Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Wireguard and Captive portal

    Scheduled Pinned Locked Moved Captive Portal
    4 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jenyabutakov
      last edited by

      Hi, Everyone!

      Does anyone has a setup with Wireguard tunnel landed on PF with Captive portal authentication?
      I can't make mine working. Wireguard connection - no problem. DNS resolver is configured for resolution of portal.<my_domain>to WG tunnel address and forwarding of DNS queries. Clients configuration have DNS server configured as WG interface ip. Firewall rules for wireguard interface allows DNS(actually I've also tried to set it wide open with the same result). Client is resolving portal.<my_domain> to correct IP address and getting ICMP replies from firewall. I have wildcard ACME certificate for my domain installed to firewall.
      I'm not getting a splash page. No redirection at all. Tetsed on Win and Apple ddevices
      CP auth logs shows:
      Jan 28 10:11:28 logportalauth 93198 Zone: wireguard0 - ERROR: unauthenticated, noclientmac, 192.168.31.10

      I think it worth to mention that I've recently updated FW software from 2.5 to 2.7.2

      Any thoughts? Thanks!

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @jenyabutakov
        last edited by

        @jenyabutakov said in Wireguard and Captive portal:

        noclientmac

        The captive portal needs to 'see' the device's MAC address.
        After all, it's the MAC and the IP of the device that are used to create a pass rule for the device after the login page.

        Try with this option :

        a55d91f9-3e86-4459-af7f-e6b9d6fb3f6e-image.png

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        J 1 Reply Last reply Reply Quote 1
        • J
          jenyabutakov @Gertjan
          last edited by jenyabutakov

          @Gertjan thanks!
          It is definitely a shift to a positive direction. Now this error (noclientmac) has gone, but I still have no redirection to portal page.
          However now I have access to portal page manually via https://<my domain name>:8003/index.php?zone=wireguard0
          After clicking on I agree with a stuff that nobody ever reads I got record in users in captive portal (saying username as unauthenticated - which I presume is fine because I don't want an authentication on this step). Still no network access though. I believe firewall rules are not being created.
          Thoughts?
          Thanks

          J 1 Reply Last reply Reply Quote 0
          • J
            jenyabutakov @jenyabutakov
            last edited by

            @jenyabutakov said in Wireguard and Captive portal:

            @Gertjan thanks!
            It is definitely a shift to a positive direction. Now this error (noclientmac) has gone, but I still have no redirection to portal page.

            PS: Tested the same with LAN interface - working like a charm

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.