Captive portal not working with wpad

aru

Hi,

Sorry for my English.

I am on 2.1-RELEASE  (i386) with squid3 and dansguardian.

I am trying to get captive portal work with wpad settings.

The setup is 1lan & 1wan.  Lan ip 10.0.0.1 & wan pppoe.

I have wpad files in /usr/local/www.  This setup works well except captiveportal.

I have enabled captive portal on lan and ticked "patch captive portal" on proxy server page.

The problem is, if "detect proxy automatically" enabled, cp login page doesn't appear but internet works.

If I enter http://10.0.0.1:8000, captive portal login page appears.  Even if I disable "Automatically detect proxy settings" and open a web page, I get the cp login page.

In short, I am having trouble configuring captiveportal with wpad.  May be I need to setup wpad differently, which I don't know.

eldersouza

I have the same problem… anybody have a solution for this???

Thanks

mendilli

install squid3-dev, in proxy settings there is an option like"patch captiveportal", this feture is just made  to solve your problem( thanks to mercelloc)

aru

Thanks,

I will check and report…..

aru

same with squid3-dev…
Not redirecting to captive portal login page.  Can browse without logging in.
Could you share the procedure you followed?

mendilli

did you blocked connections to ports 80 and 443 in firewall lan rules

aru

Sorry for delayed response,  I was out of town.

Yes, I did.  Should I disable web gui anti-lockout rule?  I tried that also,  didn't help.

I am not good at firewall rules.  That would be great if you could share the screenshot of your lan and nat rules (if possible :)).

Thanks for helping.

mendilli

is squid transparent or non-transparent(you say that you are using wpad, so it must be non transparent)

if it is non transparent firewall rules blocking ports 80,53 and 443 from lan to wan should be enough with the patch captiveportal option enabled
if it is transparent you should block connections to your proxy ip and proxy port

and lastly the browser, if you use firefox you should select the second option from top in network proxy settings in your browser

aru

squid non-transparent.

ports 80, 53 & 443 blocked from lan to wan

cp deleted and re-created, then applied patch,  still not working

I have tried ie 10 and crome.

Thanks again…

mendilli

can you share your wpad file content, may be there is something wrong with it

also you have done the dhcp server and dns forwarder settings for wpad, right?

aru

function FindProxyForURL(url, host) 
{ 
 if (isInNet(myIpAddress(), "10.0.0.0", "255.255.255.0")) 
  return "PROXY 10.0.0.1:8080"; 
 else 
  return "DIRECT"; 
}

DNS forwarder only,  working for sure.  If I disable auto detect proxy settings in IE, can't browse.

mendilli

@aru:

function FindProxyForURL(url, host) 
{ 
 if (isInNet(myIpAddress(), "10.0.0.0", "255.255.255.0")) 
  return "PROXY 10.0.0.1:8080"; 
 else 
  return "DIRECT"; 
}

DNS forwarder only,  working for sure.  If I disable auto detect proxy settings in IE, can't browse.

i think the problem is the lack of "}"  and "{"  marks for "else" statement, it should be

function FindProxyForURL(url, host)
{
if (isInNet(myIpAddress(), "10.0.0.0", "255.255.255.0")) {
  return "PROXY 10.0.0.1:8080";
} else {
  return "DIRECT";
}
}

aru

I will try that and let you know.

aru

No difference at all.  Tested rebooting also.

mendilli

Only counculusion I come up with is

one or more of your firewall rules is/are effecting the squid's "patch captive portal" directive (this directive is basically a firewall rule created by squid when you enable it)

aru

I think your guess is right.

This is the third fresh install (one amd64) and I have the same problem. I don't know how to find out which firewall rule is causing this.

I really appreciate your kind help :)

Right now, I am loading defaults and installing packages from the beginning. Just DG, squid3-dev & freeradius2(later)

aru

65292    0      0 allow carp from any to                                         
65292    0      0 allow carp from any to                                         
65302    0      0 allow ip from any to any layer2 mac-type 0x888e,0x88c7
65303    0      0 allow ip from any to any layer2 mac-type 0x8863,0x8864
65307    0      0 deny ip from any to any layer2 not mac-type 0x0800,0x86dd
65310    0      0 skipto 65314 ip from any to { 255.255.255.255 or 10.0.0.1 } d
st-port 3128 in
65310    0      0 skipto 65314 ip from { 255.255.255.255 or 10.0.0.1 } 3128 to
any out
65310  861  102661 allow ip from any to { 255.255.255.255 or 10.0.0.1 } in
65311 1590 1262533 allow ip from { 255.255.255.255 or 10.0.0.1 } to any out
65312    0      0 allow icmp from { 255.255.255.255 or 10.0.0.1 } to any out ic
mptypes 0
65313    0      0 allow icmp from any to { 255.255.255.255 or 10.0.0.1 } in icm
ptypes 8
65314    0      0 pipe tablearg ip from table(3) to any in
65315    0      0 pipe tablearg ip from any to table(4) in
65316    0      0 pipe tablearg ip from table(3) to any out
65317    0      0 pipe tablearg ip from any to table(4) out
65318    0      0 pipe tablearg ip from table(1) to any in
65319    0      0 pipe tablearg ip from any to table(2) out
65532  52    4587 fwd 127.0.0.1,8000 tcp from any to any dst-port 80 in
65533  44    3782 allow tcp from any to any out
65534 1223  145077 deny ip from any to any
65535    3    288 allow ip from any to any

Does it help?

aru

Any suggestions?