Captive portal taking up to a minute to appear

bhjitsense

I have a captive portal sitting on subnet 10, and my Guest net sitting on subnet 20. I've been hassling with the captive portal taking up to 60 seconds to appear in order to become authorized. In pfBlockerNG I have several DNSBL feeds (about 8). I notice that as I systematically remove one at a time from the database, the time it takes for the captive portal to appear becomes faster. Eventually when I remove them all, it launches immediately. Or if I turn off pfBlocker entirely, it launches right away.

The problem is, there is no offending domain/IP being logged as the holdup at any point. I have tried pushing alternate DNS servers (8.8.8.8) to the hosts on subnet 20 to see if I can just circumvent pfBlocker, but it still somehow interferes.

I'm using an XG-7100 with 8Gb RAM/Atom 2.2GHz

Does anyone have any suggestions or workarounds for this?

Gertjan

@bhjitsense said in Captive portal taking up to a minute to appear:

I have tried pushing alternate DNS servers (8.8.8.8)

You are Forwarding ?

In pfBlockerNG I have several DNSBL feeds

You are using the Resolver !!
See image here - or your own setup.

Read also [Home pfSense Software Captive Portal Slow captive portal on smartphones](link url) ..... I suggest switch to a https:// login page

bhjitsense

@Gertjan
I am using Resolver and have DNS Query Forwarding enabled.
I read on another post that I could circumvent pfBlocker by adding in different DNS servers in the DHCP server settings.

Gertjan

@bhjitsense said in Captive portal taking up to a minute to appear:

I am using Resolver and have DNS Query Forwarding enabled.

This is forwarding (the Resolver can also forward).

bhjitsense

@Gertjan
Okay.... so what are you saying? I can't use forwarding?
If I turn off forwarding, nothing would resolve.
And even when I don't put DNS addresses in the DHCP server settings, it still takes a minute to load the captive portal.

Gertjan

@bhjitsense said in Captive portal taking up to a minute to appear:

Okay.... so what are you saying? I can't use forwarding?

I'm not saying anything ^^

I think that that text says : use Unbound in resolver mode .... but I might be wrong.
DNSBL works fine for me.

Btw : by default, unbound, the resolver uses the 'core' Internet DNS facilities and this should work as soon as you start pfSense for the first time and activate a WAN connection.
If that doesn't work for you, your connection is not good.

I'm not saying you can't use the Forward mode, but I suggest that you test with a (non modified) basic setup. When it works, you change things step by step. As soon as things stop to work, you will know what to undo .