MultiWan + LAN CP Not working

smoothworker

Hi everyone,

i have a big problem with our PFSense for a Hotel Wifi. I have the following configuration

Pfsense newest release on a PCEngine AlixBoard APU with 3 NICs
Dlink Switch
9 Ubiquiti Unifi AP
2 DSL Router from Provider.

I have configured the Pfsense like above:

DSL Router 1 - eth0 - WAN1
DSL Router 2 - eth1 - WAN2
DLINK Switch - eth2 - LAN

I have set the WAN1 & WAN 2 as Loadbalanced and have set the DNS Forwarder, DHCP with Static IPs for the AP (DHCP Reserver). Internet is working and everything but the only thing that is not working is the Redirection to the CP.. i think i have checked everything that i could imaging but no luck… Every Client that is connecting to the Unifi AP and get IP from the PFSense DHCP is getting right to the Internet but not to the CP to log in.

Please if anyone has an idea what else to check it whould be grade!

Thanks in advanced for your time reading this.

jaspras

Have you enabled CP to the interface ? Did you enable the login page of the CP ?

smoothworker

Hi Jaspras,

yes i have enabled the Captive Portal on LAN and the Login Page.. if i enter manual in the Browser 192.168.1.1:8000 i get on the Captive Portal page. Every Client is not redirecting to the login page and so bypassing the captive portal without loggin and i really dont know what else i should look on.

Gertjan

@smoothworker:

I have configured the Pfsense like above:

DSL Router 1 - eth0 - WAN1
DSL Router 2 - eth1 - WAN2
DLINK Switch - eth2 - LAN
…..

I have proposition.
For testing purposes, set up a "normal" situation:
One WAN (this means, for the moment - don't use your second WAN connection).
One LAN
and one OPT1 interface.

First: backup your setting - so you can get back to the actual situation afterwards).
Then : Goto the main web menu => System => Setup Wizard.
Init one LAN, one WAN and one OPT1 (your future Wifi Portal) network.
Setup local LAN IP (example: accept 192.168.1.1)
Setup local OPT1 IP (example : 192.168.2.1)
Init your WAN connection.

Test if all is ok.

Now, activate the portal on OPT1.
Test it.
It should work as advertised. "Portal services" belong to the OPT1 interface - your LAN is for 'admin' purposes and trusted devices like NAS, Printers, and company PC's etc. (that's how it run it is run in 'our' hotel').

If you want to use your second WAN, go for the 'simple' solution: use a 4 NIC device ;)

When done with your tests, take your backup - and you're at the point where you started.

Btw: I'm using pfSense in our hotel for years (5 or more) and never had any problems with it.
Clients that do not login correctly on the portal page can't bypass the network. Period.

edit: second, easy test: hookup a switch to you LAN.
On this switch, hookup a PC by wire.
Connect using the wire interface (by switch, Not Wifi).
Are you still bypassing the portal interface ?

cmb

You're likely breaking the redirect with the policy routing. Add a rule to allow traffic to the LAN IP, leave gateway at default, put at top of list.

Derelict

Or trying to get a redirect from an https URL, which you cannot do unless you enable https logins.  And even if you do that you'll throw certificate errors.

Most "portal page won't come up" I see are due to trying to go to https sites.

Gertjan

@Derelict:

…..
Most "portal page won't come up" I see are due to trying to go to https sites.

:(
Stupid me: I forgot that one !