No Internet on my captive portale
-
Hello everybody,
I have an issue on my pfsense 2.2.2
I've just installed it at a customer with 2 captive portals.
My Pfsense have 3 interfaces:
WAN 192.168.4.251
LAN1 192.168.6.253
LAN2 192.168.110.253I configured a captive portal on LAN 1 and LAN 2
On my WAN interface I've put a DNS with a gateway and I've activated the DNS forwarder.
When I connect to lan 1 or lan 2 by WIFI, I don't have the captive portal page. To see it , I have to enter manually 192.168.6.253:8002
And even if I enter a voucher code I have no internet. It stay on redirecting and finally nothing.The curious thing is that I tried to connect via a remote computer with teamviewer. And I still have the remote even if I cannnot navigate on Internet.
I tried everything and now I'm dying to have a solution! Please helppp!
-
What do you mean "When I connect to lan 1 or lan 2 by WIFI"?
-
1. What subnet masks do you use?
2. Check your DNS configuration.
Go to your CP manually with 192.168.6.253 login with your credentials/voucher. Then do a nslookup.
-
Thanks the return!
By this I mean that I'm connecting to those LANs through APs.
I use /24 for all the subnets
I've already checked it . I used multiple DNS like my DC or even 8.8.8.8 . The clients have the Pfsense as DNS server.
-
How are those APs configured? If they are actually routing and running DHCP, things will never work properly.
-
There are ARUBA APs.
The DHCP is configured only on the Pfsense 's lans interfaces.
The APs don't do anything special. They just have SSIDs that points to the pfsense's network that's it.
-
Do you use NAT on your pfsense?
-
When you connected to the GUI or Telnet or SSH interface of one of your AP's, can you:
ping a remote location ?
Does it resolve when ping www.google.com ?
ping 92.168.6.253 (and why is LAN1 not 192.168.6.1 ? - your first AP on this segment 192.168.6.2, etc ?)
The gateway of every AP on LAN1 segment is set to 92.168.6.253 ?
The DNS of every AP on LAN1 segment is set to 92.168.6.253 ?Btw The IP's of your AP's should be on the "Allowed IP addresses list" on the captive portal, so they can 'NTP', etc for their own needs.
Also: never ever use the WAN network plug on an AP when using it as a simple AP - you can use other available 'switch' network RJ45 plugs.
-
I left the NAT configuration by default…
My AP can communicate with all my servers including Pfsense.
My AP are on 192.168.10.0. They are located on vlans which allow communication.
They have no gateway configured because we can't do that on those APs...
Where can I find the "Allowed IP addresses list"
-
I found the "allowed IP address" section but still no interent.
I made a Nslookup to www.google.fr but I have a DNS request timeout.
-
My AP are on 192.168.10.0. They are located on vlans which allow communication.
Why are they not on LAN1 segment ?
Example 192.168.6.2.My AP's are all on the OPT1 segment (my Portal interface NIC)
pfSense is 192.168.2.1 (= NIC OPT1).
AP1 = 192.168.2.2 DNS = 192.168.2.1 Gateway = 192.168.2.1
AP2 = 192.168.2.3 DNS = 192.168.2.1 Gateway = 192.168.2.1
AP3 = 192.168.2.4 DNS = 192.168.2.1 Gateway = 192.168.2.1Of course, these AP's have SSH and GUI access, but there internal firewalled so that thy only accepts connection from 192.168.2.1
I can administer these AP's just fine from my LAN (192.168.1.0/24) segment - our Portal visitors can't access our AP's administration ports.Bonus: all AP's are enforced to allow a connections from ANY (client) to pfSEnse (192.168.2.1) - no where else, so clients can't see the shared drives of other clients.
They have no gateway configured because we can't do that on those APs…
So, a radio (Wifi) connection comes in.
How should it know where to send the packets to ? -
I can't do it because I have multiple networks .
My APs are not used only for Pfsense they are also used for users who wants to connect via a radius server located on another network.
So I had to give a network only for my APs. :-\
The APs are tagged on multiple vlans that includes the Pfsense ones.
-
The APs are tagged on multiple vlans that includes the Pfsense ones.
Good to mention after two days… Sigh. ::)
Produce some network diagram with complete information. Enough time wasted already.
-
Here is a schema to illustrate
-
Sorry, I cannot make anything useful out of that.
-
Sorry :-\ what king of information do you need?
-
Please, review this example. From the diagram you posted, I cannot even see what's connected where (WAN, LANx), let alone the IPs/subnets, VLANs, etc.
-
Okay let me know if it's good or not
-
Yeah it's awesome except that we again lost the VLANs…
-
oups…
