Google Wifi and Captive Portal

nagaraja

Hey folks,

i am trying to enable portal over Google wifi network. In the past, Gwifi has been configured to work over 2 vlans: one for primary AP and one for mesh network APs. Everything works well since 2 years now.
In this case I cannot use pfsense DHCP, since Gwifi has its own configuration. I use DNS resolver for my internal DNS server forwarded requests.
Once configured portal and voucher deploy, i enabled the service over mesh vlan network.
When i use wifi with my Android phone, i cannot see portal page, portal user table is always at 0 users and i can freely browse the web.

It seems Gwifi detect/handle device before pfsense.

i checked https://forum.netgate.com/topic/144580/configure-pfsense-as-a-captive-portal-only-and-without-dhcp and https://forum.netgate.com/topic/39188/captive-portal-behind-router-or-different-subnet solving nothing.

Can someone help me with this?

Gertjan

@nagaraja said in Google Wifi and Captive Portal:

When i use wifi with my Android phone, i cannot see portal pag

But can you access it ?
Normally, if "all networks settings are correct", your phone will get redirected to the login page.
If your down stream access point / router (?) f*cks up this behaviour, then , yeah, things stop working.
Btw : beleive it or not, the captive portal focntionanlity is actually build-in into the client device - it's actually not pfSense.
pfSense just : blocks all traffic using a firewall. Wne a visitor's devices visits the web server, exposing a page where you can identify yourself, an exception for your device = MAC and IP address will be put into the firewall.
When you use a down stream router, then be aware that pfSense can only 'see' the router's MAC and the router's IP. NOT the IP and mac of the visitors device.
That's why the "router placed down stream, in a captive portal network" is as good as an idea as trying to run your car on liquid water : it won't happen.

First, run this command on the console access, option 8:

sockstat -4l | grep 'nginx

You'll find the port used by the captive portal in the 80xy range (but surely not 8000).

root     nginx      88775 6  tcp4   *:8002                *:*

( 8002 is used by my first nginx portal instance, serving the http requests. If you have set up also https requests, port +1 will be sued = 8003 )
Now, visit your captive portal's login page :

http://a.b.c.d:xywz/index.php?zone=ZONE

Where a.b.c.d is the IP of pfSense - the interface on which the captive portal is running.
xywz is the port number, like 8002.
ZONE is whatever you entered here :

edit : what is a "Google Wifi Network" and why would one use such a thing ?

"Wifi" is a TCP/IP network over wire, and for commodity, also over radio. You need a 'device' that transforms electical signals over the wire, to radio waves over the air. That's OSI 1 and 2. Nothing more.
These devices are called Access Points. You can find them starting at 10-20 € ($).

nagaraja

@Gertjan

Hey man,

thanks for your infos and quick reply, I checked it out and the portal page is there.

Based on the fact Gwifi AP "is" a down stream router (where everything is natted) i yesterday tried adding the device in "Allowed IP addresses" tab, without any success.

So it seems Google Wifi AP change this general behaviour, taking control over connection (I know it is a closed system for the most).

Then, if there are not any way to force redirection to portal page with my configuration, i would rely to a common AP in a new vlan.

Thank you