Captive Portal Kills Pfsense

Guest

I made a fresh install and it works perfectly (pfSense 2.0-BETA1-20091228-1257.tg), I didn't installed anything else, then I enabled Captive Portal on LAN interface and save. That kills PFsense, only get a blank screen, no ping, no webconfigurator, and loose all connections, I did the same three times with same results.

That's a expected situation for Beta?

Regards
Alfredo

cmb

There are known issues with captive portal.

Guest

ok, THANKS

Another little issue, I went to the console, and reset to factory default, everything looks OK, webgui is running again, but is not possible to access via SSH with winscp, SSH is enabled in webgui.

regards
Alfredo

CarlMGregory

FYI, more information to this issue.

In my experience, it does not "kill" captive portal totally.  You can still ssh into the box, run the shell, do a 'links http://192.168.1.1/' and log in to the captive portal that way.  So it's still running, you just cannot get to it from anywhere but localhost.

lotacus

this fixed in the latest snapshot?

psd_steve

Just imaged with pfSense-2.0-BETA1-4g-20100124-1657-nanobsd.img.gz Captive portal will get you:

Fatal error: Cannot redeclare get_priv_files() (previously declared in /etc/inc/priv.inc:48) in /etc/inc/priv.inc on line 67

I am running 1.2.3 with no problems. I would like the additional traffic shaping however. bit torrent needs to be stopped!

Steve

cmb

@CarlMGregory:

In my experience, it does not "kill" captive portal totally.  You can still ssh into the box, run the shell, do a 'links http://192.168.1.1/' and log in to the captive portal that way.  So it's still running, you just cannot get to it from anywhere but localhost.

Yeah the problem is ipfw fwd is broken in FreeBSD 8.0. If you browse to LANIP:8000 it also works, it's just the redirect to 8000 that doesn't work. A patch is in the works to fix ipfw.

cmb

Actually more than "in the works", it was already committed several days ago. Captive portal works for me now as of the latest snapshot.

lotacus

20100125-2045 ?

cmb

@lotacus:

20100125-2045 ?

Yes, that's what I'm running and CP is working fine.

lotacus

haha. i been running that for a little while now and so hesitant on starting it LOL. I think i got confused over the "update" feature because it wasn't catching the latest snapshots and what have you, and actually kept down grading me..

lotacus

you must be mistaken. it's still borked.

cmb

No, it definitely works. Just set it up on another install, now on a February 6 snapshot, and it works perfectly.

ktims

Still not working for me either. CP clients just sit and timeout, redirect never connects, I see no response traffic at all coming from the firewall. I'm not seeing any kind of redirect pf rule created (though pass rules are there), and unless I'm misunderstanding how the CP works I think that is necessary. Is there any troubleshooting you recommend?

Manually hitting the CP URL and registering works fine however.

cmb

The redirect is an ipfw fwd, it's not in pf. Can you send me a backup of your config?  Private message or email to cmb at pfsense dot org.

cmb

New problem found, it doesn't work on VLANs at the moment.
http://redmine.pfsense.org/issues/show/357

It does work fine on physical interfaces. If anyone is having a problem still that is not using VLANs, we'll need more info.

lotacus

I found that enabling it, the re-direct would take around 30 seconds it seems, to actually re-direct to the URL of the users request. IE: if no redirect url was specified in settings but a home page set in the browser. Though after submitting the login, which is all blank so no login required, closing the browser and opening it again before it can redirect, web traffic works as normal.

zhoffman

Im having some issues with the captive portal in latest build, different than discussed already.  The captive portal works fine and redirects, etc.. but the bandwidth restrictions dont seem to be very effective.  i set the per user bandwidth restriction in the captive portal to 1024/384kbit/s, but i can download/upload at full speed thru the captive portal…?  Ok, so i figured i would run the traffic shaper and create an alias for the cp_guest dhcp range and then stick the alias in the penalty box w/ 10% bandwith limitation.  Still blasted thru downloading at 1.23MB a sec.  am i lost or confused?  or are these things still not 100%.  I can send logs/configs if that would help.  i have a small non-profit next to UCF campus that i need the CP to work in so i can restrict bandwidth/users as im sure every kid over there will be trying to utilize/hack into the wireless.  Dont want to put wlan in, if can be hacked and then steal all the bandwidth, rather do without.  (i understand it can be hacked, i plan on it being hacked, i just dont want to loose all the bandwidth if possible when it does!).

ktims

I notice this bug (CP not working on VLANs) has been closed, yet the problem persists for me. I can access the CP page manually by typing the router IP address, but am not redirected there automagically when trying to access other websites.