Cannot connect when captive portal is enabled



  • I am having an issue trying to activate a captive portal.

    • I have configured OPT2 which is a sub interface on vLAN30 of my gigE NIC
    • I have then connected my UniFi-AP-LR to my NetGeat GS108 switch with vLAN30
    • I have created an Open SSID on the UniFi
    • I am now able to connect and browse the internet.
    • Now I create a captive portal for this vLAN but no clients are able to browse the internet or get to the Captive Portal page

    When I test my captive portal page, this is the error that appears.

    Any thoughts on what may be my issue?

    T.I.A….
    ![Screen Shot 2016-01-20 at 6.52.43 PM.png](/public/imported_attachments/1/Screen Shot 2016-01-20 at 6.52.43 PM.png)
    ![Screen Shot 2016-01-20 at 6.52.43 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-01-20 at 6.52.43 PM.png_thumb)



  • Have you customised the captive portal page at all, or any other part of the captive portal components? If so, post any changes or amendments you've made.



  • There have been no customizations.  Everything is vanilla and right out of the box, so to speak.  I have reinstalled the system 2x and get the same results everytime.

    This is the content of the custom portal page I created…

    
    Enter your username and password and click Login to access the Internet
    
    			 |			 
    
    			 |			 
    
    			 |			
    
    

  • LAYER 8 Netgate

    How can there be no customizations but you created a portal page?

    Your portal page is jacked. Delete it and use the built-in one to get it working then worry about your custom page.



  • Thanks for all the input so far however it does not make a difference whether I upload custom portal page or go with what pfSense comes preloaded with, it does not work.

    As soon as the captive portal is disabled, this particular network interface works 100%.  Re-enable the captive portal and internet connection stops.

    Here is the same message that appears even with the default captive portal page

    It also shows that 1 is connected, my mobile phone but never does the portal auth page appear other than when I go to the test preview page..

    ![Screen Shot 2016-01-21 at 8.19.48 PM.png](/public/imported_attachments/1/Screen Shot 2016-01-21 at 8.19.48 PM.png)
    ![Screen Shot 2016-01-21 at 8.19.48 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-01-21 at 8.19.48 PM.png_thumb)
    ![Screen Shot 2016-01-21 at 8.30.15 PM.png](/public/imported_attachments/1/Screen Shot 2016-01-21 at 8.30.15 PM.png)
    ![Screen Shot 2016-01-21 at 8.30.15 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-01-21 at 8.30.15 PM.png_thumb)


  • LAYER 8 Netgate

    What version of pfSense is this?



  • Here is what I am running..

    • Lenovo ThinkCenter M55

    • Second NIC for LAN TP-Link PCI-E 1GigE

    • Sub interface OPT1(vLAN25) used for some home automation gear

    • Sub interface OPT1(vLAN30) to be used for Guest WiFi

    • Version  2.2.6-RELEASE (i386)

    • built on Mon Dec 21 14:50:36 CST 2015

    • FreeBSD 10.1-RELEASE-p25

    • CPU Type Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz

    • 2 CPUs: 1 package(s) x 2 core(s)

    • Unifi AP-LR  connected to Netgear GS108

    • 40GB SSD

    • DHCP on all interfaces are providing leases.


  • LAYER 8 Netgate

    Why are you running i386?



  • It just happened to be the version I downloaded.  That aside, is this the cause of the issue I am running into?

    I don't have an issue rebuilding.


  • LAYER 8 Netgate

    I don't know. I would try amd64 before trying to find the cause of that.



  • @nappy_d:

    I don't have an issue rebuilding.

    Sounds like the best solution, though as Derelict suggests, use the amd64 version. I'd also test each step, leaving enabling the captive portal until the end. Use just the default CP page to ensure it's working before you try making any customisations or alterations. Then move on from that and ensure the CP continues working after each change. If it fails at any point, undo the last change you made and work on from there.



  • 64bit is now installed and the same issue exisits.  I am unable to reach the captive portal page.



  • How are you setting up your captive portal? What settings are you putting in for the authentication server? Are you really running this as a vanilla installation, or are you changing anything at all? Did you go through the steps I suggested in my last post?



  • @muswellhillbilly:

    How are you setting up your captive portal? What settings are you putting in for the authentication server? Are you really running this as a vanilla installation, or are you changing anything at all? Did you go through the steps I suggested in my last post?

    See reply number 6 above.  This is my configuration and there is nothing entered for the authentication server.

    The instant that I enable a captive portal for OPT1, vLAN30, internet connectivity is lost and the captive portal auth page does not appear.

    TP-Link PCI-E gigE NIC
    vLAN1 172.16.0.1 is  the pfSense physical interface
    vLAN30 172.16.11.1 is a sub interface on the TP-Link



  • @nappy_d:

    See reply number 6 above.  This is my configuration and there is nothing entered for the authentication server.

    So how are you authenticating your users? Are you using local accounts?

    Might be an idea to post a full screenshot of your captive portal settings.



  • The current setup is:
    UniFi AP setup with 3 vLANS

    • vLAN1 my default vLAN and the physical(gig-E NIC) interface 172.16.0.1
    • vLAN30(172.16.11.0/24) is a sub-interface on the TP-Link gigE NIC
    • on my AP it is configured as open for Guest WiFi
    • I have configured one local account on the pfSense called Wifi(with a password).  Added this account to the capitve portal security group

    What works

    • No rules configured for vLAN30
    • connect my phone(or laptop) to the guest ssid
    • internet access works 100%
      What doesn't work
    • no rules configured for vLAN30
    • enable captive portal(See settings http://1drv.ms/1SakuBD)
    • no more internet access or redirection to the captive portal login page.

  • LAYER 8 Netgate

    If you have no rules configured interface VLAN30 will not pass any traffic.



  • @Derelict:

    If you have no rules configured interface VLAN30 will not pass any traffic.

    I have also configured the following rules attached and when configured no traffic passes when the captive portal is enabled.

    ![Screen Shot 2016-01-22 at 8.43.25 PM.png](/public/imported_attachments/1/Screen Shot 2016-01-22 at 8.43.25 PM.png)
    ![Screen Shot 2016-01-22 at 8.43.25 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-01-22 at 8.43.25 PM.png_thumb)
    ![Screen Shot 2016-01-22 at 8.44.40 PM.png](/public/imported_attachments/1/Screen Shot 2016-01-22 at 8.44.40 PM.png)
    ![Screen Shot 2016-01-22 at 8.44.40 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-01-22 at 8.44.40 PM.png_thumb)


  • LAYER 8 Netgate

    If you can't get through the portal you can't get onto the internet. That's kind of the point.

    Only passing TCP and UDP you won't be able to ping - that's ICMP. Just use any.



  • Point taken on "use any".

    I am unfortunately still stuck on not being able to browse the internet from the guest WiFi vLAN when the captive portal is enabled. :(

    Now on a 64bit install and same issues.


  • LAYER 8 Netgate

    Post your CP config. You might have a combination of options that breaks it.



  • Been poking around and tonight I came across this in my system logs and seems to be the reason the portal is failing…

    I didn't notice this before but I decided to kill process 47600.  After doing this, the captive portal was able to start and function 100%

    Jan 23 21:07:15 lighttpd[47600]: (mod_fastcgi.c.1744) connect failed: No such file or directory on unix:/tmp/php-fastcgi-guest_wifi.socket-0
    Jan 23 21:07:15 lighttpd[47600]: (mod_fastcgi.c.2846) backend died; we'll disable it for 1 seconds and send the request to another backend instead: reconnects: 5 load: 1
    Jan 23 21:07:15 lighttpd[47600]: (mod_fastcgi.c.3414) all handlers for /index.php?zone=guest_wifi&redirurl=/Hw1fHFTVccGuYh/flixxebJVDTNnp/K4SAaSf48vnxog/wcaiRO5jX9C3v3/s6pqpxlXD5QUXK.html on .php are down.
    Jan 23 21:07:17 lighttpd[47600]: (mod_fastcgi.c.2604) fcgi-server re-enabled: 0 /tmp/php-fastcgi-guest_wifi.socket



  • I wonder where this came from :
    @nappy_d:

    Jan 23 21:07:15 lighttpd[47600]: (mod_fastcgi.c.3414) all handlers for /index.php?zone=guest_wifi&redirurl=/Hw1fHFTVccGuYh/flixxebJVDTNnp/K4SAaSf48vnxog/wcaiRO5jX9C3v3/s6pqpxlXD5QUXK.html on .php are down.



  • I saw that and not sue what it is from.  I do have a redirect URL entered but not sure if that's what was causing this issue.  The same redirect URL is there in my now working config.  I have not had any issues so far sine I killed the process and restarted the captive portal.


Log in to reply