Captive portal auth page not reachable



  • Hello everyone
    I'm new in the captive portal world and pfsense and I have a problem. When I try to connect to the network, I can't reach the authentification page, I just get an error page which says:
    "connect to wifi
    the wifi you are using may require you to visit the login page"
    Then you have a bouton "connect" but when I click on it, I just get the same page again.

    I want that the users authenticate themselves with them google accounts, so my authentification page is accounts.google.com. Obviously, I allow the domains that I need (I think so) so I don't really know where the problem is coming from.

    If you have some idea to help me it will be great.
    thanks guys


  • Rebel Alliance

    @ituser if you want to authenticate users with their google Account, then you should look for OAuth authentification ( https://developers.google.com/identity/protocols/OAuth2 ).

    As far as i know, pfSense does not oAuth authentication natively, but you could install a FreeRADIUS server that will convert RADIUS messages from the captive portal to OAuth messages



  • I will look a that
    thank you



  • the strange thing is that sometimes I successfully load the authentification page and I successfully enter my email and my password.



  • @ituser said in Captive portal auth page not reachable:

    accounts.google.com

    accounts.google.com .... how did you set this up ? You put that URL (google.com) on the Allowed hostname tab ?

    And when you ID against google, how should Google inform the portal that a "user" (unknown to the portal) has ID'd against Google ?

    @ituser said in Captive portal auth page not reachable:

    I'm new in the captive portal world and pfsense and I have a problem. When I try to connect to the network, I can't reach the authentification page, I just get an error page which says:
    "connect to wifi
    the wifi you are using may require you to visit the login page"
    Then you have a bouton "connect" but when I click on it, I just get the same page again.

    New or not, you should detail how you set up your portal.



  • Hello,
    You are right I should give my configuration sorry for that
    It's not me who set up the captive portal but this is the configuration :

    And that all for the configuration, of course, I set up DHCP on the captive portal Interface. The DNS is working, I test to ping www.wikipedia.com, and I get an address even if I can't reach it, which is normal for a not connected user.



  • So, you are using this option :

    0_1546850909146_5e278d86-c30e-4858-9bff-4bf6dcb3b908-image.png

    ?
    Consider that one broken for the moment.

    I'm still very curious how a login onto Google accounts can enable portal access on the captive portal.
    It can be done of course, it needs some user (admin ;) ) written code to handle the communication. probably with some Google API thingies, etc.



  • No I'm not using that option,
    someone wrote a custom html page, the page has a big PHP part which is checking the IP of the clients and stuff like mac address, cookies, etc. I didn't wrote the page so I don't really understand everything.
    This is this page which redirects the user to the address I gave before.
    I think the problem can be a certificate problem because I use a certificate made for the captive portal to go to a google page. When I get the page which told me that I need to connect, I can see beside the URL, an alert telling me the site is not secure.
    Do you think it can be that?



  • If you use a certificate for the portal page (hhtps login - and you selected a certificate) then you need a valid (== recognized and accepted) certificate.
    That's where the acme package comes in....



  • this is what I thought, I wiil try that
    thank you for the help