Problems after upgrade to 2.2 in captive portal
-
hi.
first of all to thank for the fabulous work that the team pfsense .My problem is this , after upgrading to version 2.2 from 2.1.5 .
access to captive portal does not work.My configuration is as follows .
the captive portal runs on a dedicated interface with a virtual ip carp ,
which use as gateway users.I have seen that the ip virutal carp is not added to ipfw rules that
facilitate access to the login pagethis are the ipfw rules that actually i can see
65310 allow ip from any to { 255.255.255.255 or 10.128.0.7 or 10.128.0.7 }
in
65311 allow ip from { 255.255.255.255 or 10.128.0.7 or 10.128.0.7 } to any
out
65312 allow icmp from { 255.255.255.255 or 10.128.0.7 or 10.128.0.7 } to
any out icmptypes 0
65313 allow icmp from any to { 255.255.255.255 or 10.128.0.7 or 10.128.0.7
} in icmptypes 8the first ip 10.128.0.7 should be 10.128.0.2 wich is the ip virtual carp
10.128.0.2 –-> ip virtual carp
10.128.0.7 ---> phisycal ip interface
I tried to manually put the rules and it works perfectly , but of course,
this process should be automatic.also I have seen that:
before in version 2.1.5
em3: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0
mtu 1500
options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether xx:xx:xx:xx:xx:xx
inet 10.128.0.7 netmask 0xffff0000 broadcast 10.128.0.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: activelan_vip15: flags=49 <up,loopback,running>metric 0 mtu 1500
inet 10.128.0.2 netmask 0xffff0000
carp: MASTER vhid 15 advbase 1 advskew 200now in version 2.2
em3: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0
mtu 1500
options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether xx:xx:xx:xx:xx:xx
inet 10.128.0.7 netmask 0xffffff00 broadcast 10.128.0.255
inet 10.128.0.2 netmask 0xffffff00 broadcast 10.128.0.255 vhid 15
nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
carp: BACKUP vhid 15 advbase 1 advskew 0this is a possible cause of this issue.
before in ipfw_context
captive: em3,lan_vip15,
now in ipfw zone list
captive: em3,
any comment would be fantastic.</full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,promisc,simplex,multicast></up,loopback,running></full-duplex></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,promisc,simplex,multicast>
-
Sorry, 2.23 was ditched for …. let's say: bugs ;)
Try 2.2.2. -
There are no CARP virtual interfaces in 2.2.x versions as that's a deprecated concept in FreeBSD 10.x. CP never redirected to CARP IPs as far as I can recall. The gateway IP being CARP doesn't affect the redirect, which is to the interface IP.
Sorry, 2.23 was ditched for …. let's say: bugs ;)
Try 2.2.2.huh? No, 2.2.3 is coming out today and is better than 2.2.2 in many ways and worse in none.
-
@cmb:
huh? No, 2.2.3 is coming out today and is better than 2.2.2 in many ways and worse in none.
That goes without saying : 2.2.3 will be better as 2.2.2 ;)
edit: aha : it's out :
2.2.2-RELEASE (amd64)
built on Mon Apr 13 20:10:22 CDT 2015
FreeBSD 10.1-RELEASE-p9
Update available. Click Here to view update.:)
-
then you mean, that functionality will no longer be present from the 2.2 release?
thanks
-
then as I can make high availability of captive portal if the gateway ip of clients is not already virtual?
thanks
-
then you mean, that functionality will no longer be present from the 2.2 release?
No, just saying in that context, lan_vip15 is no longer listed because it no longer exists.
You get redirected to 127.0.0.1, not the CARP IP, which is always how things worked. There is no need to do anything with the CARP IP there.