pfSense Support Subscription

Author Topic: I can't get Captive Portal login page in any browser else Firefox  (Read 6991 times)

0 Members and 1 Guest are viewing this topic.

Offline jetberrocal

  • Full Member
  • ***
  • Posts: 258
  • Karma: +7/-0
    • View Profile
Re: I can't get Captive Portal login page in any browser else Firefox
« Reply #30 on: June 27, 2016, 11:11:23 am »
My network is really simple.

My LAN is 192.168.56.x, 255.255.255.0
AD has static IP 192.168.56.10
pfsense has static IP 192.168.56.1
DHCP server sets:
from 192.168.56.100 to 192.168.56.254
DNS = 192.168.56.10
Gateway = 192.168.56.1

WAN is DHCP assigned by the Cable modem

Trying http://10.10.10.10 gives me "took too long to respond" error

ipfw zone list
Currently defined contexts and their members:
2: em1,


Shell Output - ipfw -x 2 show

65291    0      0 allow pfsync from any to any
65292    0      0 allow carp from any to any
65301   66   2424 allow ip from any to any layer2 mac-type 0x0806,0x8035
65302    0      0 allow ip from any to any layer2 mac-type 0x888e,0x88c7
65303    0      0 allow ip from any to any layer2 mac-type 0x8863,0x8864
65307    0      0 deny ip from any to any layer2 not mac-type 0x0800,0x86dd
65310 1569 143858 allow ip from any to table(100) in
65311 1456 434214 allow ip from table(100) to any out
65312   13   4327 allow ip from any to 255.255.255.255 in
65313    0      0 allow ip from 255.255.255.255 to any out
65314    0      0 pipe tablearg ip from table(3) to any in
65315    0      0 pipe tablearg ip from any to table(4) in
65316    0      0 pipe tablearg ip from table(3) to any out
65317    0      0 pipe tablearg ip from any to table(4) out
65318  878 108115 pipe tablearg ip from table(1) to any in
65319  858 899391 pipe tablearg ip from any to table(2) out
65532  282  14933 fwd 127.0.0.1,8002 tcp from any to any dst-port 80 in
65533  223  25436 allow tcp from any to any out
65534 2141 218858 deny ip from any to any
65535    0      0 allow ip from any to any


Shell Output - ipfw -x 2 table all list

---table(1)---
192.168.56.100/32 mac 08:00:27:e8:c0:b4 2002
---table(2)---
192.168.56.100/32 mac 08:00:27:e8:c0:b4 2003
---table(100)---
192.168.56.1/32 0

Note: The table(100) has 192.168.56.1/32 instead of /24. I have not added any Allow IP nor Allow Host at the zone.



Offline Gertjan

  • Hero Member
  • *****
  • Posts: 2147
  • Karma: +165/-9
    • View Profile
Re: I can't get Captive Portal login page in any browser else Firefox
« Reply #31 on: June 28, 2016, 03:36:48 am »
Note: The table(100) has 192.168.56.1/32 instead of /24. I have not added any Allow IP nor Allow Host at the zone.
Table 100 contains the IP of the Captive Portal NIC.

My network is really simple.

My LAN is 192.168.56.x, 255.255.255.0
AD has static IP 192.168.56.10
pfsense has static IP 192.168.56.1
DHCP server sets:
from 192.168.56.100 to 192.168.56.254
DNS = 192.168.56.10
Gateway = 192.168.56.1
Ok.
and what are these setting on the device that you used to :
Trying http://10.10.10.10 gives me "took too long to respond" error

Who is this IP :
---table(1)---
192.168.56.100/32 mac 08:00:27:e8:c0:b4 2002
---table(2)---
192.168.56.100/32 mac 08:00:27:e8:c0:b4 2003
---table(100)---
192.168.56.1/32 0
?
Table 1 and 2 contain the "logged in users" - so "192.168.56.100" has been logged in successfully.

Offline jetberrocal

  • Full Member
  • ***
  • Posts: 258
  • Karma: +7/-0
    • View Profile
Re: I can't get Captive Portal login page in any browser else Firefox
« Reply #32 on: June 28, 2016, 03:29:31 pm »
The device I am using for testing is a Win 7 Pro attached to the AD, that is assign an IP by the DHCP.  Since is only one the IP assigned is the first DHCP assign value which is 192.168.56.100.

The test device using Chrome sometimes shows the CP Login page and I can logging successfully.  Thus the table shows in this occasion the device MACs.

BUT after successful login, the trigger page is shown, but no other page.  The network is broken as if the login were unsuccessful but worst because the CP no longer is trigger.  (I close the browser, and remove/delete the line from the CP status in Diagnostics)

I cant ping any Internet address not even resolve the addresses.

I thought this was because the DHCP server was in the AD and not the pfsense, but I turn off the dhcp in the AD and activated the dhcp in pfsense and still have the same bad behavior. 

Offline Gertjan

  • Hero Member
  • *****
  • Posts: 2147
  • Karma: +165/-9
    • View Profile
Re: I can't get Captive Portal login page in any browser else Firefox
« Reply #33 on: June 28, 2016, 04:45:29 pm »
Consider this : if you address your browser to the right pace (the captive portal IP address) you should see the login page.
A DHCP server gives more as a IP address for a client-device.
It also hands over the gateway (and a DNS, etc), which should be pfSense, and not some other IP.

First the gateway is inaccessible, but a browser startup up will be 'captured' by the portal interface. Authentication will make the firewall in front of the portal transparent, and of you go ...

What is the gateway that your server offers to its clients ?
What is the gateway your clients are using ?


Offline jetberrocal

  • Full Member
  • ***
  • Posts: 258
  • Karma: +7/-0
    • View Profile
Re: I can't get Captive Portal login page in any browser else Firefox
« Reply #34 on: June 28, 2016, 04:58:13 pm »
Consider this : if you address your browser to the right pace (the captive portal IP address) you should see the login page.
A DHCP server gives more as a IP address for a client-device.
It also hands over the gateway (and a DNS, etc), which should be pfSense, and not some other IP.

First the gateway is inaccessible, but a browser startup up will be 'captured' by the portal interface. Authentication will make the firewall in front of the portal transparent, and of you go ...

What is the gateway that your server offers to its clients ?
What is the gateway your clients are using ?

Gateway = 192.168.56.1 (Set by DHCP clients, Set manually for static clients)
DNS = 192.168.56.10 (Set by DHCP, , Set manually for static clients)
pfsense = 192.168.56.1 (see attach png for pfsense dashboard)

ipconfig output:
Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : jetdom.local
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Desktop Adapter
   Physical Address. . . . . . . . . : 08-00-27-E8-C0-B4
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::9990:1817:5cc5:4efb%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.56.100(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, June 27, 2016 11:39:45 AM
   Lease Expires . . . . . . . . . . : Tuesday, June 28, 2016 8:00:03 PM
   Default Gateway . . . . . . . . . : 192.168.56.1
   DHCP Server . . . . . . . . . . . : 192.168.56.1
   DHCPv6 IAID . . . . . . . . . . . : 235405351
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-8B-C6-D4-08-00-27-E8-C0-B4

   DNS Servers . . . . . . . . . . . : 192.168.56.10
   NetBIOS over Tcpip. . . . . . . . : Enabled
« Last Edit: June 28, 2016, 05:02:53 pm by jetberrocal »

Offline Gertjan

  • Hero Member
  • *****
  • Posts: 2147
  • Karma: +165/-9
    • View Profile
Re: I can't get Captive Portal login page in any browser else Firefox
« Reply #35 on: June 28, 2016, 05:20:55 pm »
Humm.
Can't find anything wrong.

When your "192.168.56.100" is logged in - you can check that using the pfSEnse GUI Captive portal Satuts page - or inspecting table '100' using the ipfw show .... test - the barrier "capive-portal-pfsense" will be inexistent for that device ("192.168.56.100") - it's like the captive portal has been shut down for this device.
So : my question is : if you shut down the portal function, does the 'internet' access work ?

Offline jetberrocal

  • Full Member
  • ***
  • Posts: 258
  • Karma: +7/-0
    • View Profile
Re: I can't get Captive Portal login page in any browser else Firefox
« Reply #36 on: June 28, 2016, 05:27:17 pm »
I turn off the zone, and the Internet access started to work.

Offline jetberrocal

  • Full Member
  • ***
  • Posts: 258
  • Karma: +7/-0
    • View Profile
Re: I can't get Captive Portal login page in any browser else Firefox
« Reply #37 on: June 28, 2016, 05:37:20 pm »
To clarify.  The pfsense IP is 192.168.56.1/24, but CP table(100) is register with 192.168.56.1/32.  I dont know why /32.

Offline Gertjan

  • Hero Member
  • *****
  • Posts: 2147
  • Karma: +165/-9
    • View Profile
Re: I can't get Captive Portal login page in any browser else Firefox
« Reply #38 on: June 29, 2016, 07:04:03 am »
To clarify.  The pfsense IP is 192.168.56.1/24,
pfSense has an IP on it's LAN - it is 192.168.56.1 (or written as 192.168.56.1/32 ;) )

but CP table(100) is register with 192.168.56.1/32.  I dont know why /32.
It means : This IP only - because the mask is '32'


edit : change the IPv4 firewall rule : remove the source (LAN net) and make it "all"
« Last Edit: June 29, 2016, 07:07:34 am by Gertjan »

Offline jetberrocal

  • Full Member
  • ***
  • Posts: 258
  • Karma: +7/-0
    • View Profile
Re: I can't get Captive Portal login page in any browser else Firefox
« Reply #39 on: June 29, 2016, 10:41:37 am »
Why pfsense  IP is written as 192.168.56.1/32 when the LAN Interface is setup as 192.168.56.1/24

I can't select /32 when setting the interface.

I only have the default firewall rules.  You mean to change the IP4 default rule?
What would be the implication?

 

Offline jetberrocal

  • Full Member
  • ***
  • Posts: 258
  • Karma: +7/-0
    • View Profile
Re: I can't get Captive Portal login page in any browser else Firefox
« Reply #40 on: July 07, 2016, 01:34:31 pm »
I still have CP failing to work normally. 

I need CP with transparent Squid and squidguard, I need CP so squidguard can get the User name to select the group policy instead on general policy.

I am desperate, please help.

Offline Gertjan

  • Hero Member
  • *****
  • Posts: 2147
  • Karma: +165/-9
    • View Profile
Re: I can't get Captive Portal login page in any browser else Firefox
« Reply #41 on: July 08, 2016, 01:42:31 am »
...
I need CP with transparent Squid and squidguard, I need CP so squidguard can get the User name to select the group policy instead on general policy.
...
This seems a feature request to me.
I advise you to have a look over here Post a bounty

Offline jetberrocal

  • Full Member
  • ***
  • Posts: 258
  • Karma: +7/-0
    • View Profile
Re: I can't get Captive Portal login page in any browser else Firefox
« Reply #42 on: July 08, 2016, 03:35:56 pm »
According to this threads what I want seems a posible thing:

https://forum.pfsense.org/index.php?topic=74309.0
https://forum.pfsense.org/index.php?topic=74572.0

Squid has CP as Authentication selection so this should work.

But if CP is not working obviously it can be done.

I just want to make CP work first.  What I see is that it takes a genius to make CP work.

Offline Gertjan

  • Hero Member
  • *****
  • Posts: 2147
  • Karma: +165/-9
    • View Profile
Re: I can't get Captive Portal login page in any browser else Firefox
« Reply #43 on: July 09, 2016, 05:25:41 pm »
..
 What I see is that it takes a genius to make CP work.
I'm using pfSense because it has a Captive portal.
I'm using it for my work, an hotel.
It works perfectly for meany years now. Check it yourself : https://www.test-domaine.fr/munin/brit-hotel-fumel.net/pfsense.brit-hotel-fumel.net/portalusers.html


Btw : never used "transparent Squid and squidguard" - I do not know what that is, neither why I should use it.
I'm a fan of keeping things simple.

Btw2 : I'm working at a hotel .... so I can do many things, but being a "genius" isn't among them - neither are my clients  ;)

Offline jetberrocal

  • Full Member
  • ***
  • Posts: 258
  • Karma: +7/-0
    • View Profile
Re: I can't get Captive Portal login page in any browser else Firefox
« Reply #44 on: July 12, 2016, 10:47:28 am »
I am sure that CP works in thousands of installations, but in mine is broken.  I need help to fix it. 

Using CP with Squid and squidguard is a matter for other thread.  I removed squid from my installed packages before asking for help to eliminate the complications for now. 

But the problem persists and I dont know what to do. I already apply the last pfsense update.