Captive portal not working with wpad



  • Hi,

    Sorry for my English.

    I am on 2.1-RELEASE  (i386) with squid3 and dansguardian.

    I am trying to get captive portal work with wpad settings.

    The setup is 1lan & 1wan.  Lan ip 10.0.0.1 & wan pppoe.

    I have wpad files in /usr/local/www.  This setup works well except captiveportal.

    I have enabled captive portal on lan and ticked "patch captive portal" on proxy server page.

    The problem is, if "detect proxy automatically" enabled, cp login page doesn't appear but internet works.

    If I enter http://10.0.0.1:8000, captive portal login page appears.  Even if I disable "Automatically detect proxy settings" and open a web page, I get the cp login page.

    In short, I am having trouble configuring captiveportal with wpad.  May be I need to setup wpad differently, which I don't know.



  • I have the same problem… anybody have a solution for this???

    Thanks



  • install squid3-dev, in proxy settings there is an option like"patch captiveportal", this feture is just made  to solve your problem( thanks to mercelloc)



  • Thanks,

    I will check and report…..



  • same with squid3-dev…
    Not redirecting to captive portal login page.  Can browse without logging in.
    Could you share the procedure you followed?



  • did you blocked connections to ports 80 and 443 in firewall lan rules



  • Sorry for delayed response,  I was out of town.

    Yes, I did.  Should I disable web gui anti-lockout rule?  I tried that also,  didn't help.

    I am not good at firewall rules.  That would be great if you could share the screenshot of your lan and nat rules (if possible :)).

    Thanks for helping.



  • is squid transparent or non-transparent(you say that you are using wpad, so it must be non transparent)

    if it is non transparent firewall rules blocking ports 80,53 and 443 from lan to wan should be enough with the patch captiveportal option enabled
    if it is transparent you should block connections to your proxy ip and proxy port

    and lastly the browser, if you use firefox you should select the second option from top in network proxy settings in your browser



  • squid non-transparent.

    ports 80, 53 & 443 blocked from lan to wan

    cp deleted and re-created, then applied patch,  still not working

    I have tried ie 10 and crome.

    Thanks again…



  • can you share your wpad file content, may be there is something wrong with it

    also you have done the dhcp server and dns forwarder settings for wpad, right?



  • function FindProxyForURL(url, host) 
    { 
     if (isInNet(myIpAddress(), "10.0.0.0", "255.255.255.0")) 
      return "PROXY 10.0.0.1:8080"; 
     else 
      return "DIRECT"; 
    }
    

    DNS forwarder only,  working for sure.  If I disable auto detect proxy settings in IE, can't browse.



  • @aru:

    function FindProxyForURL(url, host) 
    { 
     if (isInNet(myIpAddress(), "10.0.0.0", "255.255.255.0")) 
      return "PROXY 10.0.0.1:8080"; 
     else 
      return "DIRECT"; 
    }
    

    DNS forwarder only,  working for sure.  If I disable auto detect proxy settings in IE, can't browse.

    i think the problem is the lack of "}"  and "{"  marks for "else" statement, it should be

    function FindProxyForURL(url, host)
    {
    if (isInNet(myIpAddress(), "10.0.0.0", "255.255.255.0")) {
      return "PROXY 10.0.0.1:8080";
    } else {
      return "DIRECT";
    }
    }



  • I will try that and let you know.



  • No difference at all.  Tested rebooting also.



  • Only counculusion I come up with is

    one or more of your firewall rules is/are effecting the squid's "patch captive portal" directive (this directive is basically a firewall rule created by squid when you enable it)



  • I think your guess is right.

    This is the third fresh install (one amd64) and I have the same problem. I don't know how to find out which firewall rule is causing this.

    I really appreciate your kind help :)

    Right now, I am loading defaults and installing packages from the beginning. Just DG, squid3-dev & freeradius2(later)



  • 65292    0      0 allow carp from any to                                         
    65292    0      0 allow carp from any to                                         
    65302    0      0 allow ip from any to any layer2 mac-type 0x888e,0x88c7
    65303    0      0 allow ip from any to any layer2 mac-type 0x8863,0x8864
    65307    0      0 deny ip from any to any layer2 not mac-type 0x0800,0x86dd
    65310    0      0 skipto 65314 ip from any to { 255.255.255.255 or 10.0.0.1 } d
    st-port 3128 in
    65310    0      0 skipto 65314 ip from { 255.255.255.255 or 10.0.0.1 } 3128 to
    any out
    65310  861  102661 allow ip from any to { 255.255.255.255 or 10.0.0.1 } in
    65311 1590 1262533 allow ip from { 255.255.255.255 or 10.0.0.1 } to any out
    65312    0      0 allow icmp from { 255.255.255.255 or 10.0.0.1 } to any out ic
    mptypes 0
    65313    0      0 allow icmp from any to { 255.255.255.255 or 10.0.0.1 } in icm
    ptypes 8
    65314    0      0 pipe tablearg ip from table(3) to any in
    65315    0      0 pipe tablearg ip from any to table(4) in
    65316    0      0 pipe tablearg ip from table(3) to any out
    65317    0      0 pipe tablearg ip from any to table(4) out
    65318    0      0 pipe tablearg ip from table(1) to any in
    65319    0      0 pipe tablearg ip from any to table(2) out
    65532  52    4587 fwd 127.0.0.1,8000 tcp from any to any dst-port 80 in
    65533  44    3782 allow tcp from any to any out
    65534 1223  145077 deny ip from any to any
    65535    3    288 allow ip from any to any

    Does it help?



  • Any suggestions?