Captive Portal Not Working



  • I'm hoping someone can help me figure out what's wrong here. I have Captive Portal enabled for VLAN 2. I have 4 VLAN's. 3 of them do not use Captive Portal and they all work great. The one that does never gets internet access and the captive portal authentication screen never loads. Any ideas?

    DHCP server is configured on the interface.

    Thanks,

    Dan


  • Rebel Alliance Developer Netgate

    The page not loading almost always boils down to one of a short list of things:

    • Users on the segment can't resolve DNS, usually because they get some external DNS server like 8.8.8.8/8.8.4.4 but that isn't set to be passed through the portal, so they can't resolve anything.
    • Client browser has an HTTPS home page, which doesn't get redirected by default. Most current browsers are good about detecting this these days, however.
    • Firewall rules on the interface are not allowing traffic through that they need to reach the firewall to load the CP page or reach DNS and so on.


  • @jimp said in Captive Portal Not Working:

    The page not loading almost always boils down to one of a short list of things:

    • Users on the segment can't resolve DNS, usually because they get some external DNS server like 8.8.8.8/8.8.4.4 but that isn't set to be passed through the portal, so they can't resolve anything.
    • Client browser has an HTTPS home page, which doesn't get redirected by default. Most current browsers are good about detecting this these days, however.
    • Firewall rules on the interface are not allowing traffic through that they need to reach the firewall to load the CP page or reach DNS and so on.

    Jimp, I appreciate the reply. Can you give me any pointers on how to nail down which of those the issue is, and from there what to do about it? I apologize I'm not a super proficient PFSense/Network guy (although I am a competent developer and DBA).


  • LAYER 8 Netgate



  • Also :
    https://www.netgate.com/docs/pfsense/captiveportal/index.html for basic setup guide lines.
    Use the "make it work first" approach.
    This means : leave everything to default. Always. After installing pfSEnse, activate your WAN.
    Then activate captive portal on LAN.
    This takes 120 seconds max.

    If you really want to use your own ideas, ok, have them validated here : https://www.netgate.com/docs/pfsense/captiveportal/captive-portal-troubleshooting.html
    For example, most issues are just plain DNS issues (aka : not using the build in Resolver, which means they did change default settings) .

    What you should know : the captive portal ins't really a program or service.
    It's just :
    A web server serving a "login" page.
    Some nifty firewall rules (30 years old technic).
    And the big surprise : captive portal works, because support is included in the OS the visitor is using - support is included in the web browser the user is using.

    A captive portal needs a perfect network setup (relax : only IPv4 - things will get nasty when IPv6 comes along)


Log in to reply