Captive portal on multiple ifaces?

itsmorefun

Same result,
With captive portal enabled on OPT1 and OPT2, only OPT1 packet are intercepted.

I will try to understand https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/f8b1131038f1a8ced102c79ed6c72ef9dc05e6f1 to find why that don't work…

Maybe a problem with:
341 # skip to traffic shaper if not on captive portal interface
342 add 1000 set 1 skipto 50000 all from any to any not layer2 not $cpif
343 # pass all layer2 traffic on other interfaces
344 add 1001 set 1 pass layer2 not $cpif

If I do "ipfw show | grep ed2" with only OPT1 selected:
01000     5    5344 skipto 50000 ip from any to any not layer2 not via ed2
01001     5    5344 allow ip from any to any layer2 not via ed2

If I do "ipfw show | grep ed3" with only OPT2 selected:
01000     5    5325 skipto 50000 ip from any to any not layer2 not via ed3
01001     5    5325 allow ip from any to any layer2 not via ed3

If I do "ipfw show | grep ed2" with OPT1 and OPT2 selected:
01000     5    5325 skipto 50000 ip from any to any not layer2 { not via ed2 or via ed3 }
01001     5    5325 allow ip from any to any layer2 { not via ed2 or via ed3 }

Maybe the problem is the interpretation of the "not" and the "or" ?

Thank for any help.

eri--

Can you update to the latest snapshot or try this modification?
https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/fca39472782bdbd06722c053cb345de6a8f754bd

Thanks

itsmorefun

Yes!!! You are a king  8)

It work  ;)

Juste two things,
->on Status: Captive portal:
The last line, the column Session start show: Warning: date() expects parameter 2 to be long, string given in /usr/local/www/status_captiveportal.php on line 107

->on Status: System logs: Portal Auth: When user have a firewall blocking input icmp some log with: php[43507]: /index.php: The command '/sbin/ping -c 1 -t 1 172.16.1.11' returned exit code '2', the output was 'PING 172.16.1.11 (172.16.1.11): 56 data bytes –- 172.16.1.11 ping statistics --- 1 packets transmitted, 0 packets received, 100.0% packet loss'
(172.16.1.11 is the ip of the user)

Very Thank

eri--

Should be fixed both of them.

Thanks for teh feedback.

itsmorefun

@ermal:

Should be fixed both of them.

Thanks for teh feedback.

Nice but https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/4fa2be6d7d7e2351e60805d7cbcb7d734945adb5 not work because $cpent is an array.

With "if (empty($cpent[0]))" it work

Thank
:)

eri--

Added to the repo a better fix https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/caec9484b7ad9fdf1613db7b05955a14281b4b9c

itsmorefun

@ermal:

Added to the repo a better fix https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/caec9484b7ad9fdf1613db7b05955a14281b4b9c

Nice, it work too

BUT after start the captive portal, while nobody log on, the captiveportal.db file is not created and the
status page show:
Warning: file(/var/db/captiveportal.db): failed to open stream: No such file or
directory in /usr/local/www/status_captiveportal.php on line 67 Warning: Invalid
argument supplied for foreach() in /usr/local/www/status_captiveportal.php on line
68
;D

Thank :)

itsmorefun

Thank Ermal (https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/93ed765955f8891b985805e4d49ba96f8694c6d7)
:-)

rt_rex

I did not test the captive portal feature on 2.0 .
One thing i did not understand about dual iface captive portal.
Assuming i have CAPtive portal enable on LAN and OPT1 and the CP interfaces are in diferent subnets (10.0.0.0/24,192.168.1.0/24), how do they do the http redirect to one single address ?
Or there is a field to config the two independent URL redirect ,one for each subnet?

Thanks

eri--

It will show the same login to different subnets.
That is all up to you in your login page php code if you want to show them different things.