Clients can make a DNS resolution but do not see the captive portal



  • Hello,

    I am currently installing Pfsense to try to replace an existing captive portal solution on a rather large network (2 firewalls, DMZs etc etc...).
    Currently the captive portal in place is as follows:

    (NET)-----[ firewall-1 ]----(Captive portal)-------[ firewall 2 ]-------(Vlan User wifi).

    My users in the wifi vlan can make DNS and ping pfsense resolutions, after capturing frames, I see DNS requests passing through pfsense, but despite the fact that the captive portal is enabled, I can't see it on the vlan wifi side, I don't see any frames passing it either.

    I disabled the blocking of private networks on my wan and lan interfaces, I also opened the rules of my firewall.

    In frame captures, pfsense sees the @IP and @mac of the machine in the user vlan.

    Anyone have any idea why the captive pfsense portal doesn't want to show up?


  • Netgate Administrator

    So clients are just blocked and never redirected to the captive portal login?

    But they can ping things?

    https://docs.netgate.com/pfsense/en/latest/captiveportal/captive-portal-troubleshooting.html#captive-portal-not-redirecting

    Steve



  • Hello,

    the only thing clients prevent ping is the pfsense LAN interface



  • You really have to put a [ firewall 2 ] in front of pfSense (captive portal) ?



  • yes I have no other choice in the current network configuration imposed by my company, but firewall 2 only serves as a gateway, it does not block anything and does not do NAT, it simply redirects requests.

    Plus I declared the roads on pfsense, I don't really know what to do anymore:/



  • I advise you to make the captive portal work without this "firewall2".
    Add "firewall2" only when everything works perfectly.


Log in to reply