Captive portal with wifi repeater causes login loop -SOLVED
Im having a problem with a captive portal setup on pfsense 2.0.1, running squidguard and IP-Blocklist. 3 nics, WAN, LAN(192.168.1.1), OPT1(10.0.0.1). Captive portal runs on OPT1 and Squidguard also running on OPT1. The primary WAP(10.0.0.88) is hard wired to OPT1. The repeater (10.0.0.220) is wireless. DHCP is running on OPT1, dhcp default lease time out is set to 316 minutes. Captive portal hard time out is set to 250 minutes. DHCP address pool is .90 to .200 I have one wireless access point and one wireless reapeater, each with their own ssids, connected to OPT1. When I log onto the ssid associated with the primary WAP the portal auth page works fine, I agree to the acceptable use policy, click submit and I get forwarded to the landing page. When going thru the repeater ssid i get the auth page looping on me and you cant pass thru to the landing page. Auth does not fail, just keeps showing me the log in page. Adding the MAC of the repeater to the "pass through MAC" in the captive portal config page results in the end user bypassing the portal completely and not being shown the acceptable use policy or the landing page. If I disable authentication the result is same, primary WAP works but repeater loops. When the repeater loops the auth page this shows in the “portal auth” log:
logportalauth: CONCURRENT LOGIN - REUSING OLD SESSION: yes, 0x:2x:4x:4x:4x:x1, 10.1.1.55
Any suggetions greatly appreciated.
Disabling MAC filtering in Captive Portal settings worked for me. The repeater was affecting the MAC-IP relationship for the client trying to log in.
"If this option is set, no attempts will be made to ensure that the MAC address of clients stays the same while they're logged in.This is required when the MAC address of the client cannot be determined (usually because there are routers between pfSense and the clients)."