Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfsense + Captive portal blocking ping

    Scheduled Pinned Locked Moved Captive Portal
    13 Posts 5 Posters 3.6k Views 5 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W Offline
      WorldDrknss @D3messiah
      last edited by

      @d3messiah I think we have a similar issue: https://forum.netgate.com/topic/169968/mac-passthrough it appears that when using MAC pass-through the firewall rules for that network are not honored.

      D 1 Reply Last reply Reply Quote 0
      • D Offline
        D3messiah @WorldDrknss
        last edited by D3messiah

        @worlddrknss did you upgarde from 2.6.0 fresh install ?
        I an trying to make another pf box from old hp-t610 using vlan as wan. since it has 1 nec, but I keep getting some problem too.
        cant get an IP but ig gets gateway from dhcp server. 11.jpg 12.jpg It function for few hours then the problem start :(. I like to reinstall the pf+ will use 2.6.0 isntead.

        W GertjanG 2 Replies Last reply Reply Quote 0
        • L leofox referenced this topic on
        • W Offline
          WorldDrknss @D3messiah
          last edited by

          @d3messiah I believe this is a CP issue in 2.6.0. MAC-Passthrough are technically unauthenticated systems and ipfw is blocking certain access to the network. Eg why internet access works but ping wont work (for me I can ping only on the vlan interface set in the CP).

          D 1 Reply Last reply Reply Quote 0
          • D Offline
            D3messiah @WorldDrknss
            last edited by

            @worlddrknss Ok i will try 2.5.2 .

            1 Reply Last reply Reply Quote 0
            • GertjanG Online
              Gertjan @D3messiah
              last edited by

              @d3messiah

              Your posting in the sub section "Captive portal".

              But :

              3fa3b6a6-ee8b-45f0-a140-9e5ecaf4ee44-image.png

              which means : WAN is not connected. That's what I call a major issue. Not only the portal doesn't work any more : "nothing" will work.
              That is, there is a link, but the DHCP client running on WAN didn't get an IP from the upstream DHCP server so there will be no traffic.
              That should be resolved first. Start by looking in the DHCP log - de "dhclient" lines. I bet it tries to DHCPDISCOVER something, but no answers ....

              Btw : life iwill be simpler as soon as you slide into your VM host a dedicated Ethernet card reserved exclusivity for the VM running the pfSense WAN. You can share the LAN interface for internal and external LAN networking.
              You won't be needing VLAN any more, thus simplifying your setup.

              If there was a VLAN issue with 2.6.0, then where are the thousands of users impacted by a VLAN bug in 2.6.0 ??

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              D 2 Replies Last reply Reply Quote 0
              • D Offline
                D3messiah @Gertjan
                last edited by

                This post is deleted!
                1 Reply Last reply Reply Quote 0
                • D Offline
                  D3messiah @Gertjan
                  last edited by D3messiah

                  @gertjan FIrst I am not using a Vm. as i Said it is ang HPt610 which has only 1 ethernet port I use the phusical as lan while two vlans as wans.
                  I also check the modem's dhcp log the pfsense indeed was issued an ip address. I have try this with 2.6.0 twice same result. One time it work for about two hours then suddenly connection was cut and cannot get IP again from ISP modem.

                  With pfsense 2.5.x vlans works without any problem.
                  Anyway I reverted to 2.5.2 and it is smooth. Will try again 2.6.x as soon as they release new upgrade.

                  Edit. I use RB260GS as my smart switch. Maybe its the config in my Mikrotic, but its working fine with 2.5.2
                  below is my vlan and VLANS setting.
                  3535e6e6-8d3c-476a-8861-b02463c926a3-image.png
                  Vlans port 2 as the pfsense trunk. port 3 and 4 are wan1 and wan2 , port 4 is the hybrid to my lan while port1 is for access point since port1 has POE supply.
                  439651da-8c4f-4493-85ab-303428071d6c-image.png

                  this works fine with 2.5.2

                  1 Reply Last reply Reply Quote 0
                  • B Offline
                    bobcat05
                    last edited by

                    I can also confirm this issue. I recently upgraded to 22.01 on my Netgate 1100 appliance.

                    Users authenticate via a freeradius server with Pass-through MAC automatic additions enabled. Before, once a user authenticated and got past captive portal, nothing was blocked as the only firewall rule on that interface was to allow any IPv4 traffic, anywhere.

                    After the upgrade, those with authenticated MAC addresses are only allowed basic web traffic. I can no longer connect to a VPN, ping DNS servers outside the network, or even ping the WAN address or gateway address. The only fix is to disable Captive Portal which I obviously don't want to do.

                    The network diagram is:

                    Modem >> Netgate 1100 >> UniFi Switch >> UniFi Access Points

                    The UniFi switch is connected to the OPT1 (192.168.10.1/24) interface on the router that captive portal is active on. I've got a dumb switch connected to the LAN (192.168.1.1/24) interface that connects all the wired PC's in our office.

                    D 1 Reply Last reply Reply Quote 0
                    • D Offline
                      D3messiah @bobcat05
                      last edited by

                      @bobcat05 I reverted back to 2.5.2. if you do don't install fresh 2.5.2, install first 2.5.0 then upgrade to 2.5.2 if you install direct 2.5.2 you wont be able to run wireguard.
                      2.5.0 no longer in netgate official download try to google it

                      B 1 Reply Last reply Reply Quote 0
                      • B Offline
                        bobcat05 @D3messiah
                        last edited by

                        @d3messiah that is what I ended up doing. I opened up a support ticket and requested access to firmware... which in my case was 21.05-RELEASE.

                        Connected to the console port of the Netgate 1100, installed the image, and restored my old config - now everything works just fine again.

                        ? 1 Reply Last reply Reply Quote 0
                        • ? Offline
                          A Former User @bobcat05
                          last edited by A Former User

                          @bobcat05
                          I can confirm I had similar problems after upgrading to 2.6.0.
                          Setup: pfsense 2.6.0 with Unifi AP's and captive portal.

                          My first indication is that 3 different Mibox devices, running Android TV, came up with "internet connection problems". On the settings page I could see "connection, but no internet".

                          Most application on the mibox did not work, no amazon prime, no youtube, no vrtnu, ... BUT netflix worked.

                          Ipad and android phones did work however.
                          Linux / Windows laptops also seem to work.

                          On the Unifi Network Management Station I got "STUN" errors on the access points after the upgrade.

                          Disabling the captive portal and re-connecting the clients fixed the problems.
                          The STUN errors on Unifi also disappeared.

                          GertjanG 1 Reply Last reply Reply Quote 2
                          • GertjanG Online
                            Gertjan @Guest
                            last edited by

                            Read https://forum.netgate.com/topic/170300/new-system-patches-v2-0?_=1646343673426 - Apply patch (Redmine #12834) and case closed.

                            No "help me" PM's please. Use the forum, the community will thank you.
                            Edit : and where are the logs ??

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.