Login is working but no Internet Access on some devices



  • Hey all,

    i've upgraded from 2.2.3 to 2.2.5 before some weeks. Everything worked fine for 1-2 Weeks. Now there is a really Strange behaviour:

    You can enter your CP credentials and login to the System. I see the Session inside the CP Status. On some Clients (especially Mobile Devices, but not only) you cant connect to the Internet. So the Login Page is still displayed.

    Any thoughts on this?

    Thanks & Cheers
    Elias



  • Works fine for me.
    I have the same version. Are you running any other packages? Squid?



  • Okay now it gets strange.

    Reinstalled 2.2.5 fresh -> loaded config -> same Error
    Reinstalled 2.2.3 again -> loaded config -> same Error

    I dont have any additional Pakets installed.
    Authentication is done over Radius Server. As it seems the Problem only occurs over WLAN. We're using Ubiquiti Unifi APs there with an external controller. But there were no changes on this system.

    I really don't have any more Ideas how to fix this or find out where the Problem is… Also my own devices are all working fine.


  • Banned

    Some mobie devices being Bitten Fruit (TM)? Yeah, they've broken RADIUS with latest IOS update. Has nothing to do with pfSense upgrade.


  • LAYER 8 Netgate

    Unless you are using EAP on the wifi there is no difference between a RADIUS backend and local user manager, etc, Apple device or not.

    What is the nature of the failure? No DNS? No layer 2? no layer 3? Is it all wi-fi or just some?



  • @doktornotor - this doesnt matter here. The Radius is only communicating with the pfsense box.

    @Derelict
    -nature: I don't know :(
    -DNS is working on the client. Pinging any Site gives me the correct IP, but a timeout.
    -Just some wifi devices. My Laptop and Phone is working, for 70-80% of the users it is working but for some it is not.
    -Layer 2 and 3 seems to be okay.


  • LAYER 8 Netgate

    Then it's your firewall rules on the captive portal interface.

    What is the IP scheme of your interface and what are the rules?

    Most captive portal failures (given a proerly-configured captive portal/network) are:

    Failure to bring up the CP login page - usually caused by initial navigation to an HTTPS site. http://10.10.10.10/ in a browser will always get the CP login page.
    Client not configured for DHCP.
    Client configured for DHCP but with static DNS servers.
    A proxy set in the client device.



  • Okay, we've got new Hardware with a lot more of Power and a Fresh configuration. But now it is even worse and some Clients cant even connect to the login Page. (The ones which had Problems before). But now this happens even with deactivated CP.

    Most Times it is an DNS Error now (wasn't before)… and you cant even ping 8.8.8.8.



  • @lugaru:

    Okay, we've got new Hardware with a lot more of Power and a Fresh configuration. But now it is even worse and some Clients cant even connect to the login Page. (The ones which had Problems before). But now this happens even with deactivated CP.
    Most Times it is an DNS Error now (wasn't before)… and you cant even ping 8.8.8.8.

    The questions stays up:
    @Derelict:

    Then it's your firewall rules on the captive portal interface [interface].
    What is the IP scheme of your interface and what are the rules?
    …..

    How is your firewall set up ?
    The NIC is LAN or a OPT1 interface ?


  • LAYER 8 Netgate

    I'm guessing a subnet mismatch somewhere - like /24 on the interface and /22 on the DHCP server.

    Or a /22 on the interface and /24 in the firewall pass rules.

    Or ???.

    Post your interface config and your rules.



  • Strange…

    some hours later everything just worked fine on the new Machine... Until now there are no more problems.

    I have multiple Nets...

    Opt1, Opt2, Opt3, WAN -> Wan Connections
    LAN -> Management Interface 192.168.30.0/24
    Opt4 -> VLAN Interface for:
    VLAN 31 -> WLAN 192.168.31.0/24
    VLAN 32-36 -> Different LAN Vlans 192.168.32-36.0/24

    I think that there was a Problem with the Multi WAN and the configured DHCP Servers...

    Thanks @ all for the support ;) Hope that everything works now as expected.

    Cheers


Log in to reply