Bypass Captive portal



  • Hi everyone, I have problem with captive portal on pfsense. When I setup, everything is ok. User can see splashpage when connect to my pfsense. But on some day later, user can access the internet without captive portal. I have check service captive portal is still running. I have try restart service but this still don't working. I have try delete captive portal and create again, everything ok. I don't know why that? Any log file or some thing I can find to resolve my problem?
    Thanks for help me.
    P/s: I have using transparent proxy on pfsense. Do this is cause all of them?



  • A thought here: Under your captive portal settings (services/captiveportal), you haven't ticked 'Enable Pass-through MAC automatic additions', have you? This will permit users who successfully authenticate to continue using the portal without having to log in ever again - at least not on that device.

    Might be worth posting a screenshot of your captive portal setup if you can.


  • Netgate

    You can see who is able to get through the portal by viewing:

    Status > Captive Portal, Active Users and Edit > Captive Portal, Edit your portal, Pass-Through MAC (Or just (MAC) on 2.2).

    If the users that can pass through are not in either of those tables, and the destination isn't somehow whitelisted, you might want to look at how you've done your proxy.



  • Thanks for your reply.

    My prolem is when the user can using internet service without using captive portal. When the new user connect to my network, he can using internet. I don't ticked on 'Enable Pass-through MAC automatic additions'. Where I can find log of captive portal.

    @muswellhillbilly:

    A thought here: Under your captive portal settings (services/captiveportal), you haven't ticked 'Enable Pass-through MAC automatic additions', have you? This will permit users who successfully authenticate to continue using the portal without having to log in ever again - at least not on that device.

    Might be worth posting a screenshot of your captive portal setup if you can.

    @Derelict:

    You can see who is able to get through the portal by viewing:

    Status > Captive Portal, Active Users and Edit > Captive Portal, Edit your portal, Pass-Through MAC (Or just (MAC) on 2.2).

    If the users that can pass through are not in either of those tables, and the destination isn't somehow whitelisted, you might want to look at how you've done your proxy.

    Yes I think problem when using transparent proxy but I don't know how to resolve this. I don't know where to begin. Where I can find log file of captive portal.


  • Netgate

    What log?  In Status > System Logs, Portal Auth you sill see logins and expirations.  If the MAC and/or ip isn't listed in either the MAC passthrough or the CP logins, it's being passed some other way.



  • Thanks for your reply. Log is the captive portal log. When captive portal working, I think is will have log to troubeshoting what problem with this.
    @Derelict:

    What log?  In Status > System Logs, Portal Auth you sill see logins and expirations.  If the MAC and/or ip isn't listed in either the MAC passthrough or the CP logins, it's being passed some other way.


  • Netgate

    The CP logs pretty much tell you why a particular entry was or was not placed in the appropriate table.  They also tell you why a particular entry was removed.  Again, if there is not a passthrough entry of some sort and traffic is still passing, it's something other than captive portal.



  • @Derelict:

    The CP logs pretty much tell you why a particular entry was or was not placed in the appropriate table.  They also tell you why a particular entry was removed.  Again, if there is not a passthrough entry of some sort and traffic is still passing, it's something other than captive portal.

    Thanks for your reply.
    I see captive portal still running but when new user connect to my network, he can using internet. I restart service captive portal but this still errors. The client list on captive portal still zero. When I delete this captive portal and create again, everything is ok. I want troubeshoting what that happen with that.


  • Netgate

    Are you checking both the passthough MACs and the CP logins?

    How about you post up screenshots of your CP config?

    Sorry.  I don't help with squid/proxies.  I think most people would be better off if they just deleted the package from their pfSense node.



  • @Derelict:

    I think most people would be better off if they just deleted the package from their pfSense node.

    Big +1.

    Disable any proxies, and for that matter, any non-native pfsense functions (packages). Only activate packages if everything is working perfectly for some time.

    Added to that: the captive portal is on what interface ? LAN or and OPTx ?
    What are the firewall rules on the interface ?



  • Hi you. When I only enable captive portal on pfsense, everything work ok. But problem have when I enable squid web proxy on pfsense. I want squid webproxy and captiveprotal can work together  >:( Where I can file captive portal log file for tracking the why I get this problem. I only see captive portal have authentication log, not working log. Let's me know If you meet this problem and can resolve this. Thanks alots.


  • Banned

    Nowhere. Squid does not work with CP.



  • @doktornotor:

    Nowhere. Squid does not work with CP.

    I get this  squid does not work with CP, but how can resolve this. The problem come from squid or come from CP? I think have some confit with this but don't know where this problem come from. Squid I can get the log file but captipve portal don't get this. I only get the Authentication log from captive portal. How can enabled log for CP?



  • As always: go figure out how the pfSense portal works. Do the same with the Squid package. Then, modify Squid so it inter-operates well with pfSense.
    The last time it 'worked', Squid was modifying the source PHP code of pfSEnse, so everything breaks when upgrading pfSense.

    If you really need Squid, think about setting up a separate 'Squid-box'.



  • @comeback1106:

    I get this  squid does not work with CP, but how can resolve this.

    You can! Get the pfSense and squid sources from Github and start coding.