• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Captive Portal Allowed IPs doesnt work properly

Scheduled Pinned Locked Moved Captive Portal
5 Posts 2 Posters 458 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • G
    giyahban
    last edited by giyahban Dec 8, 2022, 11:04 PM Dec 8, 2022, 11:03 PM

    Hi, Hope all is well
    Im using pfsense in a multi-lan (vlans & seperate interfaces) and for one of the local networks Im using captive portal with radius authentication everything works good.
    I want to allow local addresses on different LANs to works without authentication so I created an allowed IP entry with 192.168.0.0/16 and "To" direction but it breaks captive portal and the users have internet without authentication
    I thought that I get To/From wrong and change it to "From" too but nothing works at all.
    What am I missing ?

    Thanks in advance.

    M 1 Reply Last reply Dec 8, 2022, 11:53 PM Reply Quote 0
    • M
      michmoor LAYER 8 Rebel Alliance @giyahban
      last edited by michmoor Dec 8, 2022, 11:55 PM Dec 8, 2022, 11:53 PM

      @giyahban looking at the documentation I would try an IP address not a whole network. Set direction to both

      https://docs.netgate.com/pfsense/en/latest/captiveportal/allowed-ip-address.html

      edit: The /16 is a big chunk. Any reason why the vlan you selected is so large. Can’t you narrow it down to the /24 or so that’s configured for the network ?

      Firewall: NetGate,Palo Alto-VM,Juniper SRX
      Routing: Juniper, Arista, Cisco
      Switching: Juniper, Arista, Cisco
      Wireless: Unifi, Aruba IAP
      JNCIP,CCNP Enterprise

      M G 3 Replies Last reply Dec 9, 2022, 12:19 AM Reply Quote 0
      • M
        michmoor LAYER 8 Rebel Alliance @michmoor
        last edited by Dec 9, 2022, 12:19 AM

        @michmoor so i tried this on my set up. I did MAC bypass. It also wasnt working UNTIL i restarted the captive portal service. Once i did that no issues.

        Its silly that you have to restart the service but i'll open a redmine to see if that can be improved.

        Firewall: NetGate,Palo Alto-VM,Juniper SRX
        Routing: Juniper, Arista, Cisco
        Switching: Juniper, Arista, Cisco
        Wireless: Unifi, Aruba IAP
        JNCIP,CCNP Enterprise

        1 Reply Last reply Reply Quote 0
        • G
          giyahban @michmoor
          last edited by giyahban Dec 9, 2022, 12:33 AM Dec 9, 2022, 12:30 AM

          @michmoor
          Thanks for your response
          No the vlan subnets are narrowed to /24 but let me illustrate my setup for you
          There are some local services and computers on the captive portal network and Im running an openvpn server on a different subnet to remote these computers and services because of the captive portal if the computers arent authenticated you cannot remotely use them via vpn too (the packet doesnt comeback from the host behind captive portal) and also there are some services on other subnet that need to be access from captive portal subnet and I dont want to be calculated as authenticated and use quota of a user
          So I tried to allow any local ips through captive portal to avoid these problems.

          The mac pass through doesnt suit my scenario
          But for the allowed IP I restart captive portal too but no success

          1 Reply Last reply Reply Quote 0
          • G
            giyahban @michmoor
            last edited by Dec 9, 2022, 12:42 AM

            @michmoor
            Oddly enough your idea about /16 being the big chunk is right!
            I added /24 subnets seperately and apparently its working fine!
            It was strange but thanks for your insight it helps a lot

            1 Reply Last reply Reply Quote 1
            4 out of 5
            • First post
              4/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received