Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Option to authenticate CP via vouchers is missing

    Scheduled Pinned Locked Moved Captive Portal
    20 Posts 3 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      free4 Rebel Alliance @pfguy2018
      last edited by free4

      @pfguy2018 hum...you probably have other issues. You should fix tout internet connection before actually enabling the captive portal

      1 Reply Last reply Reply Quote 0
      • P
        pfguy2018
        last edited by

        There are no problems with my internet connection. What I meant was that when attempting to connect to the guest network where the CP should be (but is not showing up), the device cannot connect to the internet (presumably because it has not authenticated itself yet, which is because pfSense doesn't seem to allow me to use voucher authentication!)

        1 Reply Last reply Reply Quote 0
        • P
          pfguy2018
          last edited by

          The only issue seems to be that the option for using vouchers as the authentication method is not showing up where expected (on the configuration tab). That is what I am trying to solve.

          F 1 Reply Last reply Reply Quote 0
          • F
            free4 Rebel Alliance @pfguy2018
            last edited by

            @pfguy2018 i will make a more detailed reponse in few hours (i'm on my phone now...hard to make a long response) but in short :

            • on the GUI, Vouchers is not supposed to appear on the list in the configuration page.
            • you should be able to reach the captive portal login page(no matter which method you are using for login, you should still be able to reach the captive portal login page)...the problem seems related to that
            • Can you ping the pfsense (the gateway) from your client ?
            1 Reply Last reply Reply Quote 0
            • P
              pfguy2018
              last edited by

              Your response has the key to my solution. I have a firewall rule on the guest network that blocks any traffic to the gateway except for port 53 (to use DNS resolver). This must be stopping access on the CP as well. Is there a particular protocol and port I should allow in the firewall rules to allow CP traffic through?

              P 1 Reply Last reply Reply Quote 0
              • P
                pfguy2018 @pfguy2018
                last edited by

                I spoke too soon I think. I created a firewall rule to pass port 80 traffic to the gateway, but the CP still times out. I am stumped.

                Also, when I try to save the CP configuration, I cannot save unless I select an authentication method. If vouchers is not one of the choices listed, what am I supposed to click on prior to saving?

                F 1 Reply Last reply Reply Quote 0
                • F
                  free4 Rebel Alliance @pfguy2018
                  last edited by free4

                  @pfguy2018 you need to allow :

                  • port 8002, 8003 (captive portal login page) TCP. If you are having multiple zones, you may have multiple zones, you may allow port 8004, 8005, etc...(2 port to allow per zone)
                  • port 53 (DNS) TCP/UDP
                  • port DHCP 67, 68 UDP
                  • (Optionnal) ICMP, for debugging
                  P 1 Reply Last reply Reply Quote 0
                  • P
                    pfguy2018
                    last edited by

                    I created a pass rule, and I can see (from the browser address bar) that traffic is being redirected to the gateway address port 8002 (which I presume is the CP port), but nothing ever loads - the connection times out. I ha

                    1 Reply Last reply Reply Quote 0
                    • P
                      pfguy2018 @free4
                      last edited by

                      @free4

                      Just saw your post. Have created pass rules corresponding to the ports you mention in your posts, but the connection to the CP still times out.

                      I also changed the authentication method to none, to see if I could take that part out of the equation. Still no connection to the CP.

                      1 Reply Last reply Reply Quote 0
                      • GertjanG
                        Gertjan
                        last edited by Gertjan

                        @pfguy2018 said in Option to authenticate CP via vouchers is missing:

                        . While setting up the CP, I have enabled the use of vou

                        Does the "login page" gets loaded ?
                        Inspect the htlm code, and compare it with the page that's beeing used by pfSense.
                        Check both the login page and the error page - basically,, they are same, the latter only adds a red "$message text" indicating the error.

                        Check you config.xml.
                        You should find :

                        .....
                                <voucher>
                                        <cpzone1>
                                                <charset>2345678ABCDEFGHJKLMNPQRSTUVWXYZ</charset>
                                                <rollbits>16</rollbits>
                                                <ticketbits>10</ticketbits>
                                ...... // snip // ****
                                          <descrmsgnoaccess><![CDATA[Voucher invalid]]></descrmsgnoaccess>
                                                <descrmsgexpired><![CDATA[Voucher expired]]></descrmsgexpired>
                                                <roll>
                          ...... // snip // ****
                                                      <lastsync>1574929058</lastsync>
                                                </roll>
                                                <enable></enable>
                                        </cpzone1>
                                </voucher>
                        .....
                        

                        Note : "cpzone1" is my captive portal zone name.

                        There should be this :

                                                <enable></enable>
                        

                        The presence of that line makes the (default) login page and error page show the voucher input box.
                        See https://github.com/pfsense/pfsense/blob/23328e8d11ea506e5ee25f6fda4ee57bb5e382d4/src/etc/inc/captiveportal.inc#L140

                        No "help me" PM's please. Use the forum, the community will thank you.
                        Edit : and where are the logs ??

                        P 1 Reply Last reply Reply Quote 0
                        • P
                          pfguy2018 @Gertjan
                          last edited by

                          @Gertjan

                          Thank you for these instructions. However, I am not at all handy with computer code, so where exactly do I find this code to examine?

                          GertjanG 1 Reply Last reply Reply Quote 0
                          • GertjanG
                            Gertjan @pfguy2018
                            last edited by

                            @pfguy2018 said in Option to authenticate CP via vouchers is missing:

                            However, I am not at all handy with computer code, so where exactly do I find this code to examine?

                            As you might know, you can backup the settings of your pfSense.
                            That's also the main advantage : everything is in one human readable xml file.

                            So, make a backup - see here how to do that :

                            c7d3ad29-b3ff-4687-8c53-11fa62440332-image.png

                            and have the file opened in your favourite text-editor.

                            Now look it up using the old system (line by line) or use Ctrl-F ^^
                            (search for <voucher> )

                            No "help me" PM's please. Use the forum, the community will thank you.
                            Edit : and where are the logs ??

                            P 1 Reply Last reply Reply Quote 0
                            • P
                              pfguy2018 @Gertjan
                              last edited by

                              @Gertjan

                              Thank you for this! I am not at home now, but will definitely check this when I return and report in with my findings. Appreciate the assistance.

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.