captive portal and no internet after authentication.

roundcube222

@Gertjan

no we used the captive portal on LAN as per this screen shot.

I have re-installed a clean copy.. and still the problem their.. my authenticated client can not browse any sites (they can only ping hosts and make dns lookups)

Any ideas??

Gertjan

I tend to say that this is still valid these days : https://www.youtube.com/watch?v=qb5TDpihnq4

roundcube222

@Gertjan said in captive portal and no internet after authentication.:

https://www.youtube.com/watch?v=qb5TDpihnq4

do i have to create a VLAN for the captive portal ?

only can i create the captive portal on the LAN ??

Gertjan

@roundcube222 said in captive portal and no internet after authentication.:

do i have to create a VLAN for the captive portal ?
only can i create the captive portal on the LAN ??

It can be activated on the LAN.
Advisable is use a dedicated, other LAN (OPT1) interface. This way, managning is waaaaaaaay more simple.
VLAN's should be be possible also, never tried it myself.
But you should use a device (A VM in your case) with at least 3 real physical NIC's so you respect the golden rule : keep it simple. Simple things also tend to work right away. Afterwards, you can make it complicated again ... ^^

Also : per definition : LAN is a trusted network where you connect only devices you trust.
On the captive portal you put devices that you no not trusted.

roundcube222

@Gertjan
i tired every thing ... my authenticated users can not access internet,,,

i have pasted all the firewall rules

Can please one of the admins help me..............

roundcube222

did any one tried to use captive portal on LAN ? maybe it is not working because i set the portal on LAN ?

IPFW already added my authenticated clients to the allow list. so why still they can not access internet and they can just ping clients and resolve domains ?

can any one have any ideas what is wrong ? i already pasted my firewall rules in the post which allow ANY from/TO.

The problem only happen when i enable captive portal. if i disable captive portal, then my clients can access internet without any problems.

Maybe there is some bug when using the captive on LAN ?

Gertjan

@roundcube222 said in captive portal and no internet after authentication.:

Maybe there is some bug when using the captive on LAN ?

Using 2.4.4-p3 ? That explains your issue ? Then why all my clients (hotel Wifi network) are connected to the Internet using the very same code ?
Between your system, and min, only the settings are different.
The system - the code - is the same.

My guide line was the video mentioned above.

Your issue isn't probably Captive portal related : Your LAN firewall rules are not taken in account anymore when you activate the captive portal : the default terminating Block all rules is hit, like the other, your GUI rules, do not exist any more.
I can't explain that.

Any ideas, @free4 ?

roundcube222

@Gertjan
Maybe this bug happens only if you make the portal on the LAN ?

While your portal is on the WiFi interface ?

Gertjan

@roundcube222 said in captive portal and no internet after authentication.:

While your portal is on the WiFi interface ?

Any other NIC on pfSense not being declared as "WAN" will get called OPT1, OPT2, OPT3 and is basicly a LAN with one 'minor' exception : no default PASS rule, so it blocks by default (with another exception : they will pass DHCP related stuff) etc. You can rename them, if you which.
Like "WiFi " or, "Portal" as I did.

I can activate a portal on my LAN if I want to - for testing purposes.
I'll do that right now, and report back, give me 5 minutes.

back.
Well, that was impressive. I really managed to break the inter Internet connection for all my LAN devices. Activating a portal is very radical.
The easy of setting up a basic the captive portal is impressive : A click, give it a name and description, another click for the save and another for the activation (somewhat in that order). I used the local build-in user data base (already populated with some users which have a granted portal access ).
Then saving all this, I closed my browser.

Waited 10 seconds and fired it up again. Immediately I was present with a message :

click

It's Firefox, using the french language saying to me that I need to connect using an account if I want to access the Internet. Hit the button on the right gave me direct access to the default blue pfSense captive portal login page. Never saw that one before ! I'm normally use my own, branded login page(s).

When I entered a user (= admin), allowed to use the portal, and the password, I saw the small word "Succes" in the upper left corner. After that, going to https://ww.google.com worked just fine.

So, yes, a captive portal on LAN works just fine, although very not useful for a basic company network.

On what device are you running pfSense ?

roundcube222

@Gertjan

I am using VMware with 2 NIC

One for wan and one for lan

Gertjan

@roundcube222 said in captive portal and no internet after authentication.:

I am using VMware with 2 NIC

Ah.
That just doubles the list with possible issues. And isn't something you should not omit to mention when asking question.
It , a VM, can works of cours,I use a pfSense from a Hyper-V VM, build into Windows Pro right out of the box. I had some virtual NIC issues at first (sound familiar ?), though, at first, mostly because I didn't RTFM first.
If you have a spare drive - some small 10+ Gbytes disk size will do, take the actual disk out of your PC, install the spare (to be emptied) disk into your system, and install pfSense bare-bone, from scratch.
It's worth a try.

Because you know it : it's not pfSEnse, your issue.