Captive Portal and IPAD solution


  • Hi,

    I had a lot of problem configuring the pfsense captive portal with IPAD.
    I needed to have a captive portal for all IPAD that needed to go on internet, the user had limited time they could use the internet. The IPAD are available for trial period of 2 hours per day in kiosk mode to navigate internet.

    Symptoms:
    In the IPAD wifi option, I configure it to connect to my WIFI captive Portal.
    When doing the wifi configuration there is a popup that appear, asking me to authenticate on my pfsense captive portal. This page is like a striped out web browser, but it shows my pfsense authentication page.
    I login to the captive portal.
    After login in, there is a button at the top right corner 'OK'. I click on it and this browser closes. Now the WIFI is activated on the IPAD.

    Then I can go in Safarie or Chrome or … and I can navigate internet.

    In the pfsense captive portal I have configured a hard timeout after 5 minutes. (Just for the purpose of testing)
    I wait the 5 minutes the I'm ask to login again to the captive portal.
    But this time I don't do it and wait.

    I'm not sure exactly how long I wait, maybe 10-20 minutes, but at some point the IPAD wifi ask me to authenticate again in my portal. But the problem is that when it does that it pop up again the strip down browser, and ask me to login to the portal.

    If I don't do it and just close that striped out browser (click 'cancel' button), my wifi is automatically dropped and I need to configure it again. I tried to go on internet with any browser and it tells me that there is no internet connection. For sure I don't have any because my wifi is gone..

    Now after testing and analyzing the packets with wireshark, I see that the ipad is attempting a connection to the IP 23.1.173.15
    I can also see the actual link that is being contacted: http://www.apple.com/library/test/success.html
    (I'm not sure exactly why IPAD need to use this to keep the wifi alive)

    To solve this issue I go in "Services: Captive Portal"
    In the tab: Allowed IP addresses, I add the IP:23.1.173.15
    This tells the Captive portal that when this address is being contacted it doesn't need to go through portal authentication.

    Voila...

    Now the IPAD wifi connection never disconnect and I have to authenticate through the pfsense portal when I want to use internet.

    Hope this help someone, as I couldn't find any clear explanation regarding this issue.


  • @pat1974:

    To solve this issue I go in "Services: Captive Portal"
    In the tab: Allowed IP addresses, I add the IP:23.1.173.15
    This tells the Captive portal that when this address is being contacted it doesn't need to go through portal authentication.

    In this way you allow traffic to a single IP address but www.apple.com resolves to many. Here for example it resolves to 2.23.109.15:

    #host www.apple.com
    www.apple.com is an alias for www.isg-apple.com.akadns.net.
    www.isg-apple.com.akadns.net is an alias for www.apple.com.edgekey.net.
    www.apple.com.edgekey.net is an alias for e3191.c.akamaiedge.net.
    e3191.c.akamaiedge.net has address 2.23.109.15
    
    

    maybe you have to define an 'Host Override' in Services->DNS Forwarder