• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

CP problem redirect to voucher page

Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
15 Posts 2 Posters 6.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S Offline
    stefanero
    last edited by Oct 25, 2010, 1:57 PM

    Hi there,

    I have a little strange problem with the captive portal. Currently running version Thu Oct 14 01:16:12 EDT 2010 i386.

    We have a distributed setup.

    Inet –- PFsense (172.30.11.10) -- router -- WLAN (172.31.0.XX)
                                                         ^-- WLAN (172.32.0.XX)
                                                         ^-- WLAN....

    So the strange thing is,

    • when I disable CP it works fine to connect from the WLAN to the inet

    • when I enable CP there should be a redirect to the CP voucher loing page. I can see the redirect URL in the browser, but it times out after a while.

    • when I open a webbrowser, browse to the IP of PFsense (I dont even do anything here just open), close browser, reopen again and browse to google, the redirect works to the voucher login page.

    This keeps working for a couple days or until I reboot PFsense. Then my browser will timeout againe when not allowed to browse thruw CP.
    Opening up PFsense admin site, and then rebrowse back to the Inet redirects me to the voucher page.

    Does anyone have an idear and can help me out.

    thnx a lot
    stefan

    WE ARE THE MICROSOFT! YOU'LL BE ASSIMILATED! RESISTANCE IS FUTILE!

    1 Reply Last reply Reply Quote 0
    • S Offline
      stefanero
      last edited by Oct 26, 2010, 11:02 AM

      I tryed to dig this down a little

      when the client is in the state of "not redirecting to the voucher" page, I send a ping from the pfSense to the client.

      The ping worked, but still the redirect was not working correctly.

      Also I did a ping from the client to the pfSense, but still the redirect to the voucher page was not happening when trying to access the Inet.

      Only after I visited the pfSense Webinterface (admin login page) and then retry to open "google.com" for example the redirect to the voucher loing pages worked fine.

      Hope this helps a little.

      stefanero

      WE ARE THE MICROSOFT! YOU'LL BE ASSIMILATED! RESISTANCE IS FUTILE!

      1 Reply Last reply Reply Quote 0
      • E Offline
        eri--
        last edited by Oct 26, 2010, 12:19 PM

        You are blocking dns and have possibly no allow rule in firewall rules.
        Check the wiki it has documentation for this.

        1 Reply Last reply Reply Quote 0
        • S Offline
          stefanero
          last edited by Oct 26, 2010, 12:56 PM

          Well I do have 3 DNS servers setup in the allowed

          "Allowed IP addresses" TAB,

          and also the network where the clients come from are allowed todo "anything".

          Let me explain the way I did it:

          -open browser, browse to www.google.com –> times out , close browser
          -open browser, browse to IP of pfsense --> the login pops up , close browser
          -open browser, browse to www.google.com --> redirect to voucher page --> authenticate --> works fine

          I dont change anything in the settings,
          after I browse 1 time to the url of the pfSense server and connect to the webserver it works okey.

          stefan

          WE ARE THE MICROSOFT! YOU'LL BE ASSIMILATED! RESISTANCE IS FUTILE!

          1 Reply Last reply Reply Quote 0
          • S Offline
            stefanero
            last edited by Oct 27, 2010, 1:17 PM

            Hi again,

            I just digged out an old pfSense snapshot from Tue Aug 10 21:16:23 EDT 2010
            and here the captive portal workes fine.

            I installed pfSense from Aug 10 and loaded the current config to it, and here I dont have to access the pfSense admin-page from a client to get the redirect to the voucher page.

            teh redirect here works out of the box, when connecting to google or whatever page.

            sry to tell but looks to me like a bug in the CP somewhere.

            WE ARE THE MICROSOFT! YOU'LL BE ASSIMILATED! RESISTANCE IS FUTILE!

            1 Reply Last reply Reply Quote 0
            • S Offline
              stefanero
              last edited by Oct 27, 2010, 2:53 PM

              Alright, I even managed to narrow down where the error got introduced.

              I have some old pfSense images still stored on my pc here,

              the next one after Aug 10 was Fri Aug 27 23:40:39 EDT 2010

              here it is not working anymore.  So its "just" 17days of CP commits where this error might have been introduced.

              Hope this helps a little

              Stefanero

              WE ARE THE MICROSOFT! YOU'LL BE ASSIMILATED! RESISTANCE IS FUTILE!

              1 Reply Last reply Reply Quote 0
              • S Offline
                stefanero
                last edited by Oct 28, 2010, 1:23 PM

                Hi,

                not sure if someone is working on this, since noone repleyed.

                I will post netstat

                Proto      Recv-Q  Send-Q  Local Address          Foreign Address      (state)
                tcp4      0          2196      74.125.43.99.8000  172.31.0.9.53012    FIN_WAIT_1
                tcp4      0          0          74.125.43.99.80      172.31.0.9.53011    TIME_WAIT

                I will rollback to Aug 20th snapshot since this worked fine…

                If you need me to test smth or have any updates just let me know.

                regards
                Stefan

                WE ARE THE MICROSOFT! YOU'LL BE ASSIMILATED! RESISTANCE IS FUTILE!

                1 Reply Last reply Reply Quote 0
                • E Offline
                  eri--
                  last edited by Oct 28, 2010, 3:36 PM

                  Try modifyin /usr/local/captiveportal/index.php

                  Remove line 46 which has:
                  header("Connection: close");

                  and retry.

                  1 Reply Last reply Reply Quote 0
                  • S Offline
                    stefanero
                    last edited by Oct 29, 2010, 5:48 AM Oct 29, 2010, 5:45 AM

                    Hi there,

                    well did not help it, I commented it out

                    //header("Connection: close");

                    but its doing the same thing as before, just times out while connecting to it.
                    And then again connecting to the pfSense webserver, and reopening google it redirects directly to the voucher page…

                    Stefan

                    @ermal:

                    Try modifyin /usr/local/captiveportal/index.php

                    Remove line 46 which has:
                    header("Connection: close");

                    and retry.

                    WE ARE THE MICROSOFT! YOU'LL BE ASSIMILATED! RESISTANCE IS FUTILE!

                    1 Reply Last reply Reply Quote 0
                    • S Offline
                      stefanero
                      last edited by Oct 29, 2010, 7:04 AM

                      Hi there,

                      a little update.

                      it works on my least favorite OS now -> windows… the redirect happens, I just mostly never use windows but thats fixed now.

                      It does not work for *nix , like Linux / Android / iPad etc pp :)

                      hope this helps
                      stefan

                      WE ARE THE MICROSOFT! YOU'LL BE ASSIMILATED! RESISTANCE IS FUTILE!

                      1 Reply Last reply Reply Quote 0
                      • S Offline
                        stefanero
                        last edited by Nov 2, 2010, 8:24 AM

                        Hi,

                        is there any way I could help? There seams to be a difference on  how windows works with the redirect to the captive portal, and the way *nix handle this.

                        Do you require some wireshark traces or smth like this.

                        Stefan

                        WE ARE THE MICROSOFT! YOU'LL BE ASSIMILATED! RESISTANCE IS FUTILE!

                        1 Reply Last reply Reply Quote 0
                        • E Offline
                          eri--
                          last edited by Nov 2, 2010, 11:19 AM

                          Yes if you have them.

                          But preferably you should not run the GUI on port 80.

                          1 Reply Last reply Reply Quote 0
                          • S Offline
                            stefanero
                            last edited by Nov 2, 2010, 12:26 PM Nov 2, 2010, 12:11 PM

                            Hi erml,

                            I changed Port from 80 to 8080, but this did not change anything.

                            I will upload wireshark traces from a ubuntu system, I renamed the wireshark files to txt, since this is a valid extention.

                            The not working variante, was just opening a firefox and browse to www.google.com, I let it try for a couple of seconds and stopped it.

                            Then 2nd working one, was with a connect to pfsense ip in the beginning on port 8080 this time, and then reopen www.google.com

                            if you need anything let me know.

                            cu
                            stefanero

                            wireshark-portal-not-working.txt
                            wireshark-portal-working.txt

                            WE ARE THE MICROSOFT! YOU'LL BE ASSIMILATED! RESISTANCE IS FUTILE!

                            1 Reply Last reply Reply Quote 0
                            • S Offline
                              stefanero
                              last edited by Nov 2, 2010, 12:26 PM

                              OMG

                              I found it …

                              its the redirect page...

                              If I insert my own redirect page , I just simple copied the example code, and insert it into a html file and use this instead of the original -> it works.... :D

                              WE ARE THE MICROSOFT! YOU'LL BE ASSIMILATED! RESISTANCE IS FUTILE!

                              1 Reply Last reply Reply Quote 0
                              • S Offline
                                stefanero
                                last edited by Nov 2, 2010, 2:03 PM

                                Hi again,

                                working my way thruw.

                                If the redirect page is to "big" it wont work for *nix systems.

                                I will attach 2 very easy and simple html files, the smaller one works on *nix, the bigger one will fail with the same error as mentioned above.

                                you will notice only difference is , the two big blocks of "dummy text" in a table collum.

                                I checkd lighthttpd error log but could not see anything…

                                test-big.txt
                                test-small.txt

                                WE ARE THE MICROSOFT! YOU'LL BE ASSIMILATED! RESISTANCE IS FUTILE!

                                1 Reply Last reply Reply Quote 0
                                15 out of 15
                                • First post
                                  15/15
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                  This community forum collects and processes your personal information.
                                  consent.not_received