Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    New Install with Multi-WAN/LAN and Captive Portal not passing traffic.

    Captive Portal
    2
    4
    3.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      salmonbaytech
      last edited by

      Trying to replace my 1.2.3 PFSense CARP Cluster with a new 2.0 PFSense CARP Cluster.

      Old setup has single WAN, 2-LAN with one having captive portal.

      New Setup is 3 WAN, 2 LAN one with captive portal.

      Setup 2 PFSense routers, both will pass traffic on all WAN connections from the LAN network. I have setup CARP on all three WAN interfaces and the appropriate manual NAT rules. Also enabled the Traffic Shaper.

      Copy Captive Portal settings from my 1.2.3 PFSense setup, everything looks good. I get the captive portal page, authenticate like I expect and see my mac address and IP in the "Status->Captive Portal" screen. but the computer does not get on the internet. I see some states in the state table so it looks like its traffic is passing.  I don't have any firewall rules, except to get traffic passing as this is still a basic setup.

      As soon as I disable captive portal, the computer gets on the internet and works.

      I Have enabled the MultiWAN, Traffic Shaper, DHCP Server, Captive Portal and CARP and that's it.

      1 Reply Last reply Reply Quote 0
      • W
        wallabybob
        last edited by

        So you can access internet from systems downstream of the non-captive portal interface but not from systems downstream of the captive portal interface?

        Are any of your access attempts through the captive portal logged in the firewall log? (See Status ->
        System Logs clock on Firewall tab)

        What do you see when you ping the IP address of one of the pfSense WAN interfaces? When you ping the IP addresses of the other WAN interfaces?

        1 Reply Last reply Reply Quote 0
        • S
          salmonbaytech
          last edited by

          I can access the Internet when captive portal is disabled, as soon as its enabled I authenticate but can't pass traffic.

          With Captive portal DISABLED.
          I can ping all WAN IP's and pinging google.com returns a response. Everything works as expected.

          When Captive portal is ENABLED on the same LAN port.
          I get the authentication page, then login and nothing passes. I login to PFSense and I see my session in the "Status: Captive Portal" page.

          No errors in the "portal auth", "system" or "firewall" log page that jumps out at me.

          Its like everything is working, except the captive portal is not passing traffic.

          EDIT:
          Found this thread, and it sounds like my problem (does not sound like there was a resolution)
          http://forum.pfsense.org/index.php/topic,37655.0.html

          1 Reply Last reply Reply Quote 0
          • S
            salmonbaytech
            last edited by

            Ok, narrowed this down to a specific setting.

            When I uncheck the "Enable per-user bandwidth restriction" traffic passes as expected. When I check the box and my default download is set to 4120 and default upload is 1024 traffic does not pass.  my radius server is set to return wispr-bandwith settings that where working with 1.2.3. these settings are wrong for 2.0.  They need to be multiplied by 1000.

            looks like you can't use the same radius server for 1.2.3 and 2.0 if you use wispr to set bandwith.

            read http://forum.pfsense.org/index.php/topic,41372.0.html

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.