[Solved] Slow captive portal on smartphones
fmattbp last edited by fmattbp
Hi, i'm just set up a https captive portal with let's encrypt SSL cert, on any desktop or laptop works well (redirects almost instantly) but on any smartphone it works very slow (2 minutes before redirect to the login page).
Anyone has been in this situation before? any help would be apreciated
@fmattbp what smartphone is having the problem?
is it android based? if yes what's the value of captive_portal_mode ?
@free4 Thanks for the reply, the device is a Samsung Galaxy J7 Pro 2017 and it functions well in other captive portals it's only in the captive portal that i'm setting up
it's only in the captive portal that i'm setting up
Let me guess : iPhone doesn't show the same behaviour ?
Ok, more serious : Considering all the information you supplied, for me, this smells like DNS issues.
@Gertjan seems right
Yes, you guys are right.
I've been making some tests, on the Android based smartphone always takes the google's DNS servers not the DNS provided by pfSense.
I follow the steps on https://docs.netgate.com/pfsense/en/latest/dns/redirecting-all-dns-requests-to-pfsense.html but the smartphone still resolving with google's DNS servers.
If i resolve google.com domain in the smartphone you can see that is using 188.8.131.52 at DNS server.
Gertjan last edited by Gertjan
Redirect incoming DNS (port 53) requests to pfSense DNS.
Or upgrade your Phone to a more 'captive portal' friendly OS.
Keep in mind : captive portal recognition is more an OS feature - it's not a pfSense thing.
After several hours of testing i found this topic https://forum.netgate.com/topic/6440/captive-portal-too-damn-slow/5
In some point, the autor says "But then I tried a different approach and configured in Captive Portal, HTTPS Server Name, the IP of the WLAN interface, build a certificate accordingly and it seems to have solved the problem, it now is fast from all clients (PCs, MACs, iPhones)."
I went to the ACME certificate that i issued for my domain and change it for the captive portal IP address interface and the result was that the captive portal loads instantly on every device i connected BUT, since the certificate was issued to my FQDN now it says that the certificate has a problem.
Looking forward to resolve this new issue.
True, you need to have (own / rent) a domain name.
Place a host over ride on the Resolver
Like "portal" for the host, and your domain name as "Parent domain of host", the IP will be the IP of the portal interface of pfSense. Somthing like portal .my-domaine.tld
You'll be needing a cert for this FQDN.
Set this host name (FQDN) on the captive portal portals settings and select the cert as "SSL Certificate".
I use the https myself on my captive portal - using a wildcard certs so I can use
pfsense.my-domaine.tld for the GUI access
portal .my-domaine.tld for the captive portal (another interface)
Works very well.
just a little update.
I issue the certificate as example.mydomain.com and in the captive portal i configure the HTTPS Server Name as portalexample.mydomain.com and the result was that now the portal loads instantly in every device and doesn´t display a cert warning.
Thanks to you guys that help me out with this issue.
just a little update.
I issue the certificate as example.mydomain.com and
What I do : I asked for a wild card cert.
portal loads instantly in every device
I'm seeing the same thing. Actually, we all know why : browser prefer by far https sites I guess, before they fall back to old school 'http'.