Today I upgrade OPNsense 25.1.5 to the latest hotfix release 25.1.5_4 after that the Captive Portal user authentication not working and give the message "authentication failed" although the username and password is correct. Removing the captive portal and recreating it didn't solve the issue.
Note: Allowed addresses is working but the Captive Portal user authentication not working although the username and password is correct and tested with System: Access: Tester.
Thank you.
I'm having the same problem... However the captive portal log says that the authentication was successful
25.1.5_4
same login error
then the submit/connect button was lost/missing even if not yet authenticated.
even reverting to default template same error but submit button shows
returns login failed
I am using no auththentication just conenct button to authenticate
Could it be related to the we browser's cache?
Quote from: tong2x on April 12, 2025, 04:36:07 AM25.1.5_4
same login error
then the submit/connect button was lost/missing even if not yet authenticated.
even reverting to default template same error but submit button shows
returns login failed
I am using no auththentication just conenct button to authenticate
Quote from: FraLem on April 13, 2025, 11:05:39 AMCould it be related to the we browser's cache? Quote from: tong2x on April 12, 2025, 04:36:07 AM25.1.5_4
same login error
then the submit/connect button was lost/missing even if not yet authenticated.
even reverting to default template same error but submit button shows
returns login failed
I am using no auththentication just conenct button to authenticate
tried with multiple devices, and tried maually entering portal addess and even in incognito mode
same login error, even using the default blank template
With the 25.1.5_4, I have the same authentication issue, but with SSH into root account. I do not use captive portal at all.
However, the issue was gone when I reverted to a snapshot with the 25.1.5_1 version.
Quote from: dhqcn on April 13, 2025, 02:34:19 PMWith the 25.1.5_4, I have the same authentication issue, but with SSH into root account. I do not use captive portal at all.
However, the issue was gone when I reverted to a snapshot with the 25.1.5_1 version.
whats the command to revert to that version?
issue with portal voucher reported in github
https://github.com/opnsense/core/issues/8540 (https://github.com/opnsense/core/issues/8540)
the whole portal ithink is broken, I only use no authentication, clicking connect button returns "login failed"
Quote from: tong2x on April 13, 2025, 02:41:55 PMissue with portal voucher reported in github
https://github.com/opnsense/core/issues/8540 (https://github.com/opnsense/core/issues/8540)
the whole portal ithink is broken, I only use no authentication, clicking connect button returns "login failed"
The problem is not just the voucher, it's the captive portal in general.
Quote from: tong2x on April 13, 2025, 02:41:55 PMQuote from: dhqcn on April 13, 2025, 02:34:19 PMWith the 25.1.5_4, I have the same authentication issue, but with SSH into root account. I do not use captive portal at all.
However, the issue was gone when I reverted to a snapshot with the 25.1.5_1 version.
whats the command to revert to that version?
issue with portal voucher reported in github
https://github.com/opnsense/core/issues/8540 (https://github.com/opnsense/core/issues/8540)
the whole portal ithink is broken, I only use no authentication, clicking connect button returns "login failed"
Oh I took a snapshot in System -> Snapshots before each upgrade. Thus, I can revert to the previous version when having issue(s) with the new one. The procedure is mentioned in this document:
https://docs.opnsense.org/manual/snapshots.html
After updating OPNSNESNE to the latest version, Cpativ Portal does not work. The SSL certificate verification failed on my site.
I have assigned a domain through CloudFire and the ACME certificate is being renewed. Up until the update, everything worked fine.
At this point, the Captiv Portal page loads but there is an ACME certificate error. The certificate is up to date but browsers interpret it as untrusted.
same here, captive not working in a production. As a authentication I'm using external radius server, where the user get successfully negotiated.
Auth: (38) Login OK: [captive.user] (from client OPNsense port 0 cli XX:XX:XX:XX:XX) - VLAN ID: XXXX >> You're User (from client opnsense.ip)
Anyway, Captive says login failed.
progress has been made in github
there is a patch
Same problem with CP and 25.1.5_4
The log shows successful authentication:
2025-04-14T11:55:45 Informational captiveportal AUTH myuser (xx.xx.xx.xx) zone 0
The CP web frontend displays "Authentication failed" and access to other networks is not possible.
Setup:
Captive Portal is configured on a WireGuard interface for clients
Authentication method: LDAP + OTP
LDAP without OTP also fails → not related to OTP or token order
Local database authentication doesn't work either
OPNsense LDAP authentication works (ldap user login on OPNsense with Lobby:Password priveleges)
If on the CP a wrong password is entered on purpose, CP does correct logging:
2025-04-14T12:00:39 Informational captiveportal DENY myuser (xx.xx.xx.xx) zone 0
If I enter a wrong password too many times, the ldap user is locked out on the ldap server. So the whole auth CP - opnsense ldap config - ldap server seems to work fine. At least with wrong login.
Workaround:
Rollback to previous version or add WireGuard peers to CP's allowed IPs.
The solution to the authorization problem is solved here
https://github.com/opnsense/core/commit/413f49c3ef68c0269a7163410b01a19c7a2fa4b5#diff-a83c0e9291cd5f0655cbd690b0bfaaef4b91db4ca9e04a4f36520ec2777d29c9
Hotfix is now available.
Quote from: Shild73 on April 14, 2025, 01:07:47 PMThe solution to the authorization problem is solved here
https://github.com/opnsense/core/commit/413f49c3ef68c0269a7163410b01a19c7a2fa4b5#diff-a83c0e9291cd5f0655cbd690b0bfaaef4b91db4ca9e04a4f36520ec2777d29c9
works! thanks
Quote from: franco on April 14, 2025, 01:20:29 PMHotfix is now available.
ty!
Just to be sure, it doesn't need a full restart, right? Just the captiveportal restart by hotfix?
Install via GUI is enough for 25.1.5_5.
If you install the patch via opnsense-patch you need to do:
# opnsense-patch https://github.com/opnsense/core/commit/413f49c3ef
# service configd restart
Don't use opnsense-patch twice or else you remove your patch again. ;)
Cheers,
Franco
database keeps crashing and curropted, I have deleted 3 times already.
any help?
2025-04-15T08:25:22 Informational captiveportal AUTH anonymous@10.10.2.114 (10.10.2.114) zone 0
2025-04-15T08:25:12 Error captiveportal sqlite3 /var/captiveportal/captiveportal.sqlite doesn't look like a database, renamed to /var/captiveportal/captiveportal.sqlite.20250415082512.bck
2025-04-15T08:25:07 Informational captiveportal AUTH anonymous@10.10.2.114 (10.10.2.114) zone 0
2025-04-15T08:25:07 Error captiveportal Forcefully repair database (Traceback (most recent call last): File "/usr/local/opnsense/scripts/OPNsense/CaptivePortal/cp-background-process.py", line 259, in main bgprocess.sync_zone(zoneid) File "/usr/local/opnsense/scripts/OPNsense/CaptivePortal/cp-background-process.py", line 140, in sync_zone expected_clients = self.db.list_clients(zoneid) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/opnsense/scripts/OPNsense/CaptivePortal/lib/db.py", line 205, in list_clients cur.execute(""" select cc.zoneid sqlite3.OperationalError: database is locked )
2025-04-15T08:24:52 Informational captiveportal AUTH anonymous@10.10.2.114 (10.10.2.114) zone 0
There is still an error when CaptivePortal is running.
In version 25.1.1 I configured CP. I configured ACME + Certificate. Everything works without a problem.
After a direct update from 25.1.1 to 25.1.5_5 CP does not work.
Devices connect to WIFI but without internet.
Devices obtain correct IP address along with DNS PiHole.
Despite this, the connection is without internet. The CP login page does not pop up.
When I go back to version 25.1.1 CP + ACME + Certificate works correctly. I can log in.
I even deleted the CP database but the devices still connect to WIFI but without internet.
... we have the same issue here with OPNsense 25.1.5_5-amd64
Hi.
We installed the patch 09324af (https://github.com/opnsense/core/commit/09324af15d14d58c0937d74d26d451db673c3468) to fix the problem.
Now there ist the option under "Captive Portal -> Settings"
[x] Disable firewall rules
If this option is set, no automatic firewall rules for portal redirection
and traffic blocking will be generated. This option allows you to override
the default portal behavior for advanced use cases, such as redirections
for DNS.
See the documentation to see which rules you should implement in this scenario.
But it still does not work: If activated everyone is online and the captive portal does not appear
If not activated: Not online
So: What else to do in this case?
Thanks.