Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Captive portal - only redirects IPs

    Captive Portal
    3
    11
    2482
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jbrown last edited by

      Hello, spent a a good day on this and been searching forever.  Thought I would ask the experts.  I set up a fresh install of the latest pfsense.  I absolutely did nothing to it except for setting up wan and lan.  Then I went straight for captive portal.  It will only redirect to login page if I use IP of a fqdn.  Dns forwarding is enabled.  Any suggestions would be great!  Thanks!

      1 Reply Last reply Reply Quote 0
      • Derelict
        Derelict LAYER 8 Netgate last edited by

        If your clients are not using the pfSense interface for DNS you need to whitelist the DNS servers.  See the Allowed IP Addresses Tab.

        Chattanooga, Tennessee, USA
        The pfSense Book is free of charge!
        DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • J
          jbrown last edited by

          @Derelict:

          If your clients are not using the pfSense interface for DNS you need to whitelist the DNS servers.  See the Allowed IP Addresses Tab.

          Ok.  my internal ip is 192.168.1.40 so i need my gateway of my computer i am testing with to be 192.168.1.40.  so you are telling me i need to add 192.168.1.40 to Allowed IP Addresses?

          1 Reply Last reply Reply Quote 0
          • Derelict
            Derelict LAYER 8 Netgate last edited by

            No.  Look at the client behind the captive portal.  What are its configured DNS servers?  If those addresses are ANYTHING other than the interface address captive portal is listening on (pfSense DNS Forwarder itself) you need to add the IP addresses of the DNS servers to Allowed IP Addresses.

            Your DNS queries are being blocked by the captive portal so your clients can't resolve names.  That's why it redirects to the portal when you enter an IP address.  If the browser can't resolve names it doesn't try to connect http to anything on port 80, so there's no redirect.

            Chattanooga, Tennessee, USA
            The pfSense Book is free of charge!
            DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • J
              jbrown last edited by

              @Derelict:

              No.  Look at the client behind the captive portal.  What are its configured DNS servers?  If those addresses are ANYTHING other than the interface address captive portal is listening on (pfSense DNS Forwarder itself) you need to add the IP addresses of the DNS servers to Allowed IP Addresses.

              Your DNS queries are being blocked by the captive portal so your clients can't resolve names.  That's why it redirects to the portal when you enter an IP address.  If the browser can't resolve names it doesn't try to connect http to anything on port 80, so there's no redirect.

              Thank you!  It now works.  Except…....Maybe this is just how it works, but when i try to search within the address bar, it hangs.  Cant get the captive portal page.  This have something to do with https and google?

              thanks!

              1 Reply Last reply Reply Quote 0
              • Derelict
                Derelict LAYER 8 Netgate last edited by

                https queries will hang unless you have enabled https in the CP - and even then there's no way to avoid certificate errors without complete control of all client devices.  Even if you have https on the portal, I don't know what the browser will do with a cert error or portal page in the search bar.

                Captive portals essentially break the internet.  Up to you to determine if it's worth it.

                Chattanooga, Tennessee, USA
                The pfSense Book is free of charge!
                DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • J
                  jbrown last edited by

                  Thanks for that!  I have now successfully configured captive portal on a physical interface.  Now when I try to configure it on a vlan interface i cant access the captive portal page even if i try to do an IP of a website.  the only way i can access it is if i type in the captive portal page url.  I read somewhere there is an option to enable vlans and captive portal, but have no idea where that is.  thanks!

                  1 Reply Last reply Reply Quote 0
                  • Derelict
                    Derelict LAYER 8 Netgate last edited by

                    Captive portal doesn't care if the interface is a vlan interface or not.  It's just an interface.

                    Assign the interface to "vlan xxx on re0" and bind the captive portal instance to that interface.

                    Chattanooga, Tennessee, USA
                    The pfSense Book is free of charge!
                    DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • J
                      jbrown last edited by

                      @Derelict:

                      Captive portal doesn't care if the interface is a vlan interface or not.  It's just an interface.

                      Assign the interface to "vlan xxx on re0" and bind the captive portal instance to that interface.

                      That's what I did and I am having issues explained in my last post.  Any suggestions?

                      1 Reply Last reply Reply Quote 0
                      • Derelict
                        Derelict LAYER 8 Netgate last edited by

                        Check all your VLAN tags in your switches.  I can't just blindly suggest things.  Post screenshots of your config.

                        Chattanooga, Tennessee, USA
                        The pfSense Book is free of charge!
                        DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                        Do Not Chat For Help! NO_WAN_EGRESS(TM)

                        1 Reply Last reply Reply Quote 0
                        • Gertjan
                          Gertjan last edited by

                          @Derelict:

                          If your clients are not using the pfSense interface for DNS you need to whitelist the DNS servers.  See the Allowed IP Addresses Tab.

                          Very true.
                          But …. a client that uses a "Free Portal network" should obtain an IP (and gateway, and DNS, and ntp serveur, and ... etc etc) by the DHCP server.
                          I already met clients who 'locked' their IP statically .... and then came over seeing me telling me that the "portal isn't working". ... yeah, right .....
                          Client that lock their DNS servers statically will be treated equally. Its fine for me, but if the want to urf on the net, they have the option: 1) switch to default or 2): don't surf.

                          All this because their is a rule that says: "guests" should conduct as the "host" proposes ;)

                          No "help me" PM's please. Use the forum.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post