pfsense does not work on mobile phones (iOs and android)



  • Hi there,

    I am using pfsense and it works perfectly on laptop. But when i try on my iPhone, the captive portal does not pop out. Can someone help?



  • @curioushuman

    Think you need to open up a web browser to kick the captive portal process off.



  • @nogbadthebad I did try but it still does not work



  • @nogbadthebad said in pfsense does not work on mobile phones (iOs and android):

    Think you need to open up a web browser to kick the captive portal process off.

    No way.
    Using a iPhone, the only thing I have to do is selecting the captive portal wifi network.
    It fiddles around a couple of seconds, and then a browser opens, loaded with the captive portal login page.
    The presence of a "Captive portal" is completely supported by the iOS for years now.
    There are no settings whatsoever in an iPhone that can change this behaviour.

    Set up your captive portal as instructed by the official video,
    and you'll be fine.

    Btw : this video opens - first line - with the most common pitfall : When DNS works, your portal works.

    Always start with a basic setup, using an account setup in the the local User manger. Later on, when you're ready for your Master's degree, you could add Voucher support, FreeRadius or a proxy, or LDAP, or whatever other advanced technology.



  • Actually I just tried by setting one up on a test SSID.

    Your correct it works and you don't need to open up a web browser.



  • @gertjan I did the same. I just don’t understand why it works on my laptop but not on my iphone?



  • @nogbadthebad how did you configure? Did you configure anything on pfsense captive portal?



  • @curioushuman said in pfsense does not work on mobile phones (iOs and android):

    Did you configure anything on pfsense captive portal?

    Show us yours.
    Also : LAN settings.
    DNS settings.
    Firewall settings of the interface

    Show us anything you took away from default.

    We will compare it with the video and come up the instructions.

    From scratch (just after installing pfSense) it takes a couple of clicks - add to that : add a user with portal rights (see image bellows)

    0_1552485915867_62a8ae19-189b-497a-964b-9d7d2920f99c-image.png

    My captive portal settings are :

    0_1552485999412_cc663008-5c20-4cb9-8906-d85f42df1d21-image.png

    Please note :
    I have use a dedicated interface called "PORTAL" for my Captive portal users. It has these IP settings : 192.168.2.1/24 - The build in pfSense DHCP server is running on this interface - IP range 192.168.2.10 -> 192.168.2.254
    I use https login. This means I have to supply a certificate. The ACME package handles that for me. Not really need when you start, but very complicated to setup so I had to have one just for the kick of doing so.
    I use the freeradius authentication package (with a remote SQL database somewhere on my LAN), which is just great if you really have nothing else to do with your time. In the beginning, the local, build in User manger works just fine.
    I did upload a home made captive portal login page so I could add the company logo and other types of humour.

    My firewall rules :

    0_1552486290260_9b23339c-22f9-43e0-9d60-53decfad1cf7-image.png

    Every rule here has it's own special function.

    You'll be fine using the default pass all rule, like this one :

    0_1552486358375_88b2364d-5bea-46d3-91ec-80f68f2af861-image.png

    And the most important one :
    DNS settings :

    0_1552486451863_2fd83d93-2049-45a5-93f1-d1bca7381a24-image.png

    I did not change anything on the ACL and Advanced tab.

    As you can see, I use the default Resolver - and I'm Resolving - I'm not forwarding.

    Also important :

    Dashboard :

    0_1552486567475_697a6837-65a3-43fe-8694-6a15408607df-image.png

    DNS Servers = 127.0.0.1 - nobody else.

    edit : forgot about this one : I'm using some DD-WRT based AP's .... using pure AP mode, no DNS/DHCP/Router functions enabled on those ones. Just plain AP mode.



  • @curioushuman said in pfsense does not work on mobile phones (iOs and android):

    @nogbadthebad how did you configure? Did you configure anything on pfsense captive portal?

    Nope just enabled it and set it to use my RADIUS credentials.

    NB I don't use captive portal, just tried it to see if I got the login page.

    0_1552491226249_Screenshot 2019-03-13 at 15.27.51.png

    0_1552491246874_Screenshot 2019-03-13 at 15.28.35.png

    0_1552491259085_Screenshot 2019-03-13 at 15.29.05.png

    0_1552491270654_Screenshot 2019-03-13 at 15.31.25.png



  • @gertjan Here''s how my configuration looks like: (see images below)
    9_1552525574248_10.PNG 8_1552525574248_9.PNG 7_1552525574248_8.PNG 6_1552525574248_7.PNG 5_1552525574248_6.PNG 4_1552525574248_5.PNG 3_1552525574247_4.PNG 2_1552525574247_3.PNG 1_1552525574247_2.PNG 0_1552525574247_1.PNG

    And my simple setup:
    0_1552525698320_11.jpg

    I am using voucher authentication. No user manager.


  • Rebel Alliance

    @curioushuman question :

    • is your iPhone configured to use a custom DNS server ? (eg, 8.8.8.8 ?)
    • what's the DNS IP configured in your DHCP settings ?
    • is the AP acting as a router?

    this issue is likely related to your DHCP/DNS settings



  • @free4
    no my iphone does not configure to custom DNS server
    I leave it blank for DNS server in my pfsense.
    the AP is just a plug and play AP.

    It works now but however, my wifi connection has to constantly renew lease each time wifi connection is interrupted. Why is that so?



  • @gertjan It works now but however, my wifi connection has to constantly renew lease each time wifi connection is interrupted. Why is that so? How do i fix this?



  • @curioushuman said in pfsense does not work on mobile phones (iOs and android):

    my wifi connection has to constantly renew lease each time wifi connection is interrupted. Why is that so?

    When the Wifi goes down - or the phone goes to sleep, or out of range, etc, you have a situation that is identical to a wired connection : when you remove the cable, and put it back in again, interface comes up, and the first thing it does is launching a DHCP request.

    Don't worry : the DHCP server will give it the same IP again. This won't disrupt the Captive portal connection whatsoever.
    It's still the same MAC/IP so for the Captive portal it concerns the same session.

    edit : keep in mind that the "voucher counter" doesn't stop when the device (Phone) is connected, or not.

    @curioushuman said in pfsense does not work on mobile phones (iOs and android):

    @gertjan It works now

    Why didin't it work before ?


Log in to reply