Captive portal not working in RC1? Status?



  • Ok, I've setup captive portal correctly, and added some different FW rules, one allowing some specific traffic into the LAN (I have captive portal active only on OPT1) and all this seem to work as intended, when traffic flows.

    There's just one problem, the captive portal doesn't seem to stop any traffic at all. I've seen some different discussions on it not working in various versions and am not sure what status is right now. (Also, I wasn't aware that there was any later RCs at all! The banner at this page only refer to the RC1 being available, via a blog post.)

    So, assuming captive portal is broken in RC1, will it work in RC3, and will that upgrade introduce any other problems? I have made extensive work on my install the latest week and everything works now, except captive portal then, but I really don't have any time for any new problems right now, so some comment on this would be appreciated.

    TIA,



  • Replying to myself…

    I have now applied "pfSense-Full-Update-1.2.3-20091004-0733" and captive portal still doesn't work.

    Exactly the same behavior as with RC1. All routing and firewalling to the extra physical interface seem to be correct and working.

    What could I possible be doing wrong, if anything? "Enable captive portal" is ticked and interface is active and working. I have a client accessing that interface via an AP connected to that interface and that client can surf anywhere without seeing any logon screen.

    And yes, I have "Local user manager" chosen under "Authentication", not "No authentication".

    In what versions are captive portal known to be working?

    BTW: I am sure it worked in 1.2.2, I once switched it on to see how it worked.

    TIA,



  • Still replying to myself…

    I now use:

    1.2.3-RC3
    built on Sun Oct 4 07:33:41 UTC 2009
    FreeBSD 7.2-RELEASE-p4 i386

    and c.portal still doesn't work.

    I thought that someone would have some kind of tip on troubleshooting.
    As previously noted I have had c.portal active in earlier versions of pfS so I'm not so humble when it comes to me doing things wrong here, unless internal workings have altered somehow.

    I have tried to reboot after enabling but that changes nothing.

    TIA,

    --- Adding..

    I now actually found some differences between browsers, but still no working c.portal

    When using Ffox:

    When changing cportal setting, turning it on, Ffox stops dead and cannot reload opened pages untill I reboot pfS

    MSIE:

    When using MSIE at the same time I can verify that this is not the case, when doing the same I can reload opened pages in MSIE BUT when doing so (and having turned on the portal) traffic still flows through the MSIE browser without being stopped.

    Can anyone explain this?

    --- Added info:

    Installed packages:

    Backup
    Dashboard
    FreeSWITCH
    Lightsquid
    TFTP
    arping
    bandwidthd
    darkstat
    freeradius
    imspector
    phpSysInfo
    squid
    squidGuard
    vnstat

    squidguard is the only one not started



  • Try adding your DNS ips to the allowed IP addresses as "to" ips. I did this and it fixed the problem.



  • Wow, do you need all of those packages? I have seen reports of squid not working with the captive portal. Try removing squid and testing.



  • I have squid running on my install and captive portal worked fine, just had to had the dns ips to the to- allowed.



  • @htgtech:

    Try adding your DNS ips to the allowed IP addresses as "to" ips. I did this and it fixed the problem.

    Thanx for the tip, will try. (I don't remember doing any such thing earlier when I tested it and got it to work. But will test.



  • @dotdash:

    Wow, do you need all of those packages? I have seen reports of squid not working with the captive portal. Try removing squid and testing.

    :) Well a few of them provide very useful features. I think one, freeradius, could/should if possible, be part of the main system.

    I would guess that the following would "never" (or perhaps "not likely") impact on main networking components or disrupt main services of the system:

    Backup
    TFTP
    arping
    freeradius

    They are either separate services or more client type apps.

    The rest I think feels like they are closer to interfaces etc and perhaps could cause problems in theory.

    These provide functionalities that to different degrees are present in the system:

    bandwidthd
    darkstat
    vnstat

    I do however think bandwidthd and vnstat are somewhat useful occasionally.

    Cheers,



  • @htgtech:

    I have squid running on my install and captive portal worked fine, just had to had the dns ips to the to- allowed.

    Perhaps you could lend some insight to this thread: http://forum.pfsense.org/index.php/topic,20097.0.html



  • I have to do some more testing (I had a large value of timeout set at first) but it looks like your tip on entering ISP's IPs works!

    Thanks htgtech! I have waited a long time for someone to help me solve this.

    However.. I do not understand why that worked, the interface where the portal is now active uses pfSense internally on that interface as DNS through DHCP, why would entering any other DNS into "allowed addresses" solve this problem? Obviously I'm missing something there..

    I use squid in transparent mode on this interface as well and it seems to work, I never disabled squid during these testing.

    Thanks,



  • Well this seem not to be very stable, I'll start a new thread..


Log in to reply