1.2.3 RC3 Captive Portal not working..no Redirection



  • My LAN is 172.20.30.0/16

    My OPT1 is 172.20.40.0/24

    DHCP is set to 172.20.40.100-200 on OPT1.

    Captive Portal is set on OPT1 with local passwords.

    When users connect to public Wifi network on OPT1 they are not redirected to login portal page.  They are instantly connected bypassing any auth requirements.  I have wiped my Alix and tried creating a vanilla setup without all of the rules….etc...

    Not sure why this is not working as I used to do this in the past with much older versions....meaning LAN (Private) OPT1 (Public) with Portal access....

    When I type http://172.20.40.1 in the browser I get the auth page but only when I type it in.

    http://172.20.40.1:8000/index.php?redirurl=http%3A%2F%2F172.20.40.1%2F

    The switch that it is connected to is a Cisco switch configured with vlans.  172.20.40.0 is on vlan 40.  But only vlan40 is configured on that port and no other vlan.

    Is it because the traffic is being tagged with that vlan?

    I tried assigning vlan40 to OPT1 interface but no luck.

    OPT1 is 172.20.40.1/24

    DHCP issues Gateway of 172.20.40.2 (IP of VLAN 40) on Cisco switch.

    Could be I did it with m0n0wall since it was yrs ago.....

    Please help....



  • I got the same problem



  • @kapara:

    My LAN is 172.20.30.0/16

    My OPT1 is 172.20.40.0/24

    If this is not a typo, you need to fix it.



  • It's because I have 3 subnets connected to the LAN interface.

    172.20.30.0/24
    172.20.20.0/24
    172.20.10.0/24


  • Rebel Alliance Developer Netgate

    Someone else in another thread had a similar issue and it ended up being squid causing the bypass.



  • hmmm..not using squid.



  • @kapara:

    It's because I have 3 subnets connected to the LAN interface.

    172.20.30.0/24
    172.20.20.0/24
    172.20.10.0/24

    that doesn't change the basic point: you should not have overlapping subnets.  try something like OPT1 being 172.20.128.0/24 and make the LAN subnet mask /17 (or whatever?)



  • yes..I understand that now.  Was wondering if that was the reason for CP not working….



  • no idea.  try fixing it and see :)



  • I have the same problem running the embedded version of the software, I can get the captive portal to work fine on a full live cd install. I wonder if there is something missing in the embedded version… Only difference was I ran captive portal on the lan on the full install and on the wireless or opt2 on the embedded. It shouldn't matter which interface it is set up on though. Everything else was set up exactly the same.

    UPDATE...

    Did you set up passthrough for your dns ips?? As soon as I did that the captive portal kicked right in... That was the one difference I had between the 2 setups.



  • What do you mean by passthrough?  Is that a checkbox on one of the DNS pages?  Or do you mean a firewall rule of some kind?

    Thanks,

    Mark



  • in the captive portal page there is a tab at the top "Allowed IP addresses"

    click on that

    in there you click add "+"

    chose "to" in the direction

    put the dns ip in the ip address field

    add your description *dns1" or whatever you want

    then click save

    make sure to make one for each dns ip you have for failover purposes



  • Still have the same problem.  No problem accessing the internet….

    and I made the changes... IE

    OPT1 172.20.128.0/24 with OPT1 interface 172.20.128.1

    LAN 172.20.30.0/17 with LAN interface 172.20.30.1

    Whenever I connect on that subnet I automatically get internet access no page redirect at all.  ???



  • Sooooooooo fustrating….

    Another interesting fact...

    I cannot ping the OPT1 int ip of 172.20.128.1 unless I open a browser and go the http://172.20.128.1 and then it give me the portal page.  After I log in I can ping the OPT1 int ip.

    This should be an easy config...



  • What are your OPT1 rules like? I have a similar setup on nano rc3 running fine. LAN is open, OPT1 is the wireless card, on a separate subnet. My OPT1 rules are:
    BLOCK * OPT1 net * LAN net * *  Wireless not allowed to access LAN
    PASS  *  OPT1 net * * * *          Wireless allowed out

    I have nothing in the Allowed IP addresses in the CP config. Wireless clients are getting DHCP/DNS from pfSense.



  • I think you can make this one rule.  Make the destination !LAN?


  • Rebel Alliance Developer Netgate

    I also have CP working fine on nano, it didn't take anything special. Not even any special allow rules for IPs.

    I posted my settings in another thread.



  • same problem with squid lastest version


  • Rebel Alliance Developer Netgate

    Has squid ever worked with Captive Portal?

    I didn't think the two were compatible, but I could be wrong (I don't use CP much)



  • Only on 2.0 i think it will work right.
    Even there i think some tweaking is needed for this..

    Try on 2.0 if it does not work open a bug report on redmine.pfsense.org.


  • Rebel Alliance Developer Netgate

    Thanks for the clarification, ermal. I suspected as much but it's nice to know for sure.


Log in to reply