Captive Portal / Alternate Gateway
-
I am configuring pfSense in office here where we have two WAN links. We need to provide a hotspot on-site here, so we need a captive portal, plus we want to route that traffic out of a secondary WAN connection (instead of the default). In this scenario…
WAN: WAN1
LAN: LAN
OPT1: WAN2
OPT2: Open Wireless Access PointThe open wireless clients receive DHCP and DNS settings from the pfSense machine, and the DNS is directed back to it as well. The problem I encounter is that the captive portal does not function correctly when the gateway (via the firewall rules) for OPT2 are set to use OPT1 as their gateway instead of WAN. Am I correct in assuming that the captive portal is incompatible here also (as with load balancing)? My guess is that the Captive Portal is hard-coded to use the WAN interface, rather than being given the flexibiliy to work in front of any interface (including a balancer), but I have not looked through the source code.
To detail the issue, web traffic on port 80 is not intercepted to show the portal page -- the pages pass through normally. I can navigate manually to the portal page. The captive portal works as expected if I change the firewall rule to route to the default gateway instead of OPT1 (page requests are intercepted until authenticating to the portal).
-
Effectively With 1.2RC3 en the suport of failover/loadbalancing if we makes rules with a loadbalancing or failover gateway or more generally any other gateway than default the captive portal doesn't filter access (Only some pages can't load like gmail.com for example) all http trafic pass throught the captive portal. Other traffic like msn doesn't pass but the majority of http pages can be loaded.
If we change the gateway to default in the rules, the captive portal authentification pages reapeared when trying to surf.Is there any solution or not yet? the problem seem to be in the virtual gateway created by the loadbalencer. They doesn't seem to be filtered with captive portal.
-
This is fixed in 1.2.3 it seems, others have confirmed it. This thread is locked because it's old, but wanted to post here to notify those who may be following this thread. You can post your experiences in the 1.2.3 board.