Captive Portal NOT working in 2.7.0

prochid

Hi all,
I did an upgrade hoping to get the best of the new build but I was met with a long weekend of no success.
Thankfully I had a snapshot taken before the upgrade so I am back to 2.6.0.

I then did a lab fresh install using the 2.7.0 iso and it was the same challenge. everything seems to go south with Captive Portal no matter how I configured it.
I have not seen many reports from the captive portal side except it was moved from ipfw to pf, honestly, I don't understand, does that mean the CE version will no longer work?

Any suggestion is greatly welcome.

Regards.

Gertjan

@prochid said in Captive Portal NOT working in 2.7.0:

does that mean the CE version will no longer work?

Read pfSense CE 2.7.0 Software and pfSense Plus 23.05.1 Software Now Available for Upgrades.

You are also invited to read the release notes.

Over there, you will find info like this : Captive Portal : a whole lot of fixes.

No where I saw something like : "the fixed don't matter, we disabled the portal in pfSense 2.7.0".

So don't worry. It's the usual case : The portal works fine, it only doesn't work for you.

There are several captive portal Official Netgate Videos available here. They are old, but still very valid.

prochid

@Gertjan said in Captive Portal NOT working in 2.7.0:

So don't worry. It's the usual case : The portal works fine, it only doesn't work for you.
OUCH!!!

Gertjan

@prochid

Not Ouch, get the positive side of things : if it was broken for everybody, then there would be a lot of feedback here in the forum. Because the other explanation would be : you are the only one using 2.7.0 that uses the captive portal ... so you are the only one hitting an issue ?

I have to add : when 2.6.0 came out, there were posts about a strange captive portal issue 24 hours after the day of after release. Some smart guy didn't say "doesn't work", but : TCP works, but no ICMP, no UDP. That was a show stopper for real as. A solution was found a coupe of hours later.

So, do you have any details ?

Edit :

I've just compared the two main captive portal files :
/usr/local/captiveportal/index and source (Master branch github 2 .7.0)
/etc/inc/captiveportal.inc ans source (Master branch github 2.7.0)

Even if I'm using 23.05.1, I have exactly the same files.

The operation "ipfw to pf" started for me in 22.05 (or even earlier) - was already better in 23.05 and looks 'fine to me' in 23.05.1. So, the pfSense Plus version was more or like a test play ground, and when stable and usable, it was back-ported to 2.7.0.

edit 2 : and maybe a solution : get pfSense Plus as I know it works .... as my (hotel) clients would become aggressive if the "wifi" doesn't work.

edit 3 : more (in)direct proof that it works :

prochid

@Gertjan
A big thanks to you for making me review everything, discovered the error, and was able to resolve it.
I was using a VLAN to run the captive portal while the main LAN was for private use.

Gertjan

@prochid

Great !
Can you look at Problem Captive Portal pfSense 2.7 with allowed ip addresses ?

Connect a device to the portal.
Login.
Note it's IP address.
Disconnect the device in the GUI dashboard.
Add the IP to the "Allowed IP addresses" on the pfSense captive portal settings.
Login the device again : No login page and the device is connected to the Internet (it doesn't show up in the dashboard, that's normal)?

bendida

@Gertjan
we are still waiting for the test of allowed ip address ?
thanks.

prochid

@Gertjan

Hi,
yes, it is normal. Allowed IP working and does not show up under Captive Portal since it's a bypass.

bendida

@prochid thank you