Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [solved] Captive Portal doesn't show up

    Scheduled Pinned Locked Moved
    Captive Portal
    2
    3
    3.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Y
      yanosz
      last edited by

      Hello,

      we've some trouble configuring captive portal on 1.2.2. While some features work, some doesn't:

      • Accessing the portal on 8000/tcp? - works.

      • Non-Whitelisted hosts are blocked? - works.

      • Whitelisted hosts are not blocked? - works.

      • Portal page is shown, if not-authorized hosts try to access web pages by http? - doesn't work

      What may be wrong here? DHCP and DNS-Forwarding are enabled, External (wan) hosts can be resolved, but HTTP-"Getting" an external host seems to blocked by pfsense on package level: No http-connection is established with any host; no incoming http-packages on my Client.

      Any hints?
      Thanks,
      Keep smiling
      yanosz

      1 Reply Last reply Reply Quote 0
      • S
        sporadic
        last edited by

        I have a similar problem with captive portal. I'm using 1.2.3-RC1 in a VMware ESX VM (using e1000 driver)

        My pfsense is effectively a router on a stick with a single interface talking to a trunk port on the VMware virtual switch. The ESX host is connected to my core switches with a NIC team with everything tagged through. I have multiple vlans on this. Ignoring others that bear no relevence (LAN, Phones etc) WAN is 190, Wifi hotspot is 200.

        My cisco wifi APs have vlan 200 assigned to an SSID and I can confirm that client on this work after adding an appropriate firewall rule to pass traffic using the default route.

        I am using DHCP relay to my main DHCP on my LAN. I am also using the DNS forwarder on the hotspot interface (192.168.100.254/24 opt2 on vlan2 vlan id200) with the public DNS servers entered on the system\general setup page. Both work fine, IPs are leased, names can be resolved.

        The problem is that when I enable the captive portal and configure it for local authentication nothing happens. It does not pop up at all. Traffic is still allowed through unless I disable that firewall rule. I added firewall rules allowing DNS and TCP port 8000 against the hotspot interface specifically. I can reach the captive portal login page by manually navigating to http://192.168.100.254:8000/ and can sucessfully login but this has no bearing at all on what I can or cannot access from this subnet. I can end the session and still be allowed acess to everything.

        My test rule on the hotspot interface just allows all traffic to any network address that is NOT in a private range. This is placed under the two rules to allow DNS lookups against the interface and access to the portal pages.

        What am I doing wrong here or is there some outstanding problem with VLANs and captive portal?

        1 Reply Last reply Reply Quote 0
        • Y
          yanosz
          last edited by

          Hello,

          @yanosz:

          we've some trouble configuring captive portal on 1.2.2. While some features work, some doesn't:

          • Accessing the portal on 8000/tcp? - works.

          • Non-Whitelisted hosts are blocked? - works.

          • Whitelisted hosts are not blocked? - works.

          • Portal page is shown, if not-authorized hosts try to access web pages by http? - doesn't work

          Actually, it seems there is a bug in the configuration code and / or firewall code. After removing some firewall rules ( "pass"-definitions only - sounds strange) and
          after switching the interface from wlan to lan and back, everything is running fine…

          Keep smiling
          yanosz

          1 Reply Last reply Reply Quote 0
          • First post
            Last post