Captive portal setting
-
hi,
I just installed pfsense and enabled the captive portal but I don't get an authentication page when I open a new tabblad.
Is there something else I need to enable or does the gateway setting of my dhcp needs to point to the pfsense server ?I have set the authentication to lokal user database and added a new user.
-
DNS Server of the clients must be the pfsense interface address where CP is running.
You can force the authentication page with:
http://pfsense.up:8000 -
Do you mean the dns settings on my dns server or the dns settings inside pfsense ?
-
I mean that the clients on your LAN must have the IP address of pfsense as their DNS server if you want that CP is working.
-
they have, I have currently disabled my server dhcp and use the pfsense dhcp on a testing machine but still no portal.
is there a firewall rule or gateway setting i must do, I currently have both interfaces (wan, lan) selected at the portal. -
did you upload a custom webpage ?
if so, make sure you upload it as something.php and not something.html
-
no custom webpage, at this stage I would be glad to get the default username and password page ;-), the client is getting his ip from the pfsense machine but no captive portal
I have set the lan connection of pfsense to a static adres and set the user authentication local and created a user.
If I use the 8000 port as you suggested I get the portal screen -
I just found a mention on the dashboard saying that the captive portal service is stopped, is there a place where i can find logs ?
So I can see why this is ?
Found an error log mentionning that port 8000 is already in use. -
I fix the port 8000 problem and have found the problem when i surf to an ip example 73.25.56.1 the portal works but if u use an url www.google.be does not work.
It seems to me this is a dns problem, i have set the dns to 8.8.8.8 any suggestions ? -
when i surf to an ip example 73.25.56.1 the portal works but if u use an url www.google.be does not work.
I think the problem is something like this:
1. Captive portal traps access to port 80;
2. Captive portal can't work on https (port 443) because it doesn't have the certificate of the requested host;
3. Google issues a redirect from http://www.google.com (and presumably all its variants) to https://www.google.com
4. Browser uses last successful access to www.google.com (https://www.google.com) and hence uses port 443 which captive portal doesn't trap but access hasn't been authenticated so access is blocked. -
thanks I will try it this evening.
No url works only when I surf with an ip i get the portal. -
Why did you enable CP on both LAN and WAN.
You probably only need it on LAN and WAN could make problems.Further enable the "DNS Forwarder" on pfsense if not already done.
Firewall rules on the LAN interface must allow traffic to port 8000 and port 80. Perhaps best try to create an "allow any to any" rule on LAN interface to make sure it's not a firewall problem.
-
well, I followed a tutorial on youtube and they enabled both lan and wan for the portal.
dns forwarding is enabled but doesn't the portal need to show befor an actual dns request ? -
well, I followed a tutorial on youtube and they enabled both lan and wan for the portal.
dns forwarding is enabled but doesn't the portal need to show befor an actual dns request ?Yes it should if the client uses the pfsense DNS Forwarder as DNS Server.
And you must only use http pages an not httpS pages. Make sure you did that.Perhaps restart CP and/or restart pfsense.
-
Thanks, did a reboot and it works.
But the login screen still tries to connect to https, I did disable the https login to resolve the port 8000 issue -
I just disabled the dhcp on the pfsense machine and let the client receive it's ip by the servers dhcp with the pfsense machine's ip as primary ip for the dns, (ip of the lan connection)
but now the captive portal isn't showing when surfing.
Must I change something else too ? -
do I also need to point the gateway to the pfsense machine ?
-
do I also need to point the gateway to the pfsense machine ?
Hmm, where else would you point the gateway to ?
Isn't your CP the gateway ? -
no, but i was wondering why.
i was only using it for the dns, so both dns and gateway ? -
so both dns and gateway ?
Yes.
The gateway is the computer to which your computer forwards packets when your computer doesn't have a "direct" route. If the gateway is not the computer operating the captive portal then your computer can access the internet without going through the captive portal so the captive portal has no chance of controlling the access to the internet.