Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to login : loop

    Scheduled Pinned Locked Moved Captive Portal
    7 Posts 3 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mike315
      last edited by

      Hello,

      Another mind-blowing problem : I just set up a captive portal and it was working with vouchers during early test. Then, I changed the login templates and now I'm unable to login with vouchers. When I enter a voucher, the user is allowed in pfsense GUI, but the client just goes back to the login screen (looks like he gets the logout.htm page). I've tried restoring the default templates but it's the same :( :( :(
      They can login with user accounts, but I only want to use vouchers.
      PS : regenerating vouchers didn't change anything.

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        Hi,

        @mike315 said in Unable to login : loop:

        Then, I changed the login templates and now I’m unable to login with vouchers

        Changed what ? You build you're own login and error page (html, php, css, etc) ?
        It was debugged ? Written correctly ?
        Going back to default should restore always functionality. If it doesn't, the issue isn't 'template' related.

        When you login using a captive portal user account and a voucher, what does the captive portal log show ?

        Trick : Live is so much easier if you use the captive portal on a dedicated LAN (an OPTx interface) - and not the LAN.
        LAN is for trusted devices.
        Captive portals are meant to deal with non-trusted devices.

        Btw : read these : https://www.netgate.com/docs/pfsense/captiveportal/index.html (the last one treats the most important issue : people like to think that they understand DNS, but they actually just messed up everything, and a captive portal is very bound to a good working DNS system.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • M
          mike315
          last edited by

          Hello,

          I downloaded the template here : https://github.com/kobaltz/pfsense_captive_portal/
          Vanilla : 3x html pages.
          I'm not sure it's template related, I was in early testing phase, but If I remember correctly it happened just after I changed the template.

          When I login with a user account, it works fine, I get redirected on the internet. When I use a voucher, it kinda just refreshes the portal login page. If I use the custom template, I get redirected on the logout page ("thx for using the wifi").

          I use an OPT interface for the captive portal, not the LAN !
          I'm using the pfsense DNS Forwarder, with a specific record for the portal web page.

          1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan
            last edited by

            And when you put things back to 'normal' (also called 'default') ?

            Which means the default build in login page and the Resolver (with a DNS override record for the FQDN for the IP of the OPT1 interface).

            When everything works (by default, it works ;) ) apply your changes one by one.
            Test heavily between each step.
            As soon as you discover errors, undo the last step - or repair the last step.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • M
              mike315
              last edited by

              OK, some news :

              The problem happens when I save the CP configuration (even if I don't make any change)
              The only way to make a client work again is to kick him from the CP active users status page.
              I've tried with other templates same problem. Maybe I'm supposed to check the popup option ?

              1 Reply Last reply Reply Quote 0
              • M
                magokbas
                last edited by

                https://forum.netgate.com/topic/130420/any-change-and-save-update-captive-portal-bug
                https://redmine.pfsense.org/issues/8514

                This problem is not about the template. I have reported this problem a long time ago. But there is still no solution. I have 400-450 active users. so I am having a lot of problems. it was disappointing for me.

                1 Reply Last reply Reply Quote 0
                • GertjanG
                  Gertjan
                  last edited by Gertjan

                  Yep.
                  At this moment, using the current version, you should stop editing the portals settings when you have put it online.
                  This shouldn't be a big deal I guess, ones the settings are fine you're done with it anyway.

                  https://github.com/pfsense/pfsense/pull/3640#discussion_r199824018

                  Augustin-FL 8 hours ago •
                  
                  For the main CP zone : Because currently when settings are saved, captiveportal rules are re-appplied unconditionally to the network interface, meaning all ipfw rules are unconditionally flushed.
                  **This is a big problem when editing captive portal settings while some users are connected : When saving the settings, users go technically disconnected and are redirected to the login page (because ipfw rules are flushed), but they are still considered as connected and are unable to log-in again(because they are still present in the sqlite database).**
                  I solved this issue by flushing SQLite DB when rules are re-generated, and i also added a warning "Some users are connected, they will get disconnected. Do you want to continue ?" on the GUI.
                  For the RADIUS database : because this database is now obsolete, captiveportal don't use it anymore.)
                  

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.