[SOLVED] Captive portal doesn't work on VLAN
-
Hi,
I've just upgraded pfsense from 1.2.3 to 2.0 and Captive portal enabled on VLAN interface doesn't work anymore.
I can access portal page from LAN interface with both LAN and VLAN IP addresses, but can't access it when connected to VLAN.
When I connect to VLAN I get IP from DHCP, DNS works, Ping to VLAN works too, but nothing more. I've checked firewall rules, they are all ok and it was working prior to upgrade.
The same issue is with enabled Squid on same interface (or any other VLAN interface) with, or without enabled Captive portal.
If I disable captive portal and/or Squid, everything works.
Does someone have configuration like this and has Captive portal or Squid working?pfSense version is 2.0-RC3 (i386) built on Fri Jul 22 22:35:57 EDT 2011.
Thank you.
-
Can you show an ifconifg output?
-
Sure
vr0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=82808 <vlan_mtu,wol_ucast,wol_magic,linkstate>ether 00:40:63:e6:e1:e7 inet6 fe80::240:63ff:fee6:e1e7%vr0 prefixlen 64 scopeid 0x1 inet 192.168.0.100 netmask 0xffffff00 broadcast 192.168.0.255 nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>) status: active ste0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=82008 <vlan_mtu,wol_magic,linkstate>ether 00:22:15:d6:40:44 inet6 fe80::222:15ff:fed6:4044%ste0 prefixlen 64 scopeid 0x2 nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>) status: active plip0: flags=8810 <pointopoint,simplex,multicast>metric 0 mtu 1500 lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384 options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 nd6 options=3 <performnud,accept_rtadv>pfsync0: flags=0<> metric 0 mtu 1460 syncpeer: 224.0.0.240 maxupd: 128 syncok: 1 pflog0: flags=100 <promisc>metric 0 mtu 33200 enc0: flags=0<> metric 0 mtu 1536 vr0_vlan2: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 ether 00:40:63:e6:e1:e7 inet6 fe80::240:63ff:fee6:e1e7%vr0_vlan2 prefixlen 64 scopeid 0x8 inet 172.16.0.100 netmask 0xffffff00 broadcast 172.16.0.255 nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>) status: active vlan: 2 parent interface: vr0 vr0_vlan3: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 ether 00:40:63:e6:e1:e7 inet6 fe80::240:63ff:fee6:e1e7%vr0_vlan3 prefixlen 64 scopeid 0x9 inet 172.16.1.100 netmask 0xffffff00 broadcast 172.16.1.255 nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>) status: active vlan: 3 parent interface: vr0 vr0_vlan10: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 ether 00:40:63:e6:e1:e7 inet6 fe80::240:63ff:fee6:e1e7%vr0_vlan10 prefixlen 64 scopeid 0xa inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255 nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>) status: active vlan: 10 parent interface: vr0 pppoe0: flags=88d1 <up,pointopoint,running,noarp,simplex,multicast>metric 0 mtu 1492 inet 95.102.245.147 --> 213.81.232.203 netmask 0xffffffff inet6 fe80::240:63ff:fee6:e1e7%pppoe0 prefixlen 64 scopeid 0xb nd6 options=3 <performnud,accept_rtadv>ovpns1: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500 options=80000 <linkstate>inet6 fe80::240:63ff:fee6:e1e7%ovpns1 prefixlen 64 scopeid 0xc inet 192.168.3.1 --> 192.168.3.2 netmask 0xffffffff nd6 options=3 <performnud,accept_rtadv>Opened by PID 27374 ovpns2: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500 options=80000 <linkstate>inet6 fe80::240:63ff:fee6:e1e7%ovpns2 prefixlen 64 scopeid 0xd inet 192.168.2.1 --> 192.168.2.2 netmask 0xffffffff nd6 options=3 <performnud,accept_rtadv>Opened by PID 34356</performnud,accept_rtadv></linkstate></up,pointopoint,running,multicast></performnud,accept_rtadv></linkstate></up,pointopoint,running,multicast></performnud,accept_rtadv></up,pointopoint,running,noarp,simplex,multicast></full-duplex></performnud,accept_rtadv></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></up,broadcast,running,simplex,multicast></promisc></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></pointopoint,simplex,multicast></full-duplex></performnud,accept_rtadv></vlan_mtu,wol_magic,linkstate></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></vlan_mtu,wol_ucast,wol_magic,linkstate></up,broadcast,running,simplex,multicast>
LAN side is vr0, this is where all vlans are created, WAN is ste0 and it is PPPoE.
-
I do not see where you have enabled captiveportal?
You sure you have enabled it? -
Hi,
it is disabled atm since it's a free hotspot and portal page only contained some welcome information.
Here is ifconfig output with portal enabled on vr0_vlan2:
vr0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=82808 <vlan_mtu,wol_ucast,wol_magic,linkstate>ether 00:40:63:e6:e1:e7 inet6 fe80::240:63ff:fee6:e1e7%vr0 prefixlen 64 scopeid 0x1 inet 192.168.0.100 netmask 0xffffff00 broadcast 192.168.0.255 nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>) status: active ste0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=82008 <vlan_mtu,wol_magic,linkstate>ether 00:22:15:d6:40:44 inet6 fe80::222:15ff:fed6:4044%ste0 prefixlen 64 scopeid 0x2 nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>) status: active plip0: flags=8810 <pointopoint,simplex,multicast>metric 0 mtu 1500 lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384 options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 nd6 options=3 <performnud,accept_rtadv>pfsync0: flags=0<> metric 0 mtu 1460 syncpeer: 224.0.0.240 maxupd: 128 syncok: 1 pflog0: flags=100 <promisc>metric 0 mtu 33200 enc0: flags=0<> metric 0 mtu 1536 vr0_vlan2: flags=108843 <up,broadcast,running,simplex,multicast,ipfw_filter>metric 0 mtu 1500 ether 00:40:63:e6:e1:e7 inet6 fe80::240:63ff:fee6:e1e7%vr0_vlan2 prefixlen 64 scopeid 0x8 inet 172.16.0.100 netmask 0xffffff00 broadcast 172.16.0.255 nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>) status: active vlan: 2 parent interface: vr0 vr0_vlan3: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 ether 00:40:63:e6:e1:e7 inet6 fe80::240:63ff:fee6:e1e7%vr0_vlan3 prefixlen 64 scopeid 0x9 inet 172.16.1.100 netmask 0xffffff00 broadcast 172.16.1.255 nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>) status: active vlan: 3 parent interface: vr0 vr0_vlan10: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 ether 00:40:63:e6:e1:e7 inet6 fe80::240:63ff:fee6:e1e7%vr0_vlan10 prefixlen 64 scopeid 0xa inet 192.168.1.190 netmask 0xffffff00 broadcast 192.168.1.255 nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>) status: active vlan: 10 parent interface: vr0 pppoe0: flags=88d1 <up,pointopoint,running,noarp,simplex,multicast>metric 0 mtu 1492 inet 95.102.245.147 --> 213.81.232.203 netmask 0xffffffff inet6 fe80::240:63ff:fee6:e1e7%pppoe0 prefixlen 64 scopeid 0xb nd6 options=3 <performnud,accept_rtadv>ovpns1: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500 options=80000 <linkstate>inet6 fe80::240:63ff:fee6:e1e7%ovpns1 prefixlen 64 scopeid 0xc inet 192.168.3.1 --> 192.168.3.2 netmask 0xffffffff nd6 options=3 <performnud,accept_rtadv>Opened by PID 27374 ovpns2: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500 options=80000 <linkstate>inet6 fe80::240:63ff:fee6:e1e7%ovpns2 prefixlen 64 scopeid 0xd inet 192.168.2.1 --> 192.168.2.2 netmask 0xffffffff nd6 options=3 <performnud,accept_rtadv>Opened by PID 34356 ipfw0: flags=8801 <up,simplex,multicast>metric 0 mtu 65536</up,simplex,multicast></performnud,accept_rtadv></linkstate></up,pointopoint,running,multicast></performnud,accept_rtadv></linkstate></up,pointopoint,running,multicast></performnud,accept_rtadv></up,pointopoint,running,noarp,simplex,multicast></full-duplex></performnud,accept_rtadv></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></up,broadcast,running,simplex,multicast,ipfw_filter></promisc></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></pointopoint,simplex,multicast></full-duplex></performnud,accept_rtadv></vlan_mtu,wol_magic,linkstate></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></vlan_mtu,wol_ucast,wol_magic,linkstate></up,broadcast,running,simplex,multicast>
-
What happens if you run the command
ifconfig vr0 -vlanmtu
after enabling the captiveportal?It might help you on having the CP work.
-
Nothing, it doesn't return anything and CP still doesn't work.
-
BTW, i've been looking on communication between PC and pfsense with wireshark, and with enabled CP the PC requests correct page from pfsense with HTTP GET - http://ip:port/index.php?redirurl=… but doesn't get any HTTP 200 OK and first part of the page (in other words two whole packets from pfsense get lost or are not sent), and receives few last lines of page (third packet which contains ""). I tried it few times, and it is still the same, even when requesting http://ip:port.
When accessing portal page from lan side, whole page is sent from pfsense and received by pc, so if it isn't some issue with lighty itself or it's configuration. -
have you tried to take packet captures from pfsense at same time?
-
Hi,
I have today, and the whole page is sent from pfsense, but only part of it is received with captive portal enabled.
Is this issue related to the upgrade, or it doesn't work on fresh install too? -
have try with fresh install ?
here working CP on Vlan interface
8 vlan from 1 em ethernet
and squid on different dedicate machinei use updated 2.0 RC3 july 24, work like charm
-
Yes i did today, and it is the same issue.
I've used a liveusb snapshot from 29-Jul-2011 14:43. -
Hi,
i've tried this on a different machine with Intel NICs and Captive portal and Squid are working there fine.
Can this issue be related to the NIC driver? The PC on which it doesn't work is using integrated VIA Rhine.Thanks.
-
Hi,
i just solved this issue.
As it turned out, it was the switch, that was dropping some of vlan tagged packets when set in non-vlan mode.
When i set it to vlan aware mode, all started to work.