Unable to login : loop



  • Hello,

    Another mind-blowing problem : I just set up a captive portal and it was working with vouchers during early test. Then, I changed the login templates and now I'm unable to login with vouchers. When I enter a voucher, the user is allowed in pfsense GUI, but the client just goes back to the login screen (looks like he gets the logout.htm page). I've tried restoring the default templates but it's the same :( :( :(
    They can login with user accounts, but I only want to use vouchers.
    PS : regenerating vouchers didn't change anything.



  • Hi,

    @mike315 said in Unable to login : loop:

    Then, I changed the login templates and now I’m unable to login with vouchers

    Changed what ? You build you're own login and error page (html, php, css, etc) ?
    It was debugged ? Written correctly ?
    Going back to default should restore always functionality. If it doesn't, the issue isn't 'template' related.

    When you login using a captive portal user account and a voucher, what does the captive portal log show ?

    Trick : Live is so much easier if you use the captive portal on a dedicated LAN (an OPTx interface) - and not the LAN.
    LAN is for trusted devices.
    Captive portals are meant to deal with non-trusted devices.

    Btw : read these : https://www.netgate.com/docs/pfsense/captiveportal/index.html (the last one treats the most important issue : people like to think that they understand DNS, but they actually just messed up everything, and a captive portal is very bound to a good working DNS system.



  • Hello,

    I downloaded the template here : https://github.com/kobaltz/pfsense_captive_portal/
    Vanilla : 3x html pages.
    I'm not sure it's template related, I was in early testing phase, but If I remember correctly it happened just after I changed the template.

    When I login with a user account, it works fine, I get redirected on the internet. When I use a voucher, it kinda just refreshes the portal login page. If I use the custom template, I get redirected on the logout page ("thx for using the wifi").

    I use an OPT interface for the captive portal, not the LAN !
    I'm using the pfsense DNS Forwarder, with a specific record for the portal web page.



  • And when you put things back to 'normal' (also called 'default') ?

    Which means the default build in login page and the Resolver (with a DNS override record for the FQDN for the IP of the OPT1 interface).

    When everything works (by default, it works ;) ) apply your changes one by one.
    Test heavily between each step.
    As soon as you discover errors, undo the last step - or repair the last step.



  • OK, some news :

    The problem happens when I save the CP configuration (even if I don't make any change)
    The only way to make a client work again is to kick him from the CP active users status page.
    I've tried with other templates same problem. Maybe I'm supposed to check the popup option ?



  • https://forum.netgate.com/topic/130420/any-change-and-save-update-captive-portal-bug
    https://redmine.pfsense.org/issues/8514

    This problem is not about the template. I have reported this problem a long time ago. But there is still no solution. I have 400-450 active users. so I am having a lot of problems. it was disappointing for me.



  • Yep.
    At this moment, using the current version, you should stop editing the portals settings when you have put it online.
    This shouldn't be a big deal I guess, ones the settings are fine you're done with it anyway.

    https://github.com/pfsense/pfsense/pull/3640#discussion_r199824018

    Augustin-FL 8 hours ago •
    
    For the main CP zone : Because currently when settings are saved, captiveportal rules are re-appplied unconditionally to the network interface, meaning all ipfw rules are unconditionally flushed.
    **This is a big problem when editing captive portal settings while some users are connected : When saving the settings, users go technically disconnected and are redirected to the login page (because ipfw rules are flushed), but they are still considered as connected and are unable to log-in again(because they are still present in the sqlite database).**
    I solved this issue by flushing SQLite DB when rules are re-generated, and i also added a warning "Some users are connected, they will get disconnected. Do you want to continue ?" on the GUI.
    For the RADIUS database : because this database is now obsolete, captiveportal don't use it anymore.)