Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CP still not working for me on VLAN

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    6 Posts 2 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      ktims
      last edited by

      I encountered an issue some time ago with captive portal not working on my VLAN wifi, which resulted in issue #357, which was apparently resolved way back in March. I'm still running into exactly the same problem though; I can see the captive user's traffic hit the firewall with tcpdump, but no response traffic ever goes out. The user never makes a connection to anything, just times out. DNS does seem to work.

      As before, manually navigating the to the CP URL and clicking through connects the user and it works fine after that. I've tried various adjustments to the CP configuration, but my setup is pretty basic, there's not much to be changed.

      The hit count on the fwd rule does increase.

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        That was indeed fixed in March, we've put a number of CP deployments on 2.0 in production since then using VLANs with no issues. Even assigning the parent, with or without CP, works fine where that can't be done in 1.2.3.

        can you email me your full configuration?  cmb at pfsense dot org  link this thread.

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          You've got all kinds of stuff going on in that config. I don't see anything obviously wrong, but there are numerous things in there that could potentially be the cause (my first guess would be packages, but looking through what you have on there, I don't think any of them would cause problems).

          I suggest building another box for testing, setup just the VLANs, IPs, firewall rules, and CP and see if that works (it definitely should). Then start dropping in bits of your configuration and see what happens.

          Before going that far, some things to check:

          1. make sure you have basic IP connectivity. You should be able to ping that interface IP.
            2)  try to load the portal page manually by browsing to http://<interface ip="">:8000  if that loads, and you click through, do you get out?</interface>
          1 Reply Last reply Reply Quote 0
          • K
            ktims
            last edited by

            Yeah, it's my home 'do as much as I can and actually exercise it to see what breaks' setup, I'm not surprised to see some conflicts drop out, but that's good, right :P

            I'll see if I can blow away the config and restore it bit by bit to narrow it down, but it'll take me some time to get to that.

            1. Yup
            2. Yup, works fine if I do it manually, it appears to be either the forward rule not working or the return traffic not arriving at the client
            1 Reply Last reply Reply Quote 0
            • C
              cmb
              last edited by

              Get a packet capture on the interface running CP and grab what happens when you try to browse somewhere. Download the pcap and email it to me.

              1 Reply Last reply Reply Quote 0
              • C
                cmb
                last edited by

                The pcap shows nothing is answering the SYN, so something you have there is overriding that fwd, possibly Squid with its rdr. Either start clean and see at what point it breaks as you add things, or start removing things, I'd start with Squid, and see what happens.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.