Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive Portal Allowed IPs doesnt work properly

    Scheduled Pinned Locked Moved
    Captive Portal
    2
    5
    285
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      giyahban
      last edited by giyahban

      Hi, Hope all is well
      Im using pfsense in a multi-lan (vlans & seperate interfaces) and for one of the local networks Im using captive portal with radius authentication everything works good.
      I want to allow local addresses on different LANs to works without authentication so I created an allowed IP entry with 192.168.0.0/16 and "To" direction but it breaks captive portal and the users have internet without authentication
      I thought that I get To/From wrong and change it to "From" too but nothing works at all.
      What am I missing ?

      Thanks in advance.

      M 1 Reply Last reply Reply Quote 0
      • M
        michmoor LAYER 8 Rebel Alliance @giyahban
        last edited by michmoor

        @giyahban looking at the documentation I would try an IP address not a whole network. Set direction to both

        https://docs.netgate.com/pfsense/en/latest/captiveportal/allowed-ip-address.html

        edit: The /16 is a big chunk. Any reason why the vlan you selected is so large. Can’t you narrow it down to the /24 or so that’s configured for the network ?

        Firewall: NetGate,Palo Alto-VM,Juniper SRX
        Routing: Juniper, Arista, Cisco
        Switching: Juniper, Arista, Cisco
        Wireless: Unifi, Aruba IAP
        JNCIP,CCNP Enterprise

        M G 3 Replies Last reply Reply Quote 0
        • M
          michmoor LAYER 8 Rebel Alliance @michmoor
          last edited by

          @michmoor so i tried this on my set up. I did MAC bypass. It also wasnt working UNTIL i restarted the captive portal service. Once i did that no issues.

          Its silly that you have to restart the service but i'll open a redmine to see if that can be improved.

          Firewall: NetGate,Palo Alto-VM,Juniper SRX
          Routing: Juniper, Arista, Cisco
          Switching: Juniper, Arista, Cisco
          Wireless: Unifi, Aruba IAP
          JNCIP,CCNP Enterprise

          1 Reply Last reply Reply Quote 0
          • G
            giyahban @michmoor
            last edited by giyahban

            @michmoor
            Thanks for your response
            No the vlan subnets are narrowed to /24 but let me illustrate my setup for you
            There are some local services and computers on the captive portal network and Im running an openvpn server on a different subnet to remote these computers and services because of the captive portal if the computers arent authenticated you cannot remotely use them via vpn too (the packet doesnt comeback from the host behind captive portal) and also there are some services on other subnet that need to be access from captive portal subnet and I dont want to be calculated as authenticated and use quota of a user
            So I tried to allow any local ips through captive portal to avoid these problems.

            The mac pass through doesnt suit my scenario
            But for the allowed IP I restart captive portal too but no success

            1 Reply Last reply Reply Quote 0
            • G
              giyahban @michmoor
              last edited by

              @michmoor
              Oddly enough your idea about /16 being the big chunk is right!
              I added /24 subnets seperately and apparently its working fine!
              It was strange but thanks for your insight it helps a lot

              1 Reply Last reply Reply Quote 1
              • First post
                Last post