Adding Allowed IP Address in Captive Portal causes troubles.



  • Hello all,

    I am having problem with adding allowed IP address in the captive portal setting. I add only one IP address with /32 subnet. (I suppose this question is raised by sir vuarame some ten months ago, though sir jimp has unanswered questions in the thread).

    I am using pFSense 2.3.5 version.


  • Netgate Administrator

    More information needed. 😉

    You have a link to that thread?
    Edit: OK I see it: https://forum.netgate.com/topic/125063/captive-portal-allowed-ip-addresses

    What happens when you add the IP?

    What do you expect to happen?

    Do you have a good reason for running 2.3.5 rather than current, 2.4.4?

    Steve



  • I already read that thread sir.
    When I add an IP Address, Captive Portal login page will not work, however the IP Address I assigned to be allowed has work smoothly.
    What I expect to happen is, captive portal will work as is on clients.
    I am now upgrading my pFSense sir.



  • I'm using several IP's on the Allowed IP Addresses tab :

    0_1542001139172_a3916230-7078-4d26-9fff-bad151b2b41a-image.png

    As you might guess, these are my 3 AP's - my Portal network is 192.168.2./24, pfSense using 192.168.2.1.
    AP's needs access to the net for services like ntp etc.

    My 3 Ap's can communicate with the net.

    Btw : Captive portal ipfw firewall rules are :

    [2.4.4-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: ipfw table all list
    --- table(cp_ifaces), set(0) ---
    sis0 2100 41929406 24022213886 1542001320
    --- table(cpzone1_auth_up), set(0) ---
    --- table(cpzone1_host_ips), set(0) ---
    192.168.2.1/32 0 10842951 645919014 1542001320
    --- table(cpzone1_pipe_mac), set(0) ---
     88:1f:a1:54:ff:c9 any 2081 0 0 0
     any 88:1f:a1:54:ff:c9 2080 0 0 0
     48:88:ca:41:ff:55 any 2075 0 0 0
     any 48:88:ca:41:ff:55 2074 0 0 0
     4c:8d:79:91:ff:52 any 2077 0 0 0
     any 4c:8d:79:91:ff:52 2076 0 0 0
     64:80:99:9a:ff:a0 any 2079 0 0 0
     any 64:80:99:9a:ff:a0 2078 0 0 0
    --- table(cpzone1_auth_down), set(0) ---
    --- table(cpzone1_allowed_up), set(0) ---
    192.168.2.2/32 2082 785 77243 1542001221
    192.168.2.3/32 2084 655 58796 1541999147
    192.168.2.4/32 2086 635 78822 1541991852
    --- table(cpzone1_allowed_down), set(0) ---
    192.168.2.2/32 2083 234 17784 1542001221
    192.168.2.3/32 2085 235 17860 1541999147
    192.168.2.4/32 2087 233 17882 1541991000
    

    (I have 5 MAC's on the MAC's list)

    This works fin for the last decade or so.