Using CP on OPT interface with wireless AP?

hoba · Dec 17, 2006, 3:09 AM

It looks ok. In general you need to use the interface IP of the captive portal enabled interface as DNS server for the redirect to work and to bring up the CP page. After authenticating at the CP page the firewallrules present for the interface will be applied. From what you did I don't see any obvious error. Maybe a reinstall would help. Is this a system that has been upgraded a lot of times already starting with a pretty old version?

danbutter · Dec 17, 2006, 3:18 AM

I actually tried two different systems one of which was. From back at .9xx something. But I never went past 1.0.1 with that one.
The current one I am using is using the latest snapsnot that sullrich posted. This box was a fresh install of 1.0.1.

I could burn a disc and try a new install.

Maybe tomorrow.

hoba · Dec 17, 2006, 3:38 AM

Please send me your config.xml to holger <dot>bauer <at>citec-ag <dot>de. Maybe some other feature like nat reflection or whatever is not playing well in the mix.</dot></at></dot>

danbutter · Dec 17, 2006, 3:59 AM

will do, but in the meantime I have even more weirdness to report.

Ok this box has 4 nics and therefore 2 OPT interfaces.
Just messing around I left the OPT1 that I had named CP alone. No changes at all.

I then enabled the OPT2 interface.
Gave it an IP of 192.168.33.1
went to the DHCP server put that IP as the dns and set a range from 192.168.33.22 to .55
Went to firewall > rules and this time set ANY rather than leaving it at TCP.
Plugged in the wireless and it worked!
Tried with computer and the crossover cable and it worked!

I thought great! it works, but…
I used a usb wireless adapter on my main computer. I would switch between them in network connections by disabling one and using the other one to test the wireless.

Well... when I went to switch back to the wired nic which should be LAN I got an IP from the OPT2 interface!
I tried to release and renew...same IP. I tried to use flushdns in between there...same IP.
I rebooted the machine...same IP.
I went to another PC on the network that still had a valid lease and got into the web interface and turned off the OPT2 interface...same IP.
I then turned it back on, went to the DHCP server for OPT2 and disabled it.

Now I can get an IP for the LAN as I am supposed to.

I'm starting to think my pfsense box is haunted.

sending the config in a couple mins here.

jeroen234 · Dec 17, 2006, 11:34 AM

@danbutter:

Ok, I documented everything I did as I did it so that someone can hopefully tell me what I did wrong.

Ok then I then changed the name of the OPT1 interface to CP, changed it's IP to 192.168.11/24, enabled it and clicked on save.

Thanks for any help anyone can give me here.

i hope you meen 192.168.11.1/24

danbutter · Dec 17, 2006, 2:51 PM

yes, I did mean 192.168.11.1/24.

Good catch though.

danbutter · Dec 19, 2006, 3:49 PM

Just to update this, I was able to do the same thing on the OPT1 interface.
I changed the IP to a /16 rather than /24 and changed the firewall rule to ANY rather than just TCP and it works.

However the DHCP server for the OPT interface still takes over my LAN clients.
I have to turn off the DHCP server for the OPT interface to get the one on the LAN interface to work again.
Strange.

hoba…Did you get the config.xml that I sent to you?

hoba · Dec 19, 2006, 6:54 PM

Didn't get anything yet.

danbutter · Dec 19, 2006, 8:07 PM

well, I sent it out on the 16th so I either typed something wrong or maybe your email doesn't like hotmail?

Either way I am attaching it now.
I don't think there is anything private in there.

config.xml.txt

hoba · Dec 19, 2006, 9:46 PM

Ok, I'll test it with one of my systems soon.

danbutter · Dec 21, 2006, 3:19 PM

Ok thanks.
No hurry.
I won't be messing with the box till next year at this point anyway.

I do believe that I will do a fresh install of 1.0.1 though as there are things like the shaper wizard that are broken for me in the snapshot.
I also keep getting a very strange thing where some computers on my network will only get between 5 and 6MB to the internet while others get 20Mb….it isn't all the time....just strange.
So I think a fresh install is in order after the holidays.

greyman · Jan 18, 2007, 12:15 AM

Ok. Just installed 1.0.1 on a 4801-60. All is working fine. for me until I enable captive portal (CP). I basically have my network configured the same way. Here is what I have

sis0: LAN: 192.168.0.1/25
sis1: WAN: DHCP (Public IP Supplied by SBC DSL Modem)
sis2: OPT: 192.168.0.129/25 (Airport wireless Network with WDS)

sis0 is running a DHCP server for the LAN clients
sis2 is running a DHCP server for the users that are wireless

all this works before enabling CP. Once I enable CP the browser never gets redirected to the CP to allow me to authenticate.

any ideas?

hoba · Jan 18, 2007, 4:17 PM

@hoba:

…you need to use the interface IP of the captive portal enabled interface as DNS server for the redirect to work and to bring up the CP page....

greyman · Jan 18, 2007, 4:40 PM

After reading thru the thread before posting by post I had noticed that and have set it up accordingly. The DHCP server that assigns IP addresses on that interface assigns the interface as the primary DNS server.

Still NO go. ;-(