(SOLVED) Captive portal looping



  • Strange captive portal looping problem...allow me to explain...
    pfSense instance running Captive portal for Wi-Fi network has been running for quite some time now. Users are intermittently complaining about being stuck in portal login loop hell, with one interesting quirk, after logging into the captive portal, a different (older) captive portal login page appears, to which they login and end up back on the first captive portal page, and no there aren't 2 pfSense captive portals back-to-back.

    What I think is happening is this:
    This instance has been running for quite some time, since 2.3 at least, maybe earlier, but has been upgraded a number of times over the years and is currently running 2.4.4-p3.
    I suspect that some changes occurred to how / where the captive portal processes the files, and that there is vestigial information left over from earlier versions, as I mentioned, the second captive portal page the users sees is an earlier incarnation of the page.

    The problem is thus:
    There appear to be multiple CP login pages, and I would like to remove the offending ones. Backing up and reload the config just reloads these into the system as they are stored in the XML.

    In looking at the actual files, I see the following pages:
    /var/db/cpelements/captiveportal-index_captive.html - This seems to be the old login page
    /var/db/cpelements/captiveportal-index.html - This is the current login page
    /var/etc/captiveportal_cpzone.html - The only difference between this and captiveportal-index.html are the variables are $PORTAL_ACTION$ and #PORTAL_ACTION#

    Both captiveportal-index_captive.html and captiveportal-index.html appear in Services / Captive Portal / File Manager
    The question is why would it occasionally refer to /var/db/cpelements/captiveportal-index_captive.html?
    Can I safely delete /var/db/cpelements/captiveportal-index_captive.html?

    Thanks!


  • Rebel Alliance

    @awebster said in Captive portal looping:

    The question is why would it occasionally refer to /var/db/cpelements/captiveportal-index_captive.html?
    Can I safely delete /var/db/cpelements/captiveportal-index_captive.html?

    Deleting var/db/cpelements/captiveportal-index_captive.html should be just fine (especially if you make a backup), but if I was you...I would actually try to answer your first question before removing this file.

    I have few questions :

    • You should find another file /var/etc/captiveportal_cpzone-error.html . Is this file the old login page ?

    • What is the value of "Pre-authentication redirect URL" and "After authentication Redirection URL" in the settings, if any ? Is Pre-authentication redirect URL pointing to the old captive portal page?

    • Once users pass the first (current) login page and are facing the second (older) login page, are they connected ? what does the pfSense GUI ("status->captive portal" page) shows ? If pfSense show that the user is logged in, can the user really access the internet?

    • Same questions, but after users acceded to the second login page?

    • Is the same user still facing the login loop after you click on "disconnect all" (on the status->captive portal page)? If no, is the issue only happening (in some conditions) to users that as considered as "already connected" on pfSense GUI ?



  • Added to what @free4 said :

    @awebster said in Captive portal looping:

    /var/db/cpelements/captiveportal-index_captive.html - This seems to be the old login page
    /var/db/cpelements/captiveportal-index.html - This is the current login page

    The 'login' page and nearly identical 'login-error' page are not stored in /var/db/cpelements.
    This folders should contain the files you upload yourself, typically images, style sheets (css), other PHP and/or html code, used by the login page and/or error page.

    The 3 (three !) files starting with "captiveportal_" and file extension "html" are stored in /var/etc and are template files, used to be create on the fly the html info to be send to the browser of the visitor.

    The two (3 actually, there is also a logout page) should be uploaded using :

    135cf5d2-e52f-4f31-bed6-0cbcca1ace92-image.png

    If you have hand made html files for ligin, error or logout, then you have these as copies.
    I advise you to reset - use the Restore to default - button.

    Btw : default, the difference between the 'login' page and the 'error page is just one line that use the $PORTAL_MESSAGE$ placeholder to show the error message, usefull to indicate that a voucher or password was invalid.



  • @Gertjan said in Captive portal looping:

    The 'login' page and nearly identical 'login-error' page are not stored in /var/db/cpelements.

    Thanks for the tip, that was indeed the source of the problem. An older login page was uploaded (at some point in the past) to the captive portal error page.


Log in to reply