Need hlep with Captive Portal. I had it working but I changed somthing and can't get it to work
-
Hi,
Have pfSense working and the captive portal working, but I changed a setting, and the captive portal will not show up. It is enabled and shows that it's up, but no users logged in.
I think it has to do with the DNS Forwarder, but I can't remember what settings I need with the DNS we use and how to make it work with the captive portal.
Any help would be great. I'm not sure what you need to see so please let me know.
-
@cniles I haven’t used captive portal but if you know when the change was made you can restore from history, or review recent changes:
https://docs.netgate.com/pfsense/en/latest/backup/restore.html#restoring-from-the-config-history -
Users need to be able to resolve an IP address in order to be redirected to the login page. If you changed the DNS server being passed to them and didn't add it to the pass list they will not be able to access that.
See: https://docs.netgate.com/pfsense/en/latest/troubleshooting/captiveportal.html#captive-portal-does-not-redirectSteve
-
@steveits I did try a restore, and the whole server would not work. I did two of them, thinking that one was just a mess up. I reverted back to the one that allows the WiFi to work, but the captive portal will not even show up.
-
Did you try the troubleshooting tips linked above?
What exactly is not working?
Are clients getting an IP address? Are they passed a DNS server? Can they resolve FQDNs? Can they ping the local pfSense IP?
Steve
-
@stephenw10 all clients get access to the wifi. There is just no Captive portal. Like it is not enabled, but it is. And they are getting the DNS because we use DNS filtering, which works.
-
So they are just not being redirected to the login page?
But that can enter URLs and they resolve?
Are they just blocked entirely or are they reaching those sites?
-
@cniles said in Need hlep with Captive Portal. I had it working but I changed somthing and can't get it to work:
but I changed a setting, and the captive portal will not show up
Like what ?
Disable the captive portal network interface ? (sorry, had to ask that)
No info can not generate useful info.The sited "captive-portal-does-not-redirect" link above is not some kind of optional step : you have to follow it.
Added to these steps, I'll add :
Take note of the interface on which the portal runs :
and then de activate the portal :
and save.
Get the network settings of the interface on pfSense :
and that it has a /24 mask/size (to the right of the IP)
and also check that the DHCP server is activated on that interface.
Check that the resolver has the 'good' settings :
Note : the SSL/TLS Certificate is a "don't care" here.
Now locate (physical) on pfSense and test this interface.
When you connect to it, lookup up the IP you received. It must be an IP in the portal network you've found above.
Also, what was the gateway you received ? And the DNS. These two must be identical the the pfSense IP for your portal network.What are the firewall rules for the portal interface ?
For testing purposes, you should use this rule :
Later on, you can change - or remove - this rule for more, restricting rules.
On the device your using to test, preferably a PC type device, test DNS.
It has to work.The above steps tell you that the interface works fine.
If you have any questions, tell us.
Btw : up until here, everything I've mentioned and showed is pretty 'default', no special settings are needed.
You've probably figured out that my example is using a dedicated Network for the captive portal. That's because a captive portal is a special case network : it should host devices that you don't 'trust', as it is meant to be an access for visiting devices. Your own devices should be on the default LAN interface.
This makes things easier to implement and understand. Its not mandatory.