pfSense 2.6.0 Captive Portal and Patch #12834
-
Last weekend i've finally upgraded from 2.5.2 to 2.6.0, all went fine till I hit the CP TCP only bug. Disabling the CP or adding a IP to the pass through list will help, but will render the MAC pass through and limiter useless, showstopper.
Quick I discovered Patch #12834 at Redmine, remedy in Sight! Just applied the patch and rebootet, all looks fine again! All devices at the CP interface can do TCP, UDP, Ping and so on this time just fine, BUT now they are not reachable anymore from any other Interface like WIFI or OpenVPN.
So here I am, don't know what to do, reading in 2.7.0 DEV it should be fixed and working again like with 2.6.0, but I cannot switch to bleeding edge with a productive appliance. Maybe downgrading to 2.5.2 again?
Any help would be much appreciated, maybe there is patch or workaround I've overseen somewhere?
Thanks!
-
Install the System Patches pfSense package.
It contains some build in patches for 2.6.0.I'm not using 2.6.0 anymore, I switches to 22.05 = pfSense plus.
The TCP only bug was a nasty one, but solution were provided in the forum. -
@gertjan I did that already, but this patch has the side effect that devices are no longer reachable from other interfaces after that.
Eg. a Remote user cannot login into RDP over OpenVPN, although firewall rules are in place and had been working in 2.5.2 and prior.
Reverting the patch and all works but CP is TCP only again.
-
@bismarck said in pfSense 2.6.0 Captive Portal and Patch #12834:
Reverting the patch
What patch ?
RDP using OpenVPN, comes in over WAN.
How is that related to a captive portal interface ? -
@gertjan said in pfSense 2.6.0 Captive Portal and Patch #12834:
@bismarck said in pfSense 2.6.0 Captive Portal and Patch #12834:
Reverting the patch
What patch ?
Patch #12834
RDP using OpenVPN, comes in over WAN.
How is that related to a captive portal interface ?I know it shouldn't.
Okay, let mel explain. We have CP enabled at the LAN/WIFI interface, ppl login via OpenVPN and do RDP to their devices or from the WIFI to the LAN interface.
Applying Patch #12834 will fix the TCP only bug but devices on the CP enabled interface are no more reachable from any other interface.
-
@bismarck
Ah, ok, yes, RDP is UDP, so a user from the captive portal, who couldn't do any UDP any more, can't do RDP, (and DNS and whatsapp etc - without UDP, a lot breaks.)@bismarck said in pfSense 2.6.0 Captive Portal and Patch #12834:
but devices on the CP enabled interface are no more reachable from any other interface.
I don't get that part.
A captive portal is a collection of non trusted users.You want to connect to a user (device) that is present on the captive portal .... that's seems wrong to me. You are of course free to do what you want ^^
For me, "A captive portal is a collection of non trusted users", not some collection of devices that offer services to me, as such devices belong to another network, as these devices work for me.
A captive portal is just a network that permits you to give Internet access to a lot of muppets, sorry, users, because you are so friendly to do so.
No one connects to muppets (stay away from muppets). -
@gertjan well yes but actually no
CP is a quick way to limit access and bandwidth per device/mac, so it depends on you point of view and use case. ;)
For me it would be nice to have the CP working again like 2.5.2 and prior.
-
You're only using it to limit bandwidth per device in the LAN?
You should just use the Limiters directly for that rather than via the CP.
Steve
