Apple devices not automatically opening CP Login
-
Hello,
I am having an issue with Apple Devices (both phones, iPads and Macs) not automatically opening the Captive Portal Login page. This seems to have started since enabling the https login page - but I could be jumping to conclusions.
I should stress, the CP is working fine and when users open safari and browse to any http site the CP login shows up and allows them to login. The issue is just that the login is not showing up as soon as they connect to the network - this is still working fine on Windows and Android devices.
captive.apple.com et al seems to be working fine. If a user opens safari and goes to one of the known apple CP test pages the login shows so that appears to be working - it's just the automatic nature of it that isn't working and that's got me stumped.
I read the article from apple here: https://developer.apple.com/news/?id=q78sq5rv and I have added a text option to the PFSense DHCP > Pointing to: *https://guest-wifi.***school.org.uk:8003/captiveportal-portalAPI.php A PHP page I made and uploaded to PFS that outputs JSON with values specifying https://guest-wifi.****school.org.uk:8003/index.php?zone.... but this has not made any difference.
If anyone has insight or tips to solve this issue, that would be great.
-
You are using the latest iOS 15, or 14.8 ?
-
I upgraded an iPhone to 15.02.
The captive portal works fine.@robinwright said in Apple devices not automatically opening CP Login:
since enabling the https login page
I use https login for years now. Thanks to Letsencrypt and the acme.sh pfSense package this became a no-brainer.
-
@gertjan Hi,
our clients are using a mix of iOS 14 and 15.Do use any filtering? We used to use squidguard, but recently switched to using pfBlockerNG.
-
@robinwright said in Apple devices not automatically opening CP Login:
Do use any filtering?
I'm not filtering, caching or whatever on my captive portal.
I use the captive portal so I can offer an controlled access to the Internet.
I'm not controlling content, as I think I have no right doing that. And I don't care.
If these people (adults) want to visit "the-worst-site-on-the-web.tld" than that is in their right. They want to look at all the publicity ? Perfect to me.
I offer internet "as it is", and not looking to store traffic they generated, or sites they visited.Ok, true, I use pfBlockerNG (latest) and ones in a while I have pfBlockerNG also filter the clients on the captive portal interface. More for testing purposes, actually.
The film "Ready player one" (and Facebook themselves) gave me a good idea recently : No FB Fridays and Sundays.[ I'm joking ]
Clients that use my captive portal and try to launch nukes from their hotel room using our Internet access, they will use a VPN - which makes any filtering on my side useless.
The good old 'http' only days are over.
