIN - REUSING IP 10.11.202.136 WITH DIFFERENT MAC ADDRESS ac:81:12:05:32:80: kMG5H4, ac:81:12:05:32:80, 10.11.202.136
      Jun 20 13:13:29 logportalauth 27981 Zone: GUESTSSID - Voucher login good for 161042 min.: swh352, 64:6e:69:a3:57:55, 10.11.202.136
      Jun 20 13:13:37 logportalauth 27981 Zone: GUESTSSID - CONCURRENT LOGIN - REUSING IP 10.11.202.136 WITH DIFFERENT MAC ADDRESS ac:81:12:05:32:80: kMG5H4, ac:81:12:05:32:80, 10.11.202.136
      Jun 20 13:13:37 logportalauth 27981 Zone: GUESTSSID - Voucher login good for 161042 min.: swh352, 64:6e:69:a3:57:55, 10.11.202.136
      Jun 20 13:14:42 logportalauth 27981 Zone: GUESTSSID - CONCURRENT LOGIN - REUSING IP 10.11.202.136 WITH DIFFERENT MAC ADDRESS ac:81:12:05:32:80: kMG5H4, ac:81:12:05:32:80, 10.11.202.136
      Jun 20 13:14:42 logportalauth 27981 Zone: GUESTSSID - Voucher login good for 161041 min.: swh352, 64:6e:69:a3:57:55, 10.11.202.136
      Jun 20 13:15:05 logportalauth 27981 Zone: GUESTSSID - CONCURRENT LOGIN - REUSING IP 10.11.202.136 WITH DIFFERENT MAC ADDRESS ac:81:12:05:32:80: kMG5H4, ac:81:12:05:32:80, 10.11.202.136
      Jun 20 13:15:05 logportalauth 27981 Zone: GUESTSSID - Voucher login good for 161041 min.: swh352, 64:6e:69:a3:57:55, 10.11.202.136
      Jun 20 13:15:05 php-fpm 27981 /index.php: Submission to captiveportal with unknown parameter zone:
      Jun 20 13:16:13 php-fpm 27981 /index.php: Submission to captiveportal with unknown parameter zone:
      Jun 20 13:16:36 php-fpm 27981 /index.php: Submission to captiveportal with unknown parameter zone:
      Jun 20 13:16:45 logportalauth 27981 Zone: GUESTSSID - CONCURRENT LOGIN - REUSING IP 10.11.202.136 WITH DIFFERENT MAC ADDRESS ac:81:12:05:32:80: kMG5H4, ac:81:12:05:32:80, 10.11.202.136
      Jun 20 13:16:45 logportalauth 27981 Zone: GUESTSSID - Voucher login good for 161039 min.: swh352, 64:6e:69:a3:57:55, 10.11.202.136
      Jun 20 13:17:19 logportalauth 27981 Zone: GUESTSSID - CONCURRENT LOGIN - REUSING IP 10.11.202.136 WITH DIFFERENT MAC ADDRESS ac:81:12:05:32:80: kMG5H4, ac:81:12:05:32:80, 10.11.202.136
      Jun 20 13:17:19 logportalauth 27981 Zone: GUESTSSID - Voucher login good for 161038 min.: swh352, 64:6e:69:a3:57:55, 10.11.202.136
      Jun 20 14:31:08 logportalauth 44736 Zone: GUESTSSID - CONCURRENT LOGIN - REUSING IP 10.11.202.136 WITH DIFFERENT MAC ADDRESS ac:81:12:05:32:80: kMG5H4, ac:81:12:05:32:80, 10.11.202.136
      Jun 20 14:31:08 logportalauth 44736 Zone: GUESTSSID - Voucher login good for 160965 min.: swh352, 64:6e:69:a3:57:55, 10.11.202.136

      Gertjan 1 Reply Last reply Reply Quote 0
      • S
        Snailkhan last edited by

        @snailkhan said in Windows 10 Voucher authentication page reappears after entering correct and valid voucher:

        swh352

        i checked in the Status >Captive Portal > Select the Zone > i see the IP that is assigned is already assigned to another station and it is also assigned to the new machine as shown in above logs.

        10.11.202.136 ac:81:12:05:32:80 fuUXT 06/08/2018 09:09:45

        Furthermore i do not see on status page any machine with any of the two voucher codes that i tried on that windows 10 machine as shown in above logs.

        1 Reply Last reply Reply Quote 0
        • S
          Snailkhan last edited by

          i see both the vouchers that i tried on windows 10 machine under status >Active vouchers but DO NOT see them under Active Users.

          I am struggling with the new interface of the support portals forum to find the edit button for editing existing post.

          1 Reply Last reply Reply Quote 0
          • jimp
            jimp Rebel Alliance Developer Netgate last edited by

            Do you have a URL configured to forward users to after they login? If not, it may be redisplaying the login page since it wasn't told to do anything else. Try setting a post-login redirect and then see if the behavior is the same.

            Those log messages could possibly be related, but it looks more like maybe you were trying the same voucher code on multiple computers.

            @snailkhan said in Windows 10 Voucher authentication page reappears after entering correct and valid voucher:

            I am struggling with the new interface of the support portals forum to find the edit button for editing existing post.

            Replies with new information are better than re-editing the initial post, because edits to the initial post won't show that the thread was updated to others, or trigger a notification to anyone watching the thread. That said, you can edit a post by clicking the three dots at the end of the "Reply / Quote / Upvote" line under the post text.

            S 1 Reply Last reply Reply Quote 0
            • S
              Snailkhan @jimp last edited by

              @jimp
              Thanks for your kind reply.
              "After authentication Redirection URL" field is blank. and as such after inital intercept for authentication users are redirected to their originally requested site in normal circumstances and we do not want users to be redirected to any other site then requested.

              While i have set a url and need to test it and update you. Is this a requirement for windows 10 ?

              1 Reply Last reply Reply Quote 0
              • Gertjan
                Gertjan @Snailkhan last edited by Gertjan

                @snailkhan said in Windows 10 Voucher authentication page reappears after entering correct and valid voucher:

                I have Captive portal that is working fine with andorid/ios/Winodw7-8.1. However on windows 10 machines when a user connects to the wifi ssid they get an ip from the dhcp server on the pfsense box that is also hosting captiveportal.

                What do you mean ? That Windows 10 uses the DHCP server "pfSense" and "andorid/ios/Winodw7-8.1" are not ?
                All devices, independent their OS, use the same DHCP server.

                @snailkhan said in Windows 10 Voucher authentication page reappears after entering correct and valid voucher:

                i checked in the Status >Captive Portal > Select the Zone > i see the IP that is assigned is already assigned to another station and it is also assigned to the new machine as shown in above logs.

                The logs and stats are fine.
                But there is better.
                Read this : https://www.netgate.com/docs/pfsense/captiveportal/captive-portal-troubleshooting.html
                and find this powerful ipfw command.:

                You'll see all all firewalll rules, IP's, and related MAC's.
                Keep in mind that these are not the firewall rules yo created in the GUI.
                The ipfw rules are what makes the captive portal actually work.

                The fact that you visit http://your-portal-page.tld/index.php&zone=your-zone - and then you POST against this same page again with with an extra parameter, the voucher code will produce .... the same "index.php" page (your captive portal login page) if there is no "fixed" redirect page.
                If not, if you were visiting for example http://www.google.com, after login, you would have been redirected to http://www.google.com after authentication.

                I never had to go to a page, or the actual login page ( https://portal.brit-hotel-fumel.net:8003/index.php?zone=cpzone1 in my case ) to make the captive portal show up. As soon as a Ethernet (wifi or cable) comes up, the OS (any OS these days) launches .... a DHCP request (you knew that already) and a request to something like "http://portal.apple.com" if it is a iOS device. If that page did not reply with a known answer like "Succes" the OS knows it is behind a portal. It will launch a navigator with the same URL "http://portal.apple.com" again - and this you, as a user, will see the captive portal login page.

                Btw : do not ask what happens when you initial visited https://www.google.com before authentication ... you know in advance will happen and you want it to happen like that ;)

                S 1 Reply Last reply Reply Quote 0
                • S
                  Snailkhan @Gertjan last edited by

                  @gertjan
                  Thanks sir,
                  I have only on box running latest pfsense. Dhcp server is on this box.
                  Android, ios, Windows 7/8/8.1. All get up from it and they get an ip, can access the cp authentication page and after entering a valid voucher connect to the internet.

                  However in windows 10 machines they also get ip and upon on launching browser and accessing any non https site they are redirected to the cp authentication page so far so good. But the problem is that when they enter valid voucher and click submit same page cp page reappears. It's happening in Chrome, IE, edge,

                  That is exact problem statement.
                  I need general answer : is the cp of pfsense compatible with win 10?

                  The field for redirect to specific page after authentication is blank in my configurations. And I windows 7/8/8.1/android/ios clients if they visit suppose Bing.com after authentication are automatically redirected back to Bing.com which is what we want and is normal behavior.
                  Is this not compatible with windows 10 and as such we cannot leave that field blank and hence must redirect a user to any other site?

                  1 Reply Last reply Reply Quote 0
                  • S
                    Snailkhan last edited by

                    Bump

                    1 Reply Last reply Reply Quote 0
                    • Gertjan
                      Gertjan last edited by

                      bing.com or http://www.bing.com or http://www.bing.com ?
                      I would choose one of the last 2.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post

                      Products

                      • Platform Overview
                      • TNSR
                      • pfSense
                      • Appliances

                      Services

                      • Training
                      • Professional Services

                      Support

                      • Subscription Plans
                      • Contact Support
                      • Product Lifecycle
                      • Documentation

                      News

                      • Media Coverage
                      • Press
                      • Events

                      Resources

                      • Blog
                      • FAQ
                      • Find a Partner
                      • Resource Library
                      • Security Information

                      Company

                      • About Us
                      • Careers
                      • Partners
                      • Contact Us
                      • Legal
                      Our Mission

                      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                      Subscribe to our Newsletter

                      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                      © 2021 Rubicon Communications, LLC | Privacy Policy