Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive Portal / Alternate Gateway

    Scheduled Pinned Locked Moved Captive Portal
    3 Posts 3 Posters 3.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      Damon
      last edited by

      I am configuring pfSense in office here where we have two WAN links.  We need to provide a hotspot on-site here, so we need a captive portal, plus we want to route that traffic out of a secondary WAN connection (instead of the default).  In this scenario…

      WAN: WAN1
      LAN: LAN
      OPT1: WAN2
      OPT2: Open Wireless Access Point

      The open wireless clients receive DHCP and DNS settings from the pfSense machine, and the DNS is directed back to it as well.  The problem I encounter is that the captive portal does not function correctly when the gateway (via the firewall rules) for OPT2 are set to use OPT1 as their gateway instead of WAN.  Am I correct in assuming that the captive portal is incompatible here also (as with load balancing)?  My guess is that the Captive Portal is hard-coded to use the WAN interface, rather than being given the flexibiliy to work in front of any interface (including a balancer), but I have not looked through the source code.

      To detail the issue, web traffic on port 80 is not intercepted to show the portal page -- the pages pass through normally.  I can navigate manually to the portal page.  The captive portal works as expected if I change the firewall rule to route to the default gateway instead of OPT1 (page requests are intercepted until authenticating to the portal).

      1 Reply Last reply Reply Quote 0
      • R
        Romin
        last edited by

        Effectively With 1.2RC3 en the suport of failover/loadbalancing if we makes rules with a loadbalancing or failover gateway or more generally any other gateway than default the captive portal doesn't filter access (Only some pages can't load like gmail.com for example) all http trafic pass throught the captive portal. Other traffic like msn doesn't pass but the majority of http pages can be loaded.
        If we change the gateway to default in the rules, the captive portal authentification pages reapeared when trying to surf.

        Is there any solution or not yet? the problem seem to be in the virtual gateway created by the loadbalencer. They doesn't seem to be filtered with captive portal.

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          This is fixed in 1.2.3 it seems, others have confirmed it. This thread is locked because it's old, but wanted to post here to notify those who may be following this thread. You can post your experiences in the 1.2.3 board.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.