Redirect problem in Captive Portal
-
Hi,
I installed for testing PFsense 2.0 on a ALIX.2D13 and I try the captive portal function.
The problem is that the server did not redirect correctly to the authentication page, firefox print a message like this "This page does not redirect correctly. Firefox has detected that the server is redirecting the request for this page so that it can never be completed. " and the user is not redirected in the authentication page.
If I write in firefox "http://192.168.1.1:8000" I only have blank page.
If someone can give me a clue I thank him in advance.
Config file:
<pfsense><version>6.3</version>
<lastchange><theme>pfsense_ng</theme>
<sysctl><desc>Set the ephemeral port range to be lower.</desc>
<tunable>net.inet.ip.portrange.first</tunable>
<value>default</value>
<desc>Drop packets to closed TCP ports without returning a RST</desc>
<tunable>net.inet.tcp.blackhole</tunable>
<value>default</value>
<desc>Do not send ICMP port unreachable messages for closed UDP ports</desc>
<tunable>net.inet.udp.blackhole</tunable>
<value>default</value>
<desc>Randomize the ID field in IP packets (default is 0: sequential IP IDs)</desc>
<tunable>net.inet.ip.random_id</tunable>
<value>default</value>
<desc>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</desc>
<tunable>net.inet.tcp.drop_synfin</tunable>
<value>default</value>
<desc>Enable sending IPv4 redirects</desc>
<tunable>net.inet.ip.redirect</tunable>
<value>default</value>
<desc>Enable sending IPv6 redirects</desc>
<tunable>net.inet6.ip6.redirect</tunable>
<value>default</value>
<desc>Generate SYN cookies for outbound SYN-ACK packets</desc>
<tunable>net.inet.tcp.syncookies</tunable>
<value>default</value>
<desc>Maximum incoming/outgoing TCP datagram size (receive)</desc>
<tunable>net.inet.tcp.recvspace</tunable>
<value>default</value>
<desc>Maximum incoming/outgoing TCP datagram size (send)</desc>
<tunable>net.inet.tcp.sendspace</tunable>
<value>default</value>
<desc>IP Fastforwarding</desc>
<tunable>net.inet.ip.fastforwarding</tunable>
<value>default</value>
<desc>Do not delay ACK to try and piggyback it onto a data packet</desc>
<tunable>net.inet.tcp.delayed_ack</tunable>
<value>default</value>
<desc>Maximum outgoing UDP datagram size</desc>
<tunable>net.inet.udp.maxdgram</tunable>
<value>default</value>
<desc>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</desc>
<tunable>net.link.bridge.pfil_onlyip</tunable>
<value>default</value>
<desc>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</desc>
<tunable>net.link.bridge.pfil_member</tunable>
<value>default</value>
<desc>Set to 1 to enable filtering on the bridge interface</desc>
<tunable>net.link.bridge.pfil_bridge</tunable>
<value>default</value>
<desc>Allow unprivileged access to tap(4) device nodes</desc>
<tunable>net.link.tap.user_open</tunable>
<value>default</value>
<desc>Verbosity of the rndtest driver (0: do not display results on console)</desc>
<tunable>kern.rndtest.verbose</tunable>
<value>default</value>
<desc>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</desc>
<tunable>kern.randompid</tunable>
<value>default</value>
<desc>Maximum size of the IP input queue</desc>
<tunable>net.inet.ip.intr_queue_maxlen</tunable>
<value>default</value>
<desc>Disable CTRL+ALT+Delete reboot from keyboard.</desc>
<tunable>hw.syscons.kbd_reboot</tunable>
<value>default</value>
<desc>Enable TCP Inflight mode</desc>
<tunable>net.inet.tcp.inflight.enable</tunable>
<value>default</value>
<desc>Enable TCP extended debugging</desc>
<tunable>net.inet.tcp.log_debug</tunable>
<value>default</value>
<desc>Set ICMP Limits</desc>
<tunable>net.inet.icmp.icmplim</tunable>
<value>default</value>
<desc>TCP Offload Engine</desc>
<tunable>net.inet.tcp.tso</tunable>
<value>default</value>
<desc>TCP Offload Engine - BCE</desc>
<tunable>hw.bce.tso_enable</tunable>
<value>default</value></sysctl>
<system><optimization>normal</optimization>
<hostname>fw</hostname>
<domain>intranet.net</domain>
<group><name>all</name><scope>system</scope>
<gid>1998</gid>
<member>0</member></group>
<group><name>admins</name><scope>system</scope>
<gid>1999</gid>
<member>0</member>
<priv>page-all</priv></group>
<user><name>admin</name>
<fullname>System Administrator</fullname>
<scope>system</scope>
<groupname>admins</groupname>
<password>$1$eRkJYBdc$eNo4qKmZCiBWpJHTq92Bc.</password>
<uid>0</uid>
<priv>user-shell-access</priv>
<md5-hash>21232f297a57a5a743894a0e4a801fc3</md5-hash>
<nt-hash>a281fad8d0de9635da57c0fe96220aa2</nt-hash></user>
<user><scope>user</scope>
<password>$1$rMNP4/sN$t.dayWIxkXO84LNFHdLyU0</password>
<md5-hash>c9f5c29cf490da28e0ee29dddc7151c5</md5-hash>
<nt-hash>f51df19a5bd2d915a4347ad5088bef14</nt-hash>
<name>test</name>
<fullname><expires><authorizedkeys><uid>2000</uid></authorizedkeys></expires></fullname></user>
<nextuid>2001</nextuid>
<nextgid>2000</nextgid>
<timezone>Europe/Rome</timezone>
<time-update-interval><timeservers>1.europe.pool.ntp.org</timeservers>
<webgui><protocol>https</protocol>
<ssl-certref>4bfd8e989ef1e</ssl-certref></webgui>
<disablenatreflection>yes</disablenatreflection>
<cert><refid>4bfd8e989ef1e</refid>
<name>webConfigurator default</name>
<crt>crt></crt></cert>
<cert><refid>4bfe2e83641cd</refid>
<name>CERTIFICATO-CP</name>
<caref>4bfe2e348fde3</caref></cert>
<enablesshd>enabled</enablesshd>
<dnsserver>208.67.222.222</dnsserver>
<dnsserver>208.67.220.220</dnsserver>
<dnsallowoverride><dns1gwint>none</dns1gwint>
<dns2gwint>none</dns2gwint>
<dns3gwint>none</dns3gwint>
<dns4gwint>none</dns4gwint>
<ca><refid>4bfe2e348fde3</refid>
<name>certCP</name><serial>1</serial></ca></dnsallowoverride></time-update-interval></system>
<interfaces><wan><enable><if>vr1</if>
<mtu>1500</mtu>
<media><mediaopt><ipaddr>10.39.251.140</ipaddr>
<subnet>24</subnet>
<spoofmac></spoofmac></mediaopt></media></enable></wan>
<lan><enable><if>vr0</if>
<ipaddr>192.168.1.1</ipaddr>
<subnet>24</subnet>
<media><mediaopt></mediaopt></media></enable></lan></interfaces>
<staticroutes><pppoe><username><password></password></username></pppoe>
<pptp><username><password></password></username></pptp>
<dhcpd><lan><enable><range><from>192.168.1.10</from>
<to>192.168.1.100</to></range>
<defaultleasetime><maxleasetime><netmask></netmask>
<failover_peerip><gateway><domain><domainsearchlist><ddnsdomain><tftp><ldap><next-server><filename><rootpath></rootpath></filename></next-server></ldap></tftp></ddnsdomain></domainsearchlist></domain></gateway></failover_peerip></maxleasetime></defaultleasetime></enable></lan></dhcpd>
<pptpd><mode><redir><localip></localip></redir></mode></pptpd>
<ovpn><dnsmasq><enable><hosts><host>fw</host>
<domain>intranet.net</domain>
<ip>192.168.1.1</ip></hosts></enable></dnsmasq>
<snmpd><syslocation><syscontact><rocommunity>public</rocommunity></syscontact></syslocation></snmpd>
<diag><ipv6nat><ipaddr></ipaddr></ipv6nat></diag>
<bridge><syslog><nat><ipsecpassthru><enable></enable></ipsecpassthru></nat>
<filter><rule><id><type>pass</type>
<interface>wan</interface>
<max><max-src-nodes><max-src-conn><max-src-states><statetimeout><statetype>keep state</statetype>
<os><protocol>tcp</protocol>
<source>
<any><destination><any></any></destination></any></os></statetimeout></max-src-states></max-src-conn></max-src-nodes></max></id></rule>
<rule><id><type>pass</type>
<interface>lan</interface>
<max><max-src-nodes><max-src-conn><max-src-states><statetimeout><statetype>keep state</statetype>
<os><source>
<network>lan</network><destination><any></any></destination></os></statetimeout></max-src-states></max-src-conn></max-src-nodes></max></id></rule></filter>
<shaper><ipsec><preferredoldsa></preferredoldsa></ipsec>
<aliases><proxyarp><cron><minute>0</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 newsyslog
<minute>1,31</minute>
<hour>0-5</hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 adjkerntz -a
<minute>1</minute>
<hour>3</hour>
<mday>1</mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh
<minute>/60</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout
<minute>1</minute>
<hour>1</hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 /etc/rc.dyndns.update
<minute>/60</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot
<minute>/5</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday>*</wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 /usr/local/bin/checkreload.sh</cron>
<wol><rrd><enable></enable></rrd>
<load_balancer><monitor_type><name>ICMP</name>
<type>icmp</type>
<desc>ICMP</desc></monitor_type>
<monitor_type><name>TCP</name>
<type>tcp</type>
<desc>Generic TCP</desc></monitor_type>
<monitor_type><name>HTTP</name>
<type>http</type>
<desc>Generic HTTP</desc>
<options><path>/</path>
<host>200</host></options></monitor_type>
<monitor_type><name>HTTPS</name>
<type>https</type>
<desc>Generic HTTPS</desc>
<options><path>/</path>
<host>200</host></options></monitor_type>
<monitor_type><name>SMTP</name>
<type>send</type>
<desc>Generic SMTP</desc>
<options><send>EHLO nosuchhost</send>
<expect>250-</expect></options></monitor_type></load_balancer>
<widgets><sequence>system_information-container:col1:show,captive_portal_status-container:col1:close,carp_status-container:col1:close,cpu_graphs-container:col1:close,gateways-container:col1:close,gmirror_status-container:col1:close,installed_packages-container:col1:close,interface_statistics-container:col1:close,interfaces-container:col2:show,ipsec-container:col2:close,load_balancer_status-container:col2:close,log-container:col2:close,picture-container:col2:close,rss-container:col2:close,services_status-container:col2:close,traffic_graphs-container:col2:close</sequence></widgets>
<revision><time>1274950593</time><username>admin</username></revision>
<l7shaper><container></container></l7shaper>
<dnshaper><gateways><gateway_item><interface>wan</interface>
<gateway>10.39.251.5</gateway>
<name>netscreen</name>
<weight>1</weight>
<descr><defaultgw></defaultgw></descr></gateway_item></gateways>
<openvpn><captiveportal><page><timeout>60</timeout>
<interface>lan</interface>
<maxproc><idletimeout><enable><auth_method>local</auth_method>
<reauthenticateacct><httpsname>fw.intranet.net</httpsname>
<bwdefaultdn><bwdefaultup><certificate></certificate>
<cacertificate><private-key></private-key>
<redirurl>http://www.google.it</redirurl>
<radiusip><radiusip2><radiusport><radiusport2><radiusacctport><radiuskey><radiuskey2><radiusvendor>default</radiusvendor>
<radmac_format>default</radmac_format>
<logoutwin_enable></logoutwin_enable></radiuskey2></radiuskey></radiusacctport></radiusport2></radiusport></radiusip2></radiusip></cacertificate></bwdefaultup></bwdefaultdn></reauthenticateacct></enable></idletimeout></maxproc></page></captiveportal></openvpn></dnshaper></wol></proxyarp></aliases></shaper></syslog></bridge></ovpn></staticroutes></lastchange></pfsense>The output of the command "ipfw list":
65291 allow pfsync from any to any
65292 allow carp from any to any
65301 allow ip from any to any layer2 mac-type 0x0806
65302 allow ip from any to any layer2 mac-type 0x888e
65303 allow ip from any to any layer2 mac-type 0x88c7
65304 allow ip from any to any layer2 mac-type 0x8863
65305 allow ip from any to any layer2 mac-type 0x8864
65306 allow ip from any to any layer2 mac-type 0x888e
65307 deny ip from any to any layer2 not mac-type 0x0800
65310 allow udp from any 68 to { 255.255.255.255 or 192.168.1.1 } dst-port 67 in
65311 allow udp from any 68 to { 255.255.255.255 or 192.168.1.1 } dst-port 67 in
65312 allow udp from { 255.255.255.255 or 192.168.1.1 } 67 to any dst-port 68 ou
t
65313 allow icmp from { 255.255.255.255 or 192.168.1.1 } to any out icmptypes 0
65314 allow icmp from any to { 255.255.255.255 or 192.168.1.1 } in icmptypes 8
65315 allow udp from any to { 255.255.255.255 or 192.168.1.1 } dst-port 53 in
65316 allow udp from { 255.255.255.255 or 192.168.1.1 } 53 to any out
65317 allow tcp from any to { 255.255.255.255 or 192.168.1.1 } dst-port 8000 in
65318 allow tcp from { 255.255.255.255 or 192.168.1.1 } 8000 to any out
65319 allow tcp from any to { 255.255.255.255 or 192.168.1.1 } dst-port 443 in
65320 allow tcp from { 255.255.255.255 or 192.168.1.1 } 443 to any out
65321 allow ip from table(3) to any in
65322 allow ip from any to table(4) out
65323 pipe tablearg ip from table(5) to any in
65324 pipe tablearg ip from any to table(6) out
65325 allow ip from any to table(7) in
65326 allow ip from table(8) to any out
65327 pipe tablearg ip from any to table(9) in
65328 pipe tablearg ip from table(10) to any out
65329 allow ip from table(1) to any in
65330 allow ip from any to table(2) out
65531 fwd 127.0.0.1,8000 tcp from any to any in
65532 allow tcp from any to any out
65533 deny ip from any to any
65534 allow ip from any to any layer2
65535 allow ip from any to any -
Can you please give me the /var/etc/lighty files?
-
Thanks for your help.
lighty-CaptivePortal.conf :
lighttpd configuration file
use a it as base for lighttpd 1.0.0 and above
############ Options you really have to take care of ####################
FreeBSD!
server.event-handler = "freebsd-kqueue"
server.network-backend = "writev"modules to load
server.modules = (
"mod_acc
esslog",
"mod_acc
ess", "mod_accesslog", "mod_expire", "mod_compress", "mod_redirect",
"mod_fas
tcgi", "mod_cgi","mod_rewrite"
)Unused modules
# "mod_setenv",
# "mod_rewrite",
# "mod_ssi",
# "mod_usertrack",
# "mod_expire",
# "mod_secdownload",
# "mod_rrdtool",
# "mod_auth",
# "mod_status",
# "mod_alias",
# "mod_proxy",
# "mod_simple_vhost",
# "mod_evhost",
# "mod_userdir",
# "mod_cgi",server.max-keep-alive-requests = 15
server.max-keep-alive-idle = 30a static document-root, for virtual-hosting take look at the
server.virtual-* options
server.document-root = "/usr/local/captiveportal/"
url.rewrite-once = ( "(.captiveportal.)" => "$1", "(.*)" => "/index.php?rediru
rl=$1" )Maximum idle time with nothing being written (php downloading)
server.max-write-idle = 999
where to send error-messages to
server.errorlog = "/var/log/lighttpd.error.log"
files to check for if …/ is requested
server.indexfiles = ( "index.php", "index.html",
"index.htm", "default.htm" )mimetype mapping
mimetype.assign = (
".pdf" => "application/pdf",
".sig" => "application/pgp-signature",
".spl" => "application/futuresplash",
".class" => "application/octet-stream",
".ps" => "application/postscript",
".torrent" => "application/x-bittorrent",
".dvi" => "application/x-dvi",
".gz" => "application/x-gzip",
".pac" => "application/x-ns-proxy-autoconfig",
".swf" => "application/x-shockwave-flash",
".tar.gz" => "application/x-tgz",
".tgz" => "application/x-tgz",
".tar" => "application/x-tar",
".zip" => "application/zip",
".mp3" => "audio/mpeg",
".m3u" => "audio/x-mpegurl",
".wma" => "audio/x-ms-wma",
".wax" => "audio/x-ms-wax",
".ogg" => "audio/x-wav",
".wav" => "audio/x-wav",
".gif" => "image/gif",
".jpg" => "image/jpeg",
".jpeg" => "image/jpeg",
".png" => "image/png",
".xbm" => "image/x-xbitmap",
".xpm" => "image/x-xpixmap",
".xwd" => "image/x-xwindowdump",
".css" => "text/css",
".html" => "text/html",
".htm" => "text/html",
".js" => "text/javascript",
".asc" => "text/plain",
".c" => "text/plain",
".conf" => "text/plain",
".text" => "text/plain",
".txt" => "text/plain",
".dtd" => "text/xml",
".xml" => "text/xml",
".mpeg" => "video/mpeg",
".mpg" => "video/mpeg",
".mov" => "video/quicktime",
".qt" => "video/quicktime",
".avi" => "video/x-msvideo",
".asf" => "video/x-ms-asf",
".asx" => "video/x-ms-asf",
".wmv" => "video/x-ms-wmv",
".bz2" => "application/x-bzip",
".tbz" => "application/x-bzip-compressed-tar",
".tar.bz2" => "application/x-bzip-compressed-tar"
)Use the "Content-Type" extended attribute to obtain mime type if possible
#mimetypes.use-xattr = "enable"
accesslog module
#accesslog.filename = "/dev/null"
deny access the file-extensions
~ is for backupfiles from vi, emacs, joe, ...
.inc is often used for code includes which should in general not be part
# of the document-root
url.access-deny = ( "~", ".inc" )######### Options that are good to be but not neccesary to be changed #######
bind to port (default: 80)
server.port = 8000
error-handler for status 404
#server.error-handler-404 = "/error-handler.html"
#server.error-handler-404 = "/error-handler.php"to help the rc.scripts
server.pid-file = "/var/run/lighty-CaptivePortal.pid"
virtual directory listings
server.dir-listing = "disable"
enable debugging
debug.log-request-header = "disable"
debug.log-response-header = "disable"
debug.log-request-handling = "disable"
debug.log-file-not-found = "disable"gzip compression
compress.cache-dir = "/tmp/lighttpdcompress/"
compress.filetype = ("text/plain","text/css", "text/xml", "text/javascript" )server.upload-dirs = ( "/tmp/captiveportal/" )
server.max-request-size = 384
fastcgi module
read fastcgi.txt for more info
fastcgi.server = ( ".php" =>
( "localhost" =>
(
"socket" => "/tmp/php-fastcgi.socket",
"min-procs" => 0,
"max-procs" => 3,
"bin-environment" => (
"PHP_FCGI_CHILDREN" => "3",
"PHP_FCGI_MAX_REQUESTS" => "500"
),
"bin-path" => "/usr/local/bin/php"
)
)
)CGI module
cgi.assign = ( ".cgi" => "" )
expire.url = (
"" => "access 50 hours",
)
lighty-webConfigurator.conf :
lighttpd configuration file
use a it as base for lighttpd 1.0.0 and above
############ Options you really have to take care of ####################
FreeBSD!
server.event-handler = "freebsd-kqueue"
server.network-backend = "writev"modules to load
server.modules = (
"mod_acc
ess", "mod_accesslog", "mod_expire", "mod_compress", "mod_redirect",
"mod_fas
tcgi", "mod_cgi"
)Unused modules
# "mod_setenv",
# "mod_rewrite",
# "mod_ssi",
# "mod_usertrack",
# "mod_expire",
# "mod_secdownload",
# "mod_rrdtool",
# "mod_auth",
# "mod_status",
# "mod_alias",
# "mod_proxy",
# "mod_simple_vhost",
# "mod_evhost",
# "mod_userdir",
# "mod_cgi",server.max-keep-alive-requests = 15
server.max-keep-alive-idle = 30a static document-root, for virtual-hosting take look at the
server.virtual-* options
server.document-root = "/usr/local/www/"
Maximum idle time with nothing being written (php downloading)
server.max-write-idle = 999
where to send error-messages to
server.errorlog = "/var/log/lighttpd.error.log"
files to check for if .../ is requested
server.indexfiles = ( "index.php", "index.html",
"index.htm", "default.htm" )mimetype mapping
mimetype.assign = (
".pdf" => "application/pdf",
".sig" => "application/pgp-signature",
".spl" => "application/futuresplash",
".class" => "application/octet-stream",
".ps" => "application/postscript",
".torrent" => "application/x-bittorrent",
".dvi" => "application/x-dvi",
".gz" => "application/x-gzip",
".pac" => "application/x-ns-proxy-autoconfig",
".swf" => "application/x-shockwave-flash",
".tar.gz" => "application/x-tgz",
".tgz" => "application/x-tgz",
".tar" => "application/x-tar",
".zip" => "application/zip",
".mp3" => "audio/mpeg",
".m3u" => "audio/x-mpegurl",
".wma" => "audio/x-ms-wma",
".wax" => "audio/x-ms-wax",
".ogg" => "audio/x-wav",
".wav" => "audio/x-wav",
".gif" => "image/gif",
".jpg" => "image/jpeg",
".jpeg" => "image/jpeg",
".png" => "image/png",
".xbm" => "image/x-xbitmap",
".xpm" => "image/x-xpixmap",
".xwd" => "image/x-xwindowdump",
".css" => "text/css",
".html" => "text/html",
".htm" => "text/html",
".js" => "text/javascript",
".asc" => "text/plain",
".c" => "text/plain",
".conf" => "text/plain",
".text" => "text/plain",
".txt" => "text/plain",
".dtd" => "text/xml",
".xml" => "text/xml",
".mpeg" => "video/mpeg",
".mpg" => "video/mpeg",
".mov" => "video/quicktime",
".qt" => "video/quicktime",
".avi" => "video/x-msvideo",
".asf" => "video/x-ms-asf",
".asx" => "video/x-ms-asf",
".wmv" => "video/x-ms-wmv",
".bz2" => "application/x-bzip",
".tbz" => "application/x-bzip-compressed-tar",
".tar.bz2" => "application/x-bzip-compressed-tar"
)Use the "Content-Type" extended attribute to obtain mime type if possible
#mimetypes.use-xattr = "enable"
accesslog module
#accesslog.filename = "/dev/null"
deny access the file-extensions
~ is for backupfiles from vi, emacs, joe, ...
.inc is often used for code includes which should in general not be part
# of the document-root
url.access-deny = ( "~", ".inc" )######### Options that are good to be but not neccesary to be changed #######
bind to port (default: 80)
server.port = 443
error-handler for status 404
#server.error-handler-404 = "/error-handler.html"
#server.error-handler-404 = "/error-handler.php"to help the rc.scripts
server.pid-file = "/var/run/lighty-webConfigurator.pid"
virtual directory listings
server.dir-listing = "disable"
enable debugging
debug.log-request-header = "disable"
debug.log-response-header = "disable"
debug.log-request-handling = "disable"
debug.log-file-not-found = "disable"gzip compression
compress.cache-dir = "/tmp/lighttpdcompress/"
compress.filetype = ("text/plain","text/css", "text/xml", "text/javascript" )server.upload-dirs = ( "/root/", "/tmp/", "/var/" )
server.max-request-size = 2097152
fastcgi module
read fastcgi.txt for more info
fastcgi.server = ( ".php" =>
( "localhost" =>
(
"socket" => "/tmp/php-fastcgi.socket",
"min-procs" => 0,
"max-procs" => 3,
"bin-environment" => (
"PHP_FCGI_CHILDREN" => "3",
"PHP_FCGI_MAX_REQUESTS" => "500"
),
"bin-path" => "/usr/local/bin/php"
)
)
)CGI module
cgi.assign = ( ".cgi" => "" )
expire.url = (
"" => "access 50 hours",
)ssl configuration
ssl.engine = "enable"
ssl.pemfile = "/var/etc/cert.pem"$SERVER["socket"] == ":80" {
$HTTP["host"] =~ "(.)" {
url.redirect = ( "^/(.)" => "https://%1/$1" )
} -
Should be fixed.
-
I've got the exact same problem. Using the snapshot from 06/08/2010. Going directly to 8000 works. The redirect fails.
-
i had same problem too…. snapshot 23/06/2010
-
Going to need a lot more info than "it doesn't work". It does work in every scenario I have setup, and we've deployed it in production in the past week for a WISP on several systems with multiple VLANs on each and no problems. I suspect at this point if it doesn't work you don't have things setup right for DNS to function, hence are never hitting the firewall to get redirected.
-
it doesnt redirect too here.
<pfsense><version>6.4</version>
<lastchange><theme>pfsense_ng</theme>
<sysctl><desc>Set the ephemeral port range to be lower.</desc>
<tunable>net.inet.ip.portrange.first</tunable>
<value>default</value>
<desc>Drop packets to closed TCP ports without returning a RST</desc>
<tunable>net.inet.tcp.blackhole</tunable>
<value>default</value>
<desc>Do not send ICMP port unreachable messages for closed UDP ports</desc>
<tunable>net.inet.udp.blackhole</tunable>
<value>default</value>
<desc>Randomize the ID field in IP packets (default is 0: sequential IP IDs)</desc>
<tunable>net.inet.ip.random_id</tunable>
<value>default</value>
<desc>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</desc>
<tunable>net.inet.tcp.drop_synfin</tunable>
<value>default</value>
<desc>Enable sending IPv4 redirects</desc>
<tunable>net.inet.ip.redirect</tunable>
<value>default</value>
<desc>Enable sending IPv6 redirects</desc>
<tunable>net.inet6.ip6.redirect</tunable>
<value>default</value>
<desc>Generate SYN cookies for outbound SYN-ACK packets</desc>
<tunable>net.inet.tcp.syncookies</tunable>
<value>default</value>
<desc>Maximum incoming/outgoing TCP datagram size (receive)</desc>
<tunable>net.inet.tcp.recvspace</tunable>
<value>default</value>
<desc>Maximum incoming/outgoing TCP datagram size (send)</desc>
<tunable>net.inet.tcp.sendspace</tunable>
<value>default</value>
<desc>IP Fastforwarding</desc>
<tunable>net.inet.ip.fastforwarding</tunable>
<value>default</value>
<desc>Do not delay ACK to try and piggyback it onto a data packet</desc>
<tunable>net.inet.tcp.delayed_ack</tunable>
<value>default</value>
<desc>Maximum outgoing UDP datagram size</desc>
<tunable>net.inet.udp.maxdgram</tunable>
<value>default</value>
<desc>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</desc>
<tunable>net.link.bridge.pfil_onlyip</tunable>
<value>default</value>
<desc>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</desc>
<tunable>net.link.bridge.pfil_member</tunable>
<value>default</value>
<desc>Set to 1 to enable filtering on the bridge interface</desc>
<tunable>net.link.bridge.pfil_bridge</tunable>
<value>default</value>
<desc>Allow unprivileged access to tap(4) device nodes</desc>
<tunable>net.link.tap.user_open</tunable>
<value>default</value>
<desc>Verbosity of the rndtest driver (0: do not display results on console)</desc>
<tunable>kern.rndtest.verbose</tunable>
<value>default</value>
<desc>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</desc>
<tunable>kern.randompid</tunable>
<value>default</value>
<desc>Maximum size of the IP input queue</desc>
<tunable>net.inet.ip.intr_queue_maxlen</tunable>
<value>default</value>
<desc>Disable CTRL+ALT+Delete reboot from keyboard.</desc>
<tunable>hw.syscons.kbd_reboot</tunable>
<value>default</value>
<desc>Enable TCP Inflight mode</desc>
<tunable>net.inet.tcp.inflight.enable</tunable>
<value>default</value>
<desc>Enable TCP extended debugging</desc>
<tunable>net.inet.tcp.log_debug</tunable>
<value>default</value>
<desc>Set ICMP Limits</desc>
<tunable>net.inet.icmp.icmplim</tunable>
<value>default</value>
<desc>TCP Offload Engine</desc>
<tunable>net.inet.tcp.tso</tunable>
<value>default</value>
<desc>TCP Offload Engine - BCE</desc>
<tunable>hw.bce.tso_enable</tunable>
<value>default</value></sysctl>
<system><optimization>normal</optimization>
<hostname>pfsense1</hostname>
<domain>boekestijn.local</domain>
<group><name>all</name><scope>system</scope>
<gid>1998</gid>
<member>0</member></group>
<group><name>admins</name><scope>system</scope>
<gid>1999</gid>
<member>0</member>
<priv>page-all</priv></group>
<user><name>admin</name>
<fullname>System Administrator</fullname>
<scope>system</scope>
<groupname>admins</groupname>
<password>$1$/bdU5Y/K$Q5eCW0JRmFZH50kyKlcqK1</password>
<uid>0</uid>
<priv>user-shell-access</priv>
<md5-hash>cd99523b68bceb84ae569a02e6eb4c31</md5-hash>
<nt-hash>097b6aee440ff80df44081606c2b6e57</nt-hash></user>
<nextuid>2000</nextuid>
<nextgid>2000</nextgid>
<timezone>Europe/Amsterdam</timezone>
<time-update-interval><timeservers>0.pfsense.pool.ntp.org</timeservers>
<webgui><protocol>http</protocol>
<ssl-certref>4c1b276dc77a3</ssl-certref></webgui>
<disablenatreflection>yes</disablenatreflection>
<cert><refid>4c1b276dc77a3</refid>
<name>webConfigurator default</name>
<crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVLRENDQTVHZ0F3SUJBZ0lKQU83SThGSGpvSTVOTUEwR0NTcUdTSWIzRFFFQkJRVUFNSUcvTVFzd0NRWUQKVlFRR0V3SlZVekVTTUJBR0ExVUVDQk1KVTI5dFpYZG9aWEpsTVJFd0R3WURWUVFIRXdoVGIyMWxZMmwwZVRFVQpNQklHQTFVRUNoTUxRMjl0Y0dGdWVVNWhiV1V4THpBdEJnTlZCQXNUSms5eVoyRnVhWHBoZEdsdmJtRnNJRlZ1CmFYUWdUbUZ0WlNBb1pXY3NJSE5sWTNScGIyNHBNU1F3SWdZRFZRUURFeHREYjIxdGIyNGdUbUZ0WlNBb1pXY3MKSUZsUFZWSWdibUZ0WlNreEhEQWFCZ2txaGtpRzl3MEJDUUVXRFVWdFlXbHNJRUZrWkhKbGMzTXdIaGNOTVRBdwpOakU0TURjMU9UUXlXaGNOTVRVeE1qQTVNRGMxT1RReVdqQ0J2ekVMTUFrR0ExVUVCaE1DVlZNeEVqQVFCZ05WCkJBZ1RDVk52YldWM2FHVnlaVEVSTUE4R0ExVUVCeE1JVTI5dFpXTnBkSGt4RkRBU0JnTlZCQW9UQzBOdmJYQmgKYm5sT1lXMWxNUzh3TFFZRFZRUUxFeVpQY21kaGJtbDZZWFJwYjI1aGJDQlZibWwwSUU1aGJXVWdLR1ZuTENCegpaV04wYVc5dUtURWtNQ0lHQTFVRUF4TWJRMjl0Ylc5dUlFNWhiV1VnS0dWbkxDQlpUMVZTSUc1aGJXVXBNUnd3CkdnWUpLb1pJaHZjTkFRa0JGZzFGYldGcGJDQkJaR1J5WlhOek1JR2ZNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0R04KQURDQmlRS0JnUUM4dkNydjV6WXpmZTFaWlNHZFp0ZDhZK0NQeUVtUndIcE5aNDVmUENqTFZVVitiaVQvcjJUKwpYN1RFcTFySVRNak52aVpTVEsyOGxzZGkva1lxSG53YWhRbHVOSFhGdkx4c3BxdEFzb0VMTVgyWDVmSktYbXVjCm8zSGFZWW1DTytKeUZsajdxdjFSMEFyMW5Kbkl0ZjZWY2pmZnZKVDBQZ2phSXVuT0RKU0dLUUlEQVFBQm80SUIKS0RDQ0FTUXdIUVlEVlIwT0JCWUVGTndVOUJJNUVYbFJXUnp0TGZrKzNmMW9wTEJvTUlIMEJnTlZIU01FZ2V3dwpnZW1BRk53VTlCSTVFWGxSV1J6dExmayszZjFvcExCb29ZSEZwSUhDTUlHL01Rc3dDUVlEVlFRR0V3SlZVekVTCk1CQUdBMVVFQ0JNSlUyOXRaWGRvWlhKbE1SRXdEd1lEVlFRSEV3aFRiMjFsWTJsMGVURVVNQklHQTFVRUNoTUwKUTI5dGNHRnVlVTVoYldVeEx6QXRCZ05WQkFzVEprOXlaMkZ1YVhwaGRHbHZibUZzSUZWdWFYUWdUbUZ0WlNBbwpaV2NzSUhObFkzUnBiMjRwTVNRd0lnWURWUVFERXh0RGIyMXRiMjRnVG1GdFpTQW9aV2NzSUZsUFZWSWdibUZ0ClpTa3hIREFhQmdrcWhraUc5dzBCQ1FFV0RVVnRZV2xzSUVGa1pISmxjM09DQ1FEdXlQQlI0NkNPVFRBTUJnTlYKSFJNRUJUQURBUUgvTUEwR0NTcUdTSWIzRFFFQkJRVUFBNEdCQUtGSFMyS2pGUitYMlZrQWVESm81cVF3T1ozOQpsQ2dsU2p0OSt0dXVqcjdndGcrTE1MbVdQaGdGQjZRSUpkNUlkLzhKNnlWOHd2Nms0cGJjZDhnRHEwY1hNeWJuCmlCNWU1a0xUaUVyc3EyMTlsL2tCQ1VlSDV1RGF5cVo1V0ppQ2tPZEU3ZlB5enZNS3VOVEhWZlZtTmRsdXZXaDUKWjVCUzlHbGxybHJEeU0rSAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==</crt>
<prv>R2VuZXJhdGluZyBSU0EgcHJpdmF0ZSBrZXksIDEwMjQgYml0IGxvbmcgbW9kdWx1cwouLi4uLi4uKysrKysrCi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4rKysrKysKZSBpcyA2NTUzNyAoMHgxMDAwMSkKLS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlDWFFJQkFBS0JnUUM4dkNydjV6WXpmZTFaWlNHZFp0ZDhZK0NQeUVtUndIcE5aNDVmUENqTFZVVitiaVQvCnIyVCtYN1RFcTFySVRNak52aVpTVEsyOGxzZGkva1lxSG53YWhRbHVOSFhGdkx4c3BxdEFzb0VMTVgyWDVmSksKWG11Y28zSGFZWW1DTytKeUZsajdxdjFSMEFyMW5Kbkl0ZjZWY2pmZnZKVDBQZ2phSXVuT0RKU0dLUUlEQVFBQgpBb0dCQUpxRG1zdHBpVkJDcWt4anBVK040S0R2eStzcTJFQkJTbCtRaGxpbGtlaFYyVjBXbzZmSVduQit2aW04Cjk4ZkFSUzFiblZnSGVyMUkyOWZKd0h1L0ZXM2d5WEhYZHJReEpKYlFuc2xWQXN4Z3dYS00xQjFLdGMzQnJFQWEKVUlsbkVDSjFySG5paUZ4NWpZZEorTUNBeTc4Nm5qcjRjdmlIcCtWZ2pJUTY4eE01QWtFQTNqU0VFdkVGdi9Oegp0VjVqUnpERDk3Z2t1d2VWR3dHYUl2cXhJZ0lwTGpHVHA3L1ZqN2RyR3N3Smo2c1I0QSszeTZxSDhUa3JCamdjCk9VZlRQYXdjdHdKQkFObHdnUXNQNldURWJpci9NcDNoSEF3anFIRmJlUUhjVHlHd0pwZTFoRFVISGcyNkFaZDEKcUVCOTQ4eHNsRVBRc1NIcitEWlNkVXdVOTNpOEJKQTNWQjhDUVFESWlpYmtuV2Z1Qy83U29pUUJYUTZQNUQ0cQpHYmJGRDlZWFdaOUJyU2VUVENVUmtUMWhua3pvZTFycHNaL0pVd1l5cG01WUU1c3oycklHTkQ5K2VuWFRBa0JDCnA2UkhPZGQ0Rm1jWE15ZlhFZnpCRStVODZxZUxsSGVGZ2pReWFXaGZ3UkRMY0d1d2ZGYlpmajNvbXBoUXVaYXoKS1Z6cmVoZU8vUlpub210YnNqcE5Ba0JoR1hGb05GUUFoZGJuUHcrMFIydTV6UXdtdXY0ckFzMnduWldkS1pyYQpxQkVWb2ZRalp0YVN3OXJNQjl4ZGRBc2Q5Y0d5Z2daeEU3dEs5KzJwdkZ1WAotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=</prv></cert>
<ipv6allow><enablesshd>enabled</enablesshd>
<firmware><alturl><enable><firmwareurl>http://snapshots.pfsense.org/FreeBSD_RELENG_8_1/i386/pfSense_HEAD/.updaters</firmwareurl></enable></alturl></firmware>
<scrubnodf>enabled</scrubnodf>
<maximumstates><maximumtableentries><reflectiontimeout><lb_use_sticky><disablescrub>yes</disablescrub>
<dnsserver>192.168.254.254</dnsserver>
<dns1gwint>none</dns1gwint>
<dns2gwint>none</dns2gwint>
<dns3gwint>none</dns3gwint>
<dns4gwint>none</dns4gwint>
<authserver><refid>4c248ee714d96</refid>
<type>radius</type>
<name>radiusserver</name>
<host>10.1.0.241</host>
<radius_secret>secret</radius_secret>
<radius_auth_port>1812</radius_auth_port>
<radius_acct_port>1813</radius_acct_port></authserver></lb_use_sticky></reflectiontimeout></maximumtableentries></maximumstates></ipv6allow></time-update-interval></system>
<interfaces><wan><if>rl0</if>
<blockbogons><media><mediaopt><spoofmac><enable><ipaddr>192.168.254.2</ipaddr>
<subnet>24</subnet>
<gateway>WAN_GW_1</gateway></enable></spoofmac></mediaopt></media></blockbogons></wan>
<lan><enable><if>re0</if>
<media><mediaopt><ipaddr>10.1.0.2</ipaddr>
<subnet>24</subnet>
<blockbogons><spoofmac></spoofmac></blockbogons></mediaopt></media></enable></lan>
<opt1><if>re1</if>
<enable><ipaddr>10.1.1.2</ipaddr>
<subnet>24</subnet>
<blockbogons><spoofmac></spoofmac></blockbogons></enable></opt1>
<opt2><if>re2</if>
<enable><ipaddr>10.1.100.2</ipaddr>
<subnet>24</subnet>
<blockbogons><spoofmac></spoofmac></blockbogons></enable></opt2>
<opt3><if>re1_vlan20</if>
<enable><blockbogons><spoofmac><ipaddr>10.1.20.2</ipaddr>
<subnet>24</subnet></spoofmac></blockbogons></enable></opt3>
<opt4><if>re1_vlan99</if>
<enable><ipaddr>10.1.99.2</ipaddr>
<subnet>24</subnet>
<gateway>WAN_GW_99</gateway>
<blockbogons><spoofmac></spoofmac></blockbogons></enable></opt4>
<opt5><if>re1_vlan80</if>
<enable><ipaddr>10.1.80.2</ipaddr>
<subnet>24</subnet>
<blockbogons><spoofmac></spoofmac></blockbogons></enable></opt5>
<opt6><if>re1_vlan70</if>
<enable><ipaddr>10.1.70.2</ipaddr>
<subnet>24</subnet>
<blockbogons><spoofmac></spoofmac></blockbogons></enable></opt6></interfaces>
<staticroutes><pppoe><username><password></password></username></pppoe>
<pptp><username><password></password></username></pptp>
<dhcpd><lan><enable><range><from>10.1.0.50</from>
<to>10.1.0.200</to></range>
<defaultleasetime><maxleasetime><netmask><failover_peerip><gateway>10.1.0.1</gateway>
<domain><domainsearchlist><ddnsdomain><tftp><ldap><next-server><filename><rootpath><numberoptions><dnsserver>10.1.0.1</dnsserver></numberoptions></rootpath></filename></next-server></ldap></tftp></ddnsdomain></domainsearchlist></domain></failover_peerip></netmask></maxleasetime></defaultleasetime></enable></lan>
<opt5><range><from>10.1.80.50</from>
<to>10.1.80.200</to></range>
<defaultleasetime><maxleasetime><netmask><failover_peerip><dnsserver>10.1.80.1</dnsserver>
<gateway>10.1.80.1</gateway>
<domain><domainsearchlist><enable><ddnsdomain><tftp><ldap><next-server><filename><rootpath></rootpath></filename></next-server></ldap></tftp></ddnsdomain></enable></domainsearchlist></domain></failover_peerip></netmask></maxleasetime></defaultleasetime></opt5>
<opt6><range><from>10.1.70.50</from>
<to>10.1.70.200</to></range>
<defaultleasetime><maxleasetime><netmask><failover_peerip><gateway>10.1.70.1</gateway>
<domain><domainsearchlist><enable><ddnsdomain><tftp><ldap><next-server><filename><rootpath><numberoptions><dnsserver>10.1.70.1</dnsserver></numberoptions></rootpath></filename></next-server></ldap></tftp></ddnsdomain></enable></domainsearchlist></domain></failover_peerip></netmask></maxleasetime></defaultleasetime></opt6></dhcpd>
<pptpd><mode><redir><localip></localip></redir></mode></pptpd>
<ovpn><dnsmasq><enable><regdhcp><regdhcpstatic></regdhcpstatic></regdhcp></enable></dnsmasq>
<snmpd><syslocation><syscontact><rocommunity>public</rocommunity></syscontact></syslocation></snmpd>
<diag><ipv6nat></ipv6nat></diag>
<bridge><syslog><reverse><nentries>500</nentries></reverse></syslog>
<nat><ipsecpassthru><enable></enable></ipsecpassthru>
<advancedoutbound><rule><source>
<network>10.1.0.0/24</network><dstport>500</dstport>
<target><interface>wan</interface>
<destination><any></any></destination>
<staticnatport></staticnatport></target></rule>
<rule><source>
<network>10.1.0.0/24</network><dstport>5060</dstport>
<target><interface>wan</interface>
<destination><any></any></destination>
<staticnatport></staticnatport></target></rule>
<rule><source>
<network>10.1.0.0/24</network><sourceport><target><interface>wan</interface>
<destination><any></any></destination>
<natport></natport></target></sourceport></rule>
<rule><source>
<network>10.1.1.0/24</network><dstport>500</dstport>
<target><interface>wan</interface>
<destination><any></any></destination>
<staticnatport></staticnatport></target></rule>
<rule><source>
<network>10.1.1.0/24</network><dstport>5060</dstport>
<target><interface>wan</interface>
<destination><any></any></destination>
<staticnatport></staticnatport></target></rule>
<rule><source>
<network>10.1.1.0/24</network><sourceport><target><interface>wan</interface>
<destination><any></any></destination>
<natport></natport></target></sourceport></rule>
<rule><source>
<network>10.1.100.0/24</network><dstport>500</dstport>
<target><interface>wan</interface>
<destination><any></any></destination>
<staticnatport></staticnatport></target></rule>
<rule><source>
<network>10.1.100.0/24</network><dstport>5060</dstport>
<target><interface>wan</interface>
<destination><any></any></destination>
<staticnatport></staticnatport></target></rule>
<rule><source>
<network>10.1.100.0/24</network><sourceport><target><interface>wan</interface>
<destination><any></any></destination>
<natport></natport></target></sourceport></rule>
<rule><source>
<network>10.1.20.0/24</network><dstport>500</dstport>
<target><interface>wan</interface>
<destination><any></any></destination>
<staticnatport></staticnatport></target></rule>
<rule><source>
<network>10.1.20.0/24</network><dstport>5060</dstport>
<target><interface>wan</interface>
<destination><any></any></destination>
<staticnatport></staticnatport></target></rule>
<rule><source>
<network>10.1.20.0/24</network><sourceport><target><interface>wan</interface>
<destination><any></any></destination>
<natport></natport></target></sourceport></rule>
<rule><source>
<network>10.1.80.0/24</network><sourceport><target><interface>wan</interface>
<staticnatport><destination><any></any></destination>
<dstport>500</dstport></staticnatport></target></sourceport></rule>
<rule><source>
<network>10.1.80.0/24</network><sourceport><target><interface>wan</interface>
<staticnatport><destination><any></any></destination>
<dstport>5060</dstport></staticnatport></target></sourceport></rule>
<rule><source>
<network>10.1.80.0/24</network><sourceport><target><interface>wan</interface>
<destination><any></any></destination></target></sourceport></rule>
<rule><source>
<network>10.1.70.0/24</network><sourceport><target><interface>wan</interface>
<staticnatport><destination><any></any></destination>
<dstport>500</dstport></staticnatport></target></sourceport></rule>
<rule><source>
<network>10.1.70.0/24</network><sourceport><target><interface>wan</interface>
<staticnatport><destination><any></any></destination>
<dstport>5060</dstport></staticnatport></target></sourceport></rule>
<rule><source>
<network>10.1.70.0/24</network><sourceport><target><interface>wan</interface>
<destination><any></any></destination></target></sourceport></rule>
<rule><source>
<network>10.1.0.0/24</network><sourceport><target><interface>opt4</interface>
<staticnatport><destination><any></any></destination>
<dstport>500</dstport></staticnatport></target></sourceport></rule>
<rule><source>
<network>10.1.0.0/24</network><sourceport><target><interface>opt4</interface>
<staticnatport><destination><any></any></destination>
<dstport>5060</dstport></staticnatport></target></sourceport></rule>
<rule><source>
<network>10.1.0.0/24</network><sourceport><target><interface>opt4</interface>
<destination><any></any></destination></target></sourceport></rule>
<enable></enable></advancedoutbound>
<rule><source>
<any><destination><network>wan</network>
<port>5631</port></destination>
<protocol>tcp</protocol>
<target>hortimax</target>
<local-port>5631</local-port>
<interface>wan</interface>
<descr><associated-rule-id>nat_4c1b4426af2464.27325726</associated-rule-id></descr></any></rule>
<rule><source>
<any><destination><network>wan</network>
<port>5632</port></destination>
<protocol>udp</protocol>
<target>hortimax</target>
<local-port>5632</local-port>
<interface>wan</interface>
<descr><associated-rule-id>nat_4c1b44357c49a4.14192573</associated-rule-id></descr></any></rule>
<rule><source>
<any><destination><network>wan</network>
<port>80</port></destination>
<protocol>tcp</protocol>
<target>server</target>
<local-port>80</local-port>
<interface>wan</interface>
<descr><associated-rule-id>nat_4c1b57b62a5aa9.12048802</associated-rule-id></descr></any></rule>
<rule><source>
<any><destination><network>wan</network>
<port>81</port></destination>
<protocol>tcp</protocol>
<target>10.1.0.1</target>
<local-port>80</local-port>
<interface>wan</interface>
<descr><associated-rule-id>nat_4c1b87ce28c060.25443246</associated-rule-id></descr></any></rule>
<rule><source>
<any><destination><network>wan</network>
<port>82</port></destination>
<protocol>tcp</protocol>
<target>10.1.0.2</target>
<local-port>80</local-port>
<interface>wan</interface>
<descr><associated-rule-id>nat_4c1b885f994237.46693346</associated-rule-id></descr></any></rule>
<rule><source>
<any><destination><network>wan</network>
<port>83</port></destination>
<protocol>tcp</protocol>
<target>10.1.0.3</target>
<local-port>80</local-port>
<interface>wan</interface>
<descr><associated-rule-id>nat_4c1b886a8527d2.16324149</associated-rule-id></descr></any></rule>
<rule><source>
<any><destination><network>wan</network>
<port>3389</port></destination>
<protocol>tcp</protocol>
<target>10.1.0.242</target>
<local-port>3389</local-port>
<interface>wan</interface>
<descr><associated-rule-id>nat_4c22fe38b94296.26233715</associated-rule-id></descr></any></rule>
<onetoone><external>192.168.254.200</external>
<internal>10.1.0.243</internal>
<subnet>32</subnet>
<descr><interface>wan</interface></descr></onetoone></nat>
<filter><rule><id><type>pass</type>
<interface>wan</interface>
<max><max-src-nodes><max-src-conn><max-src-states><statetimeout><statetype>keep state</statetype>
<os><protocol>tcp</protocol>
<source>
<any><destination><address>10.1.0.1</address><port>80</port></destination>
<log><associated-rule-id>nat_4c1b87ce28c060.25443246</associated-rule-id></log></any></os></statetimeout></max-src-states></max-src-conn></max-src-nodes></max></id></rule>
<rule><id><type>pass</type>
<interface>wan</interface>
<max><max-src-nodes><max-src-conn><max-src-states><statetimeout><statetype>keep state</statetype>
<os><protocol>tcp</protocol>
<source>
<any><destination><address>10.1.0.2</address><port>80</port></destination>
<log><associated-rule-id>nat_4c1b885f994237.46693346</associated-rule-id></log></any></os></statetimeout></max-src-states></max-src-conn></max-src-nodes></max></id></rule>
<rule><id><type>pass</type>
<interface>wan</interface>
<max><max-src-nodes><max-src-conn><max-src-states><statetimeout><statetype>keep state</statetype>
<os><protocol>tcp</protocol>
<source>
<any><destination><address>10.1.0.3</address><port>80</port></destination>
<log><associated-rule-id>nat_4c1b886a8527d2.16324149</associated-rule-id></log></any></os></statetimeout></max-src-states></max-src-conn></max-src-nodes></max></id></rule>
<rule><source>
<any><interface>wan</interface>
<protocol>tcp</protocol>
<destination><address>10.1.0.242</address><port>3389</port></destination>
<associated-rule-id>nat_4c22fe38b94296.26233715</associated-rule-id></any></rule>
<rule><id><type>pass</type>
<interface>wan</interface>
<max><max-src-nodes><max-src-conn><max-src-states><statetimeout><statetype>keep state</statetype>
<os><source><address>192.168.254.200</address>
<destination><address>10.1.0.243</address></destination></os></statetimeout></max-src-states></max-src-conn></max-src-nodes></max></id></rule>
<rule><id><type>block</type>
<interface>opt6</interface>
<max><max-src-nodes><max-src-conn><max-src-states><statetimeout><statetype>keep state</statetype>
<os><source>
<network>opt6</network><destination><network>opt5</network></destination></os></statetimeout></max-src-states></max-src-conn></max-src-nodes></max></id></rule>
<rule><id><type>pass</type>
<interface>opt5</interface>
<max><max-src-nodes><max-src-conn><max-src-states><statetimeout><statetype>keep state</statetype>
<os><source>
<network>opt5</network><destination><any></any></destination>
<gateway>GW_GRP_1</gateway></os></statetimeout></max-src-states></max-src-conn></max-src-nodes></max></id></rule>
<rule><id><type>pass</type>
<interface>opt1</interface>
<max><max-src-nodes><max-src-conn><max-src-states><statetimeout><statetype>keep state</statetype>
<os><source>
<network>opt1</network><destination><any></any></destination>
<gateway>GW_GRP_1</gateway></os></statetimeout></max-src-states></max-src-conn></max-src-nodes></max></id></rule>
<rule><id><type>pass</type>
<interface>opt2</interface>
<max><max-src-nodes><max-src-conn><max-src-states><statetimeout><statetype>keep state</statetype>
<os><source>
<network>opt2</network><destination><any></any></destination></os></statetimeout></max-src-states></max-src-conn></max-src-nodes></max></id></rule>
<rule><id><type>pass</type>
<interface>lan</interface>
<max><max-src-nodes><max-src-conn><max-src-states><statetimeout><statetype>keep state</statetype>
<os><source>
<any><destination><network>opt1</network></destination></any></os></statetimeout></max-src-states></max-src-conn></max-src-nodes></max></id></rule>
<rule><id><type>pass</type>
<interface>lan</interface>
<max><max-src-nodes><max-src-conn><max-src-states><statetimeout><statetype>keep state</statetype>
<os><source>
<network>lan</network><destination><any></any></destination>
<gateway>GW_GRP_1</gateway></os></statetimeout></max-src-states></max-src-conn></max-src-nodes></max></id></rule>
<rule><id><type>pass</type>
<interface>enc0</interface>
<max><max-src-nodes><max-src-conn><max-src-states><statetimeout><statetype>keep state</statetype>
<os><source>
<any><destination><any></any></destination></any></os></statetimeout></max-src-states></max-src-conn></max-src-nodes></max></id></rule>
<rule><id><type>block</type>
<interface>WANgrp</interface>
<max><max-src-nodes><max-src-conn><max-src-states><statetimeout><statetype>keep state</statetype>
<os><source><address>169.254.0.0/16</address>
<destination><any></any></destination></os></statetimeout></max-src-states></max-src-conn></max-src-nodes></max></id></rule>
<rule><id><type>block</type>
<interface>WANgrp</interface>
<max><max-src-nodes><max-src-conn><max-src-states><statetimeout><statetype>keep state</statetype>
<os><source><address>0.0.0.0</address>
<destination><any></any></destination></os></statetimeout></max-src-states></max-src-conn></max-src-nodes></max></id></rule>
<rule><id><type>pass</type>
<interface>WANgrp</interface>
<max><max-src-nodes><max-src-conn><max-src-states><statetimeout><statetype>keep state</statetype>
<os><protocol>udp</protocol>
<source>
<any><destination><address>hortimax</address><port>5632</port></destination></any></os></statetimeout></max-src-states></max-src-conn></max-src-nodes></max></id></rule>
<rule><id><type>pass</type>
<interface>WANgrp</interface>
<max><max-src-nodes><max-src-conn><max-src-states><statetimeout><statetype>keep state</statetype>
<os><protocol>tcp</protocol>
<source>
<any><destination><address>hortimax</address><port>5631</port></destination></any></os></statetimeout></max-src-states></max-src-conn></max-src-nodes></max></id></rule>
<rule><id><type>pass</type>
<interface>WANgrp</interface>
<max><max-src-nodes><max-src-conn><max-src-states><statetimeout><statetype>keep state</statetype>
<os><protocol>tcp</protocol>
<source>
<any><destination><address>server</address><port>80</port></destination></any></os></statetimeout></max-src-states></max-src-conn></max-src-nodes></max></id></rule>
<rule><id><type>block</type>
<interface>LANgrp</interface>
<max><max-src-nodes><max-src-conn><max-src-states><statetimeout><statetype>keep state</statetype>
<os><source><address>10.0.0.0/24</address>
<destination><any></any></destination></os></statetimeout></max-src-states></max-src-conn></max-src-nodes></max></id></rule>
<rule><id><type>block</type>
<interface>LANgrp</interface>
<max><max-src-nodes><max-src-conn><max-src-states><statetimeout><statetype>keep state</statetype>
<os><source><address>0.0.0.0</address>
<destination><any></any></destination></os></statetimeout></max-src-states></max-src-conn></max-src-nodes></max></id></rule>
<rule><id><type>pass</type>
<interface>LANgrp</interface>
<max><max-src-nodes><max-src-conn><max-src-states><statetimeout><statetype>keep state</statetype>
<os><source>
<any><destination><any></any></destination><gateway>GW_GRP_1</gateway></any></os></statetimeout></max-src-states></max-src-conn></max-src-nodes></max></id></rule>
<rule><id><type>block</type>
<interface>INETONLYgrp</interface>
<max><max-src-nodes><max-src-conn><max-src-states><statetimeout><statetype>keep state</statetype>
<os><source>
<any><destination><network>opt3</network></destination></any></os></statetimeout></max-src-states></max-src-conn></max-src-nodes></max></id></rule>
<rule><id><type>block</type>
<interface>INETONLYgrp</interface>
<max><max-src-nodes><max-src-conn><max-src-states><statetimeout><statetype>keep state</statetype>
<os><source>
<any><destination><network>opt2</network></destination></any></os></statetimeout></max-src-states></max-src-conn></max-src-nodes></max></id></rule>
<rule><id><type>block</type>
<interface>INETONLYgrp</interface>
<max><max-src-nodes><max-src-conn><max-src-states><statetimeout><statetype>keep state</statetype>
<os><source>
<any><destination><network>opt1</network></destination></any></os></statetimeout></max-src-states></max-src-conn></max-src-nodes></max></id></rule>
<rule><id><type>block</type>
<interface>INETONLYgrp</interface>
<max><max-src-nodes><max-src-conn><max-src-states><statetimeout><statetype>keep state</statetype>
<os><source>
<any><destination><network>lan</network></destination></any></os></statetimeout></max-src-states></max-src-conn></max-src-nodes></max></id></rule>
<rule><id><type>block</type>
<interface>INETONLYgrp</interface>
<max><max-src-nodes><max-src-conn><max-src-states><statetimeout><statetype>keep state</statetype>
<os><source>
<any><destination><network>opt5</network></destination></any></os></statetimeout></max-src-states></max-src-conn></max-src-nodes></max></id></rule>
<rule><id><type>block</type>
<interface>INETONLYgrp</interface>
<max><max-src-nodes><max-src-conn><max-src-states><statetimeout><statetype>keep state</statetype>
<os><source>
<any><destination><network>opt6</network></destination></any></os></statetimeout></max-src-states></max-src-conn></max-src-nodes></max></id></rule>
<rule><id><type>pass</type>
<interface>INETONLYgrp</interface>
<max><max-src-nodes><max-src-conn><max-src-states><statetimeout><statetype>keep state</statetype>
<os><source>
<any><destination><any></any></destination>
<descr><gateway>GW_GRP_1</gateway></descr></any></os></statetimeout></max-src-states></max-src-conn></max-src-nodes></max></id></rule>
<rule><id><type>pass</type>
<interface>GWs</interface>
<max><max-src-nodes><max-src-conn><max-src-states><statetimeout><statetype>keep state</statetype>
<os><protocol>udp</protocol>
<source>
<any><destination><address>hortimax</address><port>5632</port></destination>
<associated-rule-id>nat_4c1b44357c49a4.14192573</associated-rule-id></any></os></statetimeout></max-src-states></max-src-conn></max-src-nodes></max></id></rule>
<rule><id><type>pass</type>
<interface>GWs</interface>
<max><max-src-nodes><max-src-conn><max-src-states><statetimeout><statetype>keep state</statetype>
<os><protocol>tcp</protocol>
<source>
<any><destination><address>hortimax</address><port>5631</port></destination>
<associated-rule-id>nat_4c1b4426af2464.27325726</associated-rule-id></any></os></statetimeout></max-src-states></max-src-conn></max-src-nodes></max></id></rule>
<rule><id><type>pass</type>
<interface>GWs</interface>
<max><max-src-nodes><max-src-conn><max-src-states><statetimeout><statetype>keep state</statetype>
<os><protocol>tcp</protocol>
<source>
<any><destination><address>server</address><port>80</port></destination>
<log><associated-rule-id>nat_4c1b57b62a5aa9.12048802</associated-rule-id></log></any></os></statetimeout></max-src-states></max-src-conn></max-src-nodes></max></id></rule></filter>
<shaper><ipsec><preferredoldsa><phase1><ikeid>1</ikeid>
<interface>vip3</interface>
<remote-gateway>secret</remote-gateway>
<mode>aggressive</mode>
<myid_type>fqdn</myid_type>
<myid_data>secret.local</myid_data>
<peerid_type>peeraddress</peerid_type>
<peerid_data><encryption-algorithm><name>aes</name>
<keylen>256</keylen></encryption-algorithm>
<hash-algorithm>sha1</hash-algorithm>
<dhgroup>5</dhgroup>
<lifetime>28800</lifetime>
<pre-shared-key>secret</pre-shared-key>
<private-key><certref>4c1b276dc77a3</certref>
<authentication_method>pre_shared_key</authentication_method>
<descr><nat_traversal>on</nat_traversal>
<dpd_delay>10</dpd_delay>
<dpd_maxfail>5</dpd_maxfail></descr></private-key></peerid_data></phase1>
<client><phase2><ikeid>1</ikeid>
<mode>tunnel</mode>
<localid><type>network</type><address>10.1.0.0</address>
<netbits>24</netbits></localid>
<remoteid><type>network</type><address>10.0.0.0</address>
<netbits>24</netbits></remoteid>
<protocol>esp</protocol>
<encryption-algorithm-option><name>aes</name>
<keylen>256</keylen></encryption-algorithm-option>
<hash-algorithm-option>hmac_sha1</hash-algorithm-option>
<pfsgroup>5</pfsgroup>
<lifetime>3600</lifetime></phase2>
<phase2><ikeid>1</ikeid>
<mode>tunnel</mode>
<localid><type>network</type><address>10.1.0.0</address>
<netbits>24</netbits></localid>
<remoteid><type>network</type><address>10.0.1.0</address>
<netbits>24</netbits></remoteid>
<protocol>esp</protocol>
<encryption-algorithm-option><name>aes</name>
<keylen>256</keylen></encryption-algorithm-option>
<hash-algorithm-option>hmac_sha1</hash-algorithm-option>
<pfsgroup>5</pfsgroup>
<lifetime>3600</lifetime></phase2>
<phase2><ikeid>1</ikeid>
<mode>tunnel</mode>
<localid><type>network</type><address>10.1.1.0</address>
<netbits>24</netbits></localid>
<remoteid><type>network</type><address>10.0.0.0</address>
<netbits>24</netbits></remoteid>
<protocol>esp</protocol>
<encryption-algorithm-option><name>aes</name>
<keylen>256</keylen></encryption-algorithm-option>
<hash-algorithm-option>hmac_sha1</hash-algorithm-option>
<pfsgroup>5</pfsgroup>
<lifetime>3600</lifetime></phase2>
<phase2><ikeid>1</ikeid>
<mode>tunnel</mode>
<localid><type>network</type><address>10.1.1.0</address>
<netbits>24</netbits></localid>
<remoteid><type>network</type><address>10.0.1.0</address>
<netbits>24</netbits></remoteid>
<protocol>esp</protocol>
<encryption-algorithm-option><name>aes</name>
<keylen>256</keylen></encryption-algorithm-option>
<hash-algorithm-option>hmac_sha1</hash-algorithm-option>
<pfsgroup>5</pfsgroup>
<lifetime>3600</lifetime></phase2>
<phase2><ikeid>1</ikeid>
<mode>tunnel</mode>
<localid><type>network</type><address>10.1.20.0</address>
<netbits>24</netbits></localid>
<remoteid><type>network</type><address>10.0.0.0</address>
<netbits>24</netbits></remoteid>
<protocol>esp</protocol>
<encryption-algorithm-option><name>aes</name>
<keylen>256</keylen></encryption-algorithm-option>
<hash-algorithm-option>hmac_sha1</hash-algorithm-option>
<pfsgroup>5</pfsgroup>
<lifetime>3600</lifetime></phase2>
<enable></enable></client></preferredoldsa></ipsec>
<aliases><alias><name>hortimax</name><address>10.1.1.101</address>
<descr><type>host</type>
<detail>Entry added Fri, 18 Jun 2010 12:01:26 +0200</detail></descr></alias>
<alias><name>server</name><address>10.1.1.11</address>
<descr><type>host</type>
<detail>Entry added Fri, 18 Jun 2010 11:48:29 +0200</detail></descr></alias></aliases>
<proxyarp><cron><minute>0</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 newsyslog
<minute>1,31</minute>
<hour>0-5</hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 adjkerntz -a
<minute>1</minute>
<hour>3</hour>
<mday>1</mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh
<minute>/60</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout
<minute>1</minute>
<hour>1</hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 /etc/rc.dyndns.update
<minute>/60</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot
<minute>/5</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday>*</wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 /usr/local/bin/checkreload.sh</cron>
<wol><rrd><enable></enable></rrd>
<load_balancer><monitor_type><name>ICMP</name>
<type>icmp</type>
<desc>ICMP</desc></monitor_type>
<monitor_type><name>TCP</name>
<type>tcp</type>
<desc>Generic TCP</desc></monitor_type>
<monitor_type><name>HTTP</name>
<type>http</type>
<desc>Generic HTTP</desc>
<options><path>/</path>
<host>200</host></options></monitor_type>
<monitor_type><name>HTTPS</name>
<type>https</type>
<desc>Generic HTTPS</desc>
<options><path>/</path>
<host>200</host></options></monitor_type>
<monitor_type><name>SMTP</name>
<type>send</type>
<desc>Generic SMTP</desc>
<options><send>EHLO nosuchhost</send>
<expect>250-</expect></options></monitor_type></load_balancer>
<widgets><sequence>system_information-container:col1:show,captive_portal_status-container:col1:show,carp_status-container:col1:show,cpu_graphs-container:col1:show,gateways-container:col1:show,gmirror_status-container:col1:close,installed_packages-container:col1:show,interface_statistics-container:col1:show,interfaces-container:col2:show,ipsec-container:col2:show,load_balancer_status-container:col2:show,log-container:col2:show,picture-container:col2:close,rss-container:col2:close,services_status-container:col2:show,traffic_graphs-container:col2:show,openvpn-container:col2:none</sequence>
<traffic_graphs-config>WAN1_graph-config:show,LAN_graph-config:show,LAN2_graph-config:show,CARP_graph-config:show,V20_graph-config:show,WAN99_graph-config:show,WIFI_graph-config:show,POLEN_graph-config:show,refreshInterval=2</traffic_graphs-config></widgets>
<vlans><vlan><if>re0</if>
<tag>1</tag>
<vlanif>re0_vlan1</vlanif></vlan>
<vlan><if>re1</if>
<tag>2</tag>
<vlanif>re1_vlan2</vlanif></vlan>
<vlan><if>re1</if>
<tag>20</tag>
<descr><vlanif>re1_vlan20</vlanif></descr></vlan>
<vlan><if>re1</if>
<tag>99</tag><vlanif>re1_vlan99</vlanif></vlan>
<vlan><if>re1</if>
<tag>80</tag><vlanif>re1_vlan80</vlanif></vlan>
<vlan><if>re1</if>
<tag>70</tag><vlanif>re1_vlan70</vlanif></vlan></vlans>
<revision><time>1277809635</time><username>admin</username></revision>
<ppps><l7shaper><container></container></l7shaper>
<dnshaper><gateways><gateway_item><interface>wan</interface>
<gateway>192.168.254.254</gateway>
<name>WAN_GW_1</name>
<weight>1</weight>
<descr><monitor>192.168.254.254</monitor>
<defaultgw></defaultgw></descr></gateway_item>
<gateway_item><interface>opt4</interface>
<gateway>10.1.99.254</gateway>
<name>WAN_GW_99</name>
<weight>1</weight>
<descr><monitor>10.1.99.254</monitor></descr></gateway_item>
<gateway_group><name>GW_GRP_1</name>
WAN_GW_1|1
WAN_GW_99|5
<trigger>down</trigger></gateway_group>
<gateway_group><name>GW_GRP_99</name>
WAN_GW_1|5
WAN_G</gateway_group></gateways></dnshaper></ppps></wol></proxyarp></shaper></bridge></ovpn></staticroutes></lastchange></pfsense> -
it doesnt redirect too here.
your config is cut off, no captive portal config there at all.
-
damn, i see.
lets post the rest of it now then :P<gateways><gateway_item><interface>wan</interface>
<gateway>192.168.254.254</gateway>
<name>WAN_GW_1</name>
<weight>1</weight>
<descr><monitor>192.168.254.254</monitor>
<defaultgw></defaultgw></descr></gateway_item>
<gateway_item><interface>opt4</interface>
<gateway>10.1.99.254</gateway>
<name>WAN_GW_99</name>
<weight>1</weight>
<descr><monitor>10.1.99.254</monitor></descr></gateway_item>
<gateway_group><name>GW_GRP_1</name>
WAN_GW_1|1
WAN_GW_99|5
<trigger>down</trigger></gateway_group>
<gateway_group><name>GW_GRP_99</name>
WAN_GW_1|5
WAN_GW_99|1
<trigger>down</trigger></gateway_group></gateways>
<openvpn><virtualip><vip><vip><mode>carp</mode>
<interface>lan</interface>
<vhid>1</vhid>
<advskew>0</advskew>
<password>secret</password>
<descr><type>single</type>
<subnet_bits>24</subnet_bits>
<subnet>10.1.0.1</subnet></descr></vip>
<vip><vip><mode>carp</mode>
<interface>opt1</interface>
<vhid>2</vhid>
<advskew>0</advskew>
<password>secret</password>
<descr><type>single</type>
<subnet_bits>24</subnet_bits>
<subnet>10.1.1.1</subnet></descr></vip>
<vip><vip><mode>carp</mode>
<interface>wan</interface>
<vhid>3</vhid>
<advskew>0</advskew>
<password>secret</password>
<descr><type>single</type>
<subnet_bits>24</subnet_bits>
<subnet>192.168.254.1</subnet></descr></vip>
<vip><vip><mode>carp</mode>
<interface>opt1</interface>
<vhid>4</vhid>
<advskew>0</advskew>
<password>secret</password>
<descr><type>single</type>
<subnet_bits>24</subnet_bits>
<subnet>10.1.1.254</subnet></descr></vip>
<vip><vip><mode>carp</mode>
<interface>opt4</interface>
<vhid>99</vhid>
<advskew>0</advskew>
<password>secret</password>
<descr><type>single</type>
<subnet_bits>24</subnet_bits>
<subnet>10.1.99.1</subnet></descr></vip>
<vip><vip><mode>carp</mode>
<interface>opt3</interface>
<vhid>21</vhid>
<advskew>0</advskew>
<password>secret</password>
<descr><type>single</type>
<subnet_bits>24</subnet_bits>
<subnet>10.1.20.254</subnet></descr></vip>
<vip><vip><mode>carp</mode>
<interface>opt3</interface>
<vhid>20</vhid>
<advskew>0</advskew>
<password>secret</password>
<descr><type>single</type>
<subnet_bits>24</subnet_bits>
<subnet>10.1.20.1</subnet></descr></vip>
<vip><vip><mode>carp</mode>
<interface>lan</interface>
<vhid>5</vhid>
<advskew>0</advskew>
<password>secret</password>
<descr><type>single</type>
<subnet_bits>24</subnet_bits>
<subnet>10.1.0.254</subnet></descr></vip>
<vip><vip><mode>carp</mode>
<interface>opt5</interface>
<vhid>80</vhid>
<advskew>0</advskew>
<password>secret</password>
<descr><type>single</type>
<subnet_bits>24</subnet_bits>
<subnet>10.1.80.1</subnet></descr></vip>
<vip><vip><mode>carp</mode>
<interface>opt6</interface>
<vhid>70</vhid>
<advskew>0</advskew>
<password>secret</password>
<descr><type>single</type>
<subnet_bits>24</subnet_bits>
<subnet>10.1.70.1</subnet></descr></vip></vip></vip></vip></vip></vip></vip></vip></vip></vip></vip></virtualip>
<installedpackages><carpsettings><config><pfsyncenabled>on</pfsyncenabled>
<pfsyncinterface>opt2</pfsyncinterface>
<pfsyncpeerip><synchronizerules>on</synchronizerules>
<synchronizeschedules>on</synchronizeschedules>
<synchronizealiases>on</synchronizealiases>
<synchronizenat>on</synchronizenat>
<synchronizeipsec>on</synchronizeipsec>
<synchronizeopenvpn>on</synchronizeopenvpn>
<synchronizedhcpd>on</synchronizedhcpd>
<synchronizewol>on</synchronizewol>
<synchronizestaticroutes>on</synchronizestaticroutes>
<synchronizelb>on</synchronizelb>
<synchronizevirtualip>on</synchronizevirtualip>
<synchronizetrafficshaper>on</synchronizetrafficshaper>
<synchronizednsforwarder>on</synchronizednsforwarder>
<synchronizetoip>10.1.100.3</synchronizetoip>
<password>secret</password></pfsyncpeerip></config></carpsettings>
<phpsysinfo><config><hidepicklist>on</hidepicklist>
<sensorprogram>on</sensorprogram>
<showmountpoint>on</showmountpoint>
<showinodes>on</showinodes>
<loadbar>on</loadbar>
<showerrors>on</showerrors></config></phpsysinfo>
<service><package><name>phpSysInfo</name>
<website>http://phpsysinfo.sourceforge.net/</website><category>System</category>
<version>2.5.4</version>
<status>Beta</status>
<required_version>1.0</required_version>
<depends_on_package_base_url>http://www.pfsense.com/packages/config/phpsysinfo/bin/</depends_on_package_base_url>
<depends_on_package>mbmon-205_4.tbz</depends_on_package>
<config_file>http://www.pfsense.com/packages/config/phpsysinfo/phpsysinfo.xml</config_file>
<configurationfile>phpsysinfo.xml</configurationfile></package><menu>
<name>phpsysinfo</name>
<tooltiptext>Status
<url>/pkg_edit.php?xml=phpsysinfo.xml&id=0</url></tooltiptext> </menu><tab><text>phpsysinfo</text>
<url>/pkg_edit.php?xml=phpsysinfo.xml&id=0</url>
<active></active></tab></service></installedpackages>
<ifgroups><ifgroupentry><ifname>WANgrp</ifname>
<members>wan opt4</members></ifgroupentry>
<ifgroupentry><ifname>LANgrp</ifname>
<members>lan opt1 opt3 opt5</members></ifgroupentry>
<ifgroupentry><ifname>INETONLYgrp</ifname>
<members>opt6</members></ifgroupentry></ifgroups>
<captiveportal><page><htmltext>PGZvcm0gbWV0aG9kPSJwb3N0IiBhY3Rpb249IiRQT1JUQUxfQUNUSU9OJCI+DQogICBuYWFtOjxpbnB1dCBuYW1lPSJhdXRoX3VzZXIiIHR5cGU9InRleHQiPjxicj4NCiAgIHdhY2h0d29vcmQ6PGlucHV0IG5hbWU9ImF1dGhfcGFzcyIgdHlwZT0icGFzc3dvcmQiPjxicj4NCiAgIHZvdWNoZXI6PGlucHV0IG5hbWU9ImF1dGhfdm91Y2hlciIgdHlwZT0idGV4dCI+PGJyPg0KICAgPGlucHV0IG5hbWU9InJlZGlydXJsIiB0eXBlPSJoaWRkZW4iIHZhbHVlPSIkUE9SVEFMX1JFRElSVVJMJCI+DQogICA8aW5wdXQgbmFtZT0iYWNjZXB0IiB0eXBlPSJzdWJtaXQiIHZhbHVlPSJDb250aW51ZSI+DQo8L2Zvcm0+</htmltext>
<errtext>RVJST1I6DQo8aW5wdXQgbmFtZT0iZXJyb3IiIHZhbHVlPSIkUE9SVEFMX01FU1NBR0UkIj4=</errtext>
<logouttext>bG9nb3V0Og0KPGlucHV0IG5hbWU9ImxvZ291dCIgdmFsdWU9IiRQT1JUQUxfTUVTU0FHRSQiPg==</logouttext></page>
<timeout><interface>opt5</interface>
<maxproc></maxproc>
<idletimeout><auth_method>radius</auth_method>
<reauthenticateacct>interimupdate</reauthenticateacct>
<httpsname><bwdefaultdn><bwdefaultup><certificate><cacertificate><private-key><redirurl><radiusip>10.1.0.241</radiusip>
<radiusip2><radiusport><radiusport2><radiusacctport><radiuskey>secret</radiuskey>
<radiuskey2><radiusvendor>default</radiusvendor>
<radiussrcip_attribute>10.1.0.1</radiussrcip_attribute>
<radmac_format>default</radmac_format>
<radiussession_timeout><radacct_enable><reauthenticate><enable></enable></reauthenticate></radacct_enable></radiussession_timeout></radiuskey2></radiusacctport></radiusport2></radiusport></radiusip2></redirurl></private-key></cacertificate></certificate></bwdefaultup></bwdefaultdn></httpsname></idletimeout></timeout></captiveportal>
<voucher><charset>2345678abcdefhijkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ</charset>
<rollbits>16</rollbits>
<ticketbits>10</ticketbits>
<saveinterval>300</saveinterval>
<checksumbits>5</checksumbits>
<magic>a nice magic number</magic>
<publickey>a nice secret key</publickey>
<privatekey>a nice secret key</privatekey>
<msgnoaccess>Voucher invalid</msgnoaccess>
<msgexpired>Voucher expired</msgexpired>
<enable><roll><number>1</number>
<minutes>15</minutes>
<comment>15min vouchers</comment>
<count>20</count>
<used>AgAA</used>
<active></active></roll>
<roll><number>2</number>
<minutes>60</minutes>
<comment>60min</comment>
<count>20</count>
<used>AAAA</used>
<active></active></roll>
<roll><number>3</number>
<minutes>120</minutes>
<comment>120min</comment>
<count>20</count>
<used>AAAA</used>
<active></active></roll></enable></voucher></openvpn> -
@cmb:
Going to need a lot more info than "it doesn't work". It does work in every scenario I have setup, and we've deployed it in production in the past week for a WISP on several systems with multiple VLANs on each and no problems. I suspect at this point if it doesn't work you don't have things setup right for DNS to function, hence are never hitting the firewall to get redirected.
I know from my friends, that actually makes the problem are:
- If we activate the option Enable logout popup window
<logoutwin_enable>/usr/local/captiveportal/index.php (original)
_if(isset($config['captiveportal']['logoutwin_enable']) && !$passthrumac) {
if (isset($config['captiveportal']['httpslogin']))
$logouturl = "https://{$config['captiveportal']['httpsname']}:8001/";
else {
$ifip = portal_ip_from_client_ip($clientip);
if (!$ifip)
$ourhostname = $config['system']['hostname'] . ":8000";
else
$ourhostname = "{$ifip}:8000";
$logouturl = "http://{$ourhostname}/";
}include("{$g['varetc_path']}/captiveportal-logout.html");
} else {
if($_POST['ORIGINAL_PORTAL_IP'] && $_SERVER['SERVER_NAME'] != $_POST['ORIGINAL_PORTAL_IP']) {
header ('HTTP/1.1 301 Moved Permanently');
header("Location: " . $_POST['ORIGINAL_PORTAL_IP']);
} else {
header("Location: " . $my_redirurl);
}
}return $sessionid;
}_I try to add (insert the bold text into /usr/local/captiveportal/index.php (line 478)
if(isset($config['captiveportal']['logoutwin_enable']) && !$passthrumac) {
if (isset($config['captiveportal']['httpslogin']))
$logouturl = "https://{$config['captiveportal']['httpsname']}:8001/";
else {
$ifip = portal_ip_from_client_ip($clientip);
if (!$ifip)
$ourhostname = $config['system']['hostname'] . ":8000";
else
$ourhostname = "{$ifip}:8000";
$logouturl = "http://{$ourhostname}/";
}
**echo << <eod<br><title>Redirecting…</title>Redirecting to {$my_redirurl}...
EOD;
/*</eod<br>** include("{$g['varetc_path']}/captiveportal-logout.html"); *Maybe its a bug, required variables are empty (eg. $my_redirurl, $redirurl, etc) /
} else {
if($_POST['ORIGINAL_PORTAL_IP'] && $_SERVER['SERVER_NAME'] != $_POST['ORIGINAL_PORTAL_IP']) {
header ('HTTP/1.1 301 Moved Permanently');
header("Location: " . $_POST['ORIGINAL_PORTAL_IP']);
} else {
header("Location: " . $my_redirurl);
}
}return $sessionid;
}and, works …</logoutwin_enable>
- If we activate the option Enable logout popup window
-
so you added
echo << <eod<br><title>Redirecting…</title>
Redirecting to {$my_redirurl}… [EOD;
and you commented out the line where the logout page is included?]({$my_redirurl})</eod<br>
-
so you added
echo << <eod<br><title>Redirecting…</title>
Redirecting to {$my_redirurl}… [.
.and you commented out the line where the logout page is included?]({$my_redirurl})</eod<br>
correct…
insert the bold text into /usr/local/captiveportal/index.php (line 478) -
I had a similar problem, I was having strange problems with the captive portal. Redirect wasn't working. Would only work when I would go to a specific local site that was listed in the allowed IP addresses. When I set it up from scratch it would work fine though. So I stopped trying to use the backed up config I was using and rebuilt it from scratch using the webgui, and now it works just fine. So something in my old config wasn't quite right.
I did notice that there was data in the "Authentication Error page contents" that I never explicitly set. It must have been assigned there by mistake.
Josh