[SOLVED] Captive portal doesn't work on VLAN

zipiju

Hi,

I've just upgraded pfsense from 1.2.3 to 2.0 and Captive portal enabled on VLAN interface doesn't work anymore.
I can access portal page from LAN interface with both LAN and VLAN IP addresses, but can't access it when connected to VLAN.
When I connect to VLAN I get IP from DHCP, DNS works, Ping to VLAN works too, but nothing more. I've checked firewall rules, they are all ok and it was working prior to upgrade.
The same issue is with enabled Squid on same interface (or any other VLAN interface) with, or without enabled Captive portal.
If I disable captive portal and/or Squid, everything works.
Does someone have configuration like this and has Captive portal or Squid working?

pfSense version is 2.0-RC3 (i386) built on Fri Jul 22 22:35:57 EDT 2011.

Thank you.

eri--

Can you show an ifconifg output?

zipiju

Sure

vr0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
        options=82808 <vlan_mtu,wol_ucast,wol_magic,linkstate>ether 00:40:63:e6:e1:e7
        inet6 fe80::240:63ff:fee6:e1e7%vr0 prefixlen 64 scopeid 0x1
        inet 192.168.0.100 netmask 0xffffff00 broadcast 192.168.0.255
        nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
ste0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
        options=82008 <vlan_mtu,wol_magic,linkstate>ether 00:22:15:d6:40:44
        inet6 fe80::222:15ff:fed6:4044%ste0 prefixlen 64 scopeid 0x2
        nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
plip0: flags=8810 <pointopoint,simplex,multicast>metric 0 mtu 1500
lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
        options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
        nd6 options=3 <performnud,accept_rtadv>pfsync0: flags=0<> metric 0 mtu 1460
        syncpeer: 224.0.0.240 maxupd: 128 syncok: 1
pflog0: flags=100 <promisc>metric 0 mtu 33200
enc0: flags=0<> metric 0 mtu 1536
vr0_vlan2: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
        ether 00:40:63:e6:e1:e7
        inet6 fe80::240:63ff:fee6:e1e7%vr0_vlan2 prefixlen 64 scopeid 0x8
        inet 172.16.0.100 netmask 0xffffff00 broadcast 172.16.0.255
        nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
        vlan: 2 parent interface: vr0
vr0_vlan3: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
        ether 00:40:63:e6:e1:e7
        inet6 fe80::240:63ff:fee6:e1e7%vr0_vlan3 prefixlen 64 scopeid 0x9
        inet 172.16.1.100 netmask 0xffffff00 broadcast 172.16.1.255
        nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
        vlan: 3 parent interface: vr0
vr0_vlan10: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
        ether 00:40:63:e6:e1:e7
        inet6 fe80::240:63ff:fee6:e1e7%vr0_vlan10 prefixlen 64 scopeid 0xa
        inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255
        nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
        vlan: 10 parent interface: vr0
pppoe0: flags=88d1 <up,pointopoint,running,noarp,simplex,multicast>metric 0 mtu 1492
        inet 95.102.245.147 --> 213.81.232.203 netmask 0xffffffff
        inet6 fe80::240:63ff:fee6:e1e7%pppoe0 prefixlen 64 scopeid 0xb
        nd6 options=3 <performnud,accept_rtadv>ovpns1: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
        options=80000 <linkstate>inet6 fe80::240:63ff:fee6:e1e7%ovpns1 prefixlen 64 scopeid 0xc
        inet 192.168.3.1 --> 192.168.3.2 netmask 0xffffffff
        nd6 options=3 <performnud,accept_rtadv>Opened by PID 27374
ovpns2: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
        options=80000 <linkstate>inet6 fe80::240:63ff:fee6:e1e7%ovpns2 prefixlen 64 scopeid 0xd
        inet 192.168.2.1 --> 192.168.2.2 netmask 0xffffffff
        nd6 options=3 <performnud,accept_rtadv>Opened by PID 34356</performnud,accept_rtadv></linkstate></up,pointopoint,running,multicast></performnud,accept_rtadv></linkstate></up,pointopoint,running,multicast></performnud,accept_rtadv></up,pointopoint,running,noarp,simplex,multicast></full-duplex></performnud,accept_rtadv></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></up,broadcast,running,simplex,multicast></promisc></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></pointopoint,simplex,multicast></full-duplex></performnud,accept_rtadv></vlan_mtu,wol_magic,linkstate></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></vlan_mtu,wol_ucast,wol_magic,linkstate></up,broadcast,running,simplex,multicast> 

LAN side is vr0, this is where all vlans are created, WAN is ste0 and it is PPPoE.

eri--

I do not see where you have enabled captiveportal?
You sure you have enabled it?

zipiju

Hi,

it is disabled atm since it's a free hotspot and portal page only contained some welcome information.

Here is ifconfig output with portal enabled on vr0_vlan2:

vr0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
        options=82808 <vlan_mtu,wol_ucast,wol_magic,linkstate>ether 00:40:63:e6:e1:e7
        inet6 fe80::240:63ff:fee6:e1e7%vr0 prefixlen 64 scopeid 0x1
        inet 192.168.0.100 netmask 0xffffff00 broadcast 192.168.0.255
        nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
ste0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
        options=82008 <vlan_mtu,wol_magic,linkstate>ether 00:22:15:d6:40:44
        inet6 fe80::222:15ff:fed6:4044%ste0 prefixlen 64 scopeid 0x2
        nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
plip0: flags=8810 <pointopoint,simplex,multicast>metric 0 mtu 1500
lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
        options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
        nd6 options=3 <performnud,accept_rtadv>pfsync0: flags=0<> metric 0 mtu 1460
        syncpeer: 224.0.0.240 maxupd: 128 syncok: 1
pflog0: flags=100 <promisc>metric 0 mtu 33200
enc0: flags=0<> metric 0 mtu 1536
vr0_vlan2: flags=108843 <up,broadcast,running,simplex,multicast,ipfw_filter>metric 0 mtu 1500
        ether 00:40:63:e6:e1:e7
        inet6 fe80::240:63ff:fee6:e1e7%vr0_vlan2 prefixlen 64 scopeid 0x8
        inet 172.16.0.100 netmask 0xffffff00 broadcast 172.16.0.255
        nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
        vlan: 2 parent interface: vr0
vr0_vlan3: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
        ether 00:40:63:e6:e1:e7
        inet6 fe80::240:63ff:fee6:e1e7%vr0_vlan3 prefixlen 64 scopeid 0x9
        inet 172.16.1.100 netmask 0xffffff00 broadcast 172.16.1.255
        nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
        vlan: 3 parent interface: vr0
vr0_vlan10: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
        ether 00:40:63:e6:e1:e7
        inet6 fe80::240:63ff:fee6:e1e7%vr0_vlan10 prefixlen 64 scopeid 0xa
        inet 192.168.1.190 netmask 0xffffff00 broadcast 192.168.1.255
        nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
        vlan: 10 parent interface: vr0
pppoe0: flags=88d1 <up,pointopoint,running,noarp,simplex,multicast>metric 0 mtu 1492
        inet 95.102.245.147 --> 213.81.232.203 netmask 0xffffffff
        inet6 fe80::240:63ff:fee6:e1e7%pppoe0 prefixlen 64 scopeid 0xb
        nd6 options=3 <performnud,accept_rtadv>ovpns1: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
        options=80000 <linkstate>inet6 fe80::240:63ff:fee6:e1e7%ovpns1 prefixlen 64 scopeid 0xc
        inet 192.168.3.1 --> 192.168.3.2 netmask 0xffffffff
        nd6 options=3 <performnud,accept_rtadv>Opened by PID 27374
ovpns2: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
        options=80000 <linkstate>inet6 fe80::240:63ff:fee6:e1e7%ovpns2 prefixlen 64 scopeid 0xd
        inet 192.168.2.1 --> 192.168.2.2 netmask 0xffffffff
        nd6 options=3 <performnud,accept_rtadv>Opened by PID 34356
ipfw0: flags=8801 <up,simplex,multicast>metric 0 mtu 65536</up,simplex,multicast></performnud,accept_rtadv></linkstate></up,pointopoint,running,multicast></performnud,accept_rtadv></linkstate></up,pointopoint,running,multicast></performnud,accept_rtadv></up,pointopoint,running,noarp,simplex,multicast></full-duplex></performnud,accept_rtadv></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></up,broadcast,running,simplex,multicast,ipfw_filter></promisc></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></pointopoint,simplex,multicast></full-duplex></performnud,accept_rtadv></vlan_mtu,wol_magic,linkstate></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></vlan_mtu,wol_ucast,wol_magic,linkstate></up,broadcast,running,simplex,multicast> 

eri--

What happens if you run the command ifconfig vr0 -vlanmtu after enabling the captiveportal?

It might help you on having the CP work.

zipiju

Nothing, it doesn't return anything and CP still doesn't work.

zipiju

BTW, i've been looking on communication between PC and pfsense with wireshark, and with enabled CP the PC requests correct page from pfsense with HTTP GET - http://ip:port/index.php?redirurl=… but doesn't get any HTTP 200 OK and first part of the page (in other words two whole packets from pfsense get lost or are not sent), and receives few last lines of page (third packet which contains ""). I tried it few times, and it is still the same, even when requesting http://ip:port.
When accessing portal page from lan side, whole page is sent from pfsense and received by pc, so if it isn't some issue with lighty itself or it's configuration.

Metu69salemi

have you tried to take packet captures from pfsense at same time?

zipiju

Hi,

I have today, and the whole page is sent from pfsense, but only part of it is received with captive portal enabled.
Is this issue related to the upgrade, or it doesn't work on fresh install too?

serangku

have try with fresh install ?

here working CP on Vlan interface
8 vlan from 1 em ethernet
and squid on different dedicate machine

i use updated 2.0 RC3 july 24, work like charm

zipiju

Yes i did today, and it is the same issue.
I've used a liveusb snapshot from 29-Jul-2011 14:43.

zipiju

Hi,

i've tried this on a different machine with Intel NICs and Captive portal and Squid are working there fine.
Can this issue be related to the NIC driver? The PC on which it doesn't work is using integrated VIA Rhine.

Thanks.

zipiju

Hi,

i just solved this issue.
As it turned out, it was the switch, that was dropping some of vlan tagged packets when set in non-vlan mode.
When i set it to vlan aware mode, all started to work.