Captive Portal on PFSense does not trigger be it wired or wireless.
-
Re: Captive portal - what am i missing
Hello, This will be my first post in the community as I'm new to both networking and PFSense.
I recently urged my manager into getting a new Netgate PFSense for testing and emulating a basic network, and I'm trying to setup 3 VLANS on one physical port as follows:VLAN 10 for Management, this is where i expect Switches and Access Points to land on.
VLAN 20 for IoT, anything that i don't want on my secure network.
VLAN 30 for Guest Network, I expect this one to have a captive portal.For the LAB setup, I expect to take one link from my PFSense and connect it to an Aruba Instant On managed switch with VLANs, which in turn has a single Aruba instant On Access Point that will broadcast my different SSIDs for the different networks.
After two days of testing, I got the network to function as intended, all up to the point where the captive portal comes in the picture.
-If CP is disabled on VLAN 30
My phone grabs an IP address on that network, and I can normally browse the internet.-If CP is enabled on VLAN 30:
My phone grabs an IP address on that network, and no CP will trigger.
I cannot navigate to any website and DNS will be blamed by the web browser.
I can call the CP MANUALLY by typing the address in the thread referenced in the beginning of this post, and the netgate with love CP will appear, then i can sign in and actually connect to the internet.
This aside, I spent around two hours today to test the same setup with a Mikrotik CCR, and i get a CP out of the device, the Aruba switch and AP configuration remains unaltered.
Can someone please provide insights into this?
I spent a few hours researching it and i got no answer as of yet, i really like how user friendly the PFSense is and would love to get the hang of it. Any help is appreciated. -
How do you have the CP configured?
Almost any recent OS will detect the redirect and pop-up an alert. What are you testing with? Have you tested from different client types? Different browsers?
DNS being blocked is a common cause of this.
Steve
-
Basic setup, I changed the portal to no Authentication and enabled it on the VLAN 30 interface.
I wrote two words in the terms and conditions section.
and under Firewall - VLAN 30 interface, I created a test rule to allow all traffic (Any, Any) on that interface.
I tried to assign VLAN 30 to a physical port on the PFSense just now and that did not make a difference either.For web browsers, I tried Chrome and Edge, with and without incognito, after a hard cache reload, and after a restart.
I also tried a Pixel 7 and a Samsung S24+ Phone (Connecting to the SSID for VLAN 30), same issue.I just tried to ping google.com in windows cmd and it returned the IP address for google, but the request timed out.
Is it safe to assume DNS is good up to this point?Edit: I just got the portal to pull up on my phone, The changes I made were as follows:
1- Assign the VLAN-30 a physcial port on Lan 3 for testing. (Test portal, Test failed)
2- Update the PFSense from the previous stable build to the most current one. (Test portal, Test failed)
3- Disable DNS Server Override (which shouldn't be related but it was mentioned somewhere in the wild). (Test portal, Test failed)
4- Reboot.
5- Test portal, Test Successful.
6- Enable DNS Server Override. (Test portal, Test Successful)
7- Assign VLAN 30 to the original port I expected it to be on. (Test portal, Test Successful on hardwire)
8- Test using SSID, Test successful.For testing sake and knowledge,
I'm about to restore a backup that I had yesterday before the update and test again. I'm wondering if it was an issue related to the previous stable version.Edit 2: I just realized that restoring a backup does not revert the release, I will test with that backup anyways since I already know it was bad?
I'll update shortly after it's done.Last Edit:
Under Services>DHCP>VLAN30 Interface>Server Options>DNS Servers:
I had these pointing to google DNS servers.
Of course, since there is CP and it has to be passed before connecting to the internet, the clients never reach out to the DNS server and in turn breaks the CP connection.
Clearing these fields resolves the problem.This was on me, I apologize about it.
Thanks for your help @stephenw10 -!!