Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    1.2.3 RC3 Captive Portal not working..no Redirection

    Scheduled Pinned Locked Moved Captive Portal
    21 Posts 7 Posters 14.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kapara
      last edited by

      My LAN is 172.20.30.0/16

      My OPT1 is 172.20.40.0/24

      DHCP is set to 172.20.40.100-200 on OPT1.

      Captive Portal is set on OPT1 with local passwords.

      When users connect to public Wifi network on OPT1 they are not redirected to login portal page.  They are instantly connected bypassing any auth requirements.  I have wiped my Alix and tried creating a vanilla setup without all of the rules….etc...

      Not sure why this is not working as I used to do this in the past with much older versions....meaning LAN (Private) OPT1 (Public) with Portal access....

      When I type http://172.20.40.1 in the browser I get the auth page but only when I type it in.

      http://172.20.40.1:8000/index.php?redirurl=http%3A%2F%2F172.20.40.1%2F

      The switch that it is connected to is a Cisco switch configured with vlans.  172.20.40.0 is on vlan 40.  But only vlan40 is configured on that port and no other vlan.

      Is it because the traffic is being tagged with that vlan?

      I tried assigning vlan40 to OPT1 interface but no luck.

      OPT1 is 172.20.40.1/24

      DHCP issues Gateway of 172.20.40.2 (IP of VLAN 40) on Cisco switch.

      Could be I did it with m0n0wall since it was yrs ago.....

      Please help....

      Skype ID:  Marinhd

      1 Reply Last reply Reply Quote 0
      • M
        mikesamo
        last edited by

        I got the same problem

        1 Reply Last reply Reply Quote 0
        • dotdashD
          dotdash
          last edited by

          @kapara:

          My LAN is 172.20.30.0/16

          My OPT1 is 172.20.40.0/24

          If this is not a typo, you need to fix it.

          1 Reply Last reply Reply Quote 0
          • K
            kapara
            last edited by

            It's because I have 3 subnets connected to the LAN interface.

            172.20.30.0/24
            172.20.20.0/24
            172.20.10.0/24

            Skype ID:  Marinhd

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              Someone else in another thread had a similar issue and it ended up being squid causing the bypass.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • K
                kapara
                last edited by

                hmmm..not using squid.

                Skype ID:  Marinhd

                1 Reply Last reply Reply Quote 0
                • D
                  danswartz
                  last edited by

                  @kapara:

                  It's because I have 3 subnets connected to the LAN interface.

                  172.20.30.0/24
                  172.20.20.0/24
                  172.20.10.0/24

                  that doesn't change the basic point: you should not have overlapping subnets.  try something like OPT1 being 172.20.128.0/24 and make the LAN subnet mask /17 (or whatever?)

                  1 Reply Last reply Reply Quote 0
                  • K
                    kapara
                    last edited by

                    yes..I understand that now.  Was wondering if that was the reason for CP not working….

                    Skype ID:  Marinhd

                    1 Reply Last reply Reply Quote 0
                    • D
                      danswartz
                      last edited by

                      no idea.  try fixing it and see :)

                      1 Reply Last reply Reply Quote 0
                      • H
                        htgtech
                        last edited by

                        I have the same problem running the embedded version of the software, I can get the captive portal to work fine on a full live cd install. I wonder if there is something missing in the embedded version… Only difference was I ran captive portal on the lan on the full install and on the wireless or opt2 on the embedded. It shouldn't matter which interface it is set up on though. Everything else was set up exactly the same.

                        UPDATE...

                        Did you set up passthrough for your dns ips?? As soon as I did that the captive portal kicked right in... That was the one difference I had between the 2 setups.

                        1 Reply Last reply Reply Quote 0
                        • K
                          kapara
                          last edited by

                          What do you mean by passthrough?  Is that a checkbox on one of the DNS pages?  Or do you mean a firewall rule of some kind?

                          Thanks,

                          Mark

                          Skype ID:  Marinhd

                          1 Reply Last reply Reply Quote 0
                          • H
                            htgtech
                            last edited by

                            in the captive portal page there is a tab at the top "Allowed IP addresses"

                            click on that

                            in there you click add "+"

                            chose "to" in the direction

                            put the dns ip in the ip address field

                            add your description *dns1" or whatever you want

                            then click save

                            make sure to make one for each dns ip you have for failover purposes

                            1 Reply Last reply Reply Quote 0
                            • K
                              kapara
                              last edited by

                              Still have the same problem.  No problem accessing the internet….

                              and I made the changes... IE

                              OPT1 172.20.128.0/24 with OPT1 interface 172.20.128.1

                              LAN 172.20.30.0/17 with LAN interface 172.20.30.1

                              Whenever I connect on that subnet I automatically get internet access no page redirect at all.  ???

                              Skype ID:  Marinhd

                              1 Reply Last reply Reply Quote 0
                              • K
                                kapara
                                last edited by

                                Sooooooooo fustrating….

                                Another interesting fact...

                                I cannot ping the OPT1 int ip of 172.20.128.1 unless I open a browser and go the http://172.20.128.1 and then it give me the portal page.  After I log in I can ping the OPT1 int ip.

                                This should be an easy config...

                                Skype ID:  Marinhd

                                1 Reply Last reply Reply Quote 0
                                • dotdashD
                                  dotdash
                                  last edited by

                                  What are your OPT1 rules like? I have a similar setup on nano rc3 running fine. LAN is open, OPT1 is the wireless card, on a separate subnet. My OPT1 rules are:
                                  BLOCK * OPT1 net * LAN net * *  Wireless not allowed to access LAN
                                  PASS  *  OPT1 net * * * *          Wireless allowed out

                                  I have nothing in the Allowed IP addresses in the CP config. Wireless clients are getting DHCP/DNS from pfSense.

                                  1 Reply Last reply Reply Quote 0
                                  • D
                                    danswartz
                                    last edited by

                                    I think you can make this one rule.  Make the destination !LAN?

                                    1 Reply Last reply Reply Quote 0
                                    • jimpJ
                                      jimp Rebel Alliance Developer Netgate
                                      last edited by

                                      I also have CP working fine on nano, it didn't take anything special. Not even any special allow rules for IPs.

                                      I posted my settings in another thread.

                                      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                                      Need help fast? Netgate Global Support!

                                      Do not Chat/PM for help!

                                      1 Reply Last reply Reply Quote 0
                                      • M
                                        mikesamo
                                        last edited by

                                        same problem with squid lastest version

                                        1 Reply Last reply Reply Quote 0
                                        • jimpJ
                                          jimp Rebel Alliance Developer Netgate
                                          last edited by

                                          Has squid ever worked with Captive Portal?

                                          I didn't think the two were compatible, but I could be wrong (I don't use CP much)

                                          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                                          Need help fast? Netgate Global Support!

                                          Do not Chat/PM for help!

                                          1 Reply Last reply Reply Quote 0
                                          • E
                                            eri--
                                            last edited by

                                            Only on 2.0 i think it will work right.
                                            Even there i think some tweaking is needed for this..

                                            Try on 2.0 if it does not work open a bug report on redmine.pfsense.org.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.