Captive portal does not load google account authentications
I have a pfSense in version 2.4.5, which worked correctly but recently it stopped performing authentication via Google account.
I have set up an external hostpot service, which offers the option to authenticate via a Google account. But when the user tries to authenticate, sometimes it just loads and doesn't open anything, or simply gives an error (ERR_CONNECTION_TIMED_OUT).
We tested disabling captive portal and google access, it works perfectly. Which leads us to believe that it really is some captive portal configuration.
Could you help me on this issue? Please
You saw this recent blog from the Netgate FreeRadius on pfSense software for Two Factor Authentication ?
The blog uses OpenVPN authentication, but the captive portal can also use FreeRadius as an authentication source.
I know it works, as I'm using it right now : FreeRadius + Captive portal.
But ..... do not use the pfSense version 2.4.5 as it ancient, use a recent version.
edit : are you sure ? Only people with a Google account can login to the portal ? And the others ?
We also tested it in version 2.6.0, but it has the same behavior.
To summarize, when the captive portal is enabled, authentication via Google does not load, it just keeps loading but nothing happens. When the captive portal is disabled, it accesses Google normally. Google's hosts are all allowed, and so is authentication with Google's IP allowed, in the "Allowed IP Addresses" settings.
In this version 2.6.0, it still happens that we make some changes and keep loading until we get the CONNECTION_TIMED_OUT error
Google's hosts are all allowed, and so is authentication with Google's IP allowed, in the "Allowed IP Addresses" settings.
Check blog post again. No need to allow hosts.
Freeradius, running on pfSense, can access freely all IPs on the Internet, as it is just an outbound connection over WAN.
Netgate's blog post is written with pfSense 2.6.0 (or 22.05 Plus - identical I guess) and it should work.