OPNsense Forum

Archive => 16.7 Legacy Series => Topic started by: wifimasters on September 12, 2016, 08:38:26 pm

Title: Captive Portal Not Working - Fresh Install from pfSense
Post by: wifimasters on September 12, 2016, 08:38:26 pm
Hello,  i got a simple setup of captive portal with the following interfaces;

 GUESTNET (ath0_wlan1) -> v4: 192.168.200.1/24 (CAPTIVE PORTAL INTERFACE)
 LAN (vr0)       -> v4: 192.168.1.1/24 (I USE TO CONFIGURE)
 WAN (vr1)       -> v4: 192.168.137.10/24 (WAN)

I followed all the steps from this URL; https://docs.opnsense.org/manual/how-tos/guestnet.html but it's NOT working.

1. I got the landing page on all my devices.
2. Entered the generated vouchers.
3. Nothing happened. Just stalled and totally nothing!
4. I run tcpdump in GUESTNET interface and I can see attempts to reach google, facebook domains etc.

How to make it work?

I attached some screenshots for your reference and the config XML file.

Thanks and more power!

PS. I was once a M0n0Wall user, then move to pfSense and now would love to stay with OPNSense.
Title: Re: Captive Portal Not Working - Fresh Install from pfSense
Post by: jschellevis on September 21, 2016, 04:31:04 pm
I have been testing with Captive Portal to see if I can replicate this issue, but I can't with my setup.
I suspect a DNS or NAT issue.  Did you test if your internet is working on the Guest interface (opt) without the CP active?

If that does not work then try to set the NAT rules to manual and check if it lists the correct mappings and apply. Then test again without and with CP.

Also make sure the DNS is functioning without and with CP on the guest network.

Title: Re: Captive Portal Not Working - Fresh Install from pfSense
Post by: wifimasters on September 22, 2016, 05:43:13 am
thank you J for the response. yeah, probably can you provide me the proper NAT setup on OPT1 interface?

Cheers

Title: Re: Captive Portal Not Working - Fresh Install from pfSense
Post by: jschellevis on September 22, 2016, 09:38:31 am
Check your outbound NAT and set it to manual or hybrid if it doesn't work.

Then look for a nat rule on WAN with source of your opt network (192.168.200.0/24) and translate it to interface ip of the WAN.Hit Save/Apply.

That should probably do the trick.
Title: Re: Captive Portal Not Working - Fresh Install from pfSense
Post by: wifimasters on September 26, 2016, 07:11:48 pm
Hey J, i had the whole evening of testing but success on the captive portal.

I have confirm that I can get internet without the captive portal running so I can say my NATs are fine!

Is this guide outdated? can someone please correct or update this?

I am desperate now need to get this working for the school.

Can I give you any logs or dump you want to check?

Please and thanks.
Title: Re: Captive Portal Not Working - Fresh Install from pfSense
Post by: jschellevis on September 27, 2016, 09:30:08 am
I am sure the docs are up-to date.. tested it serveral times in the last week.

Everything works as expected, however many people do not realize that you can't capture a https session and expect that to work as your browser will protect you for that man-in-the-midle attack.

In order to get that to work one needs to login first by either connecting to the captive portal page directly or access a http site first (will promt for login).

On wifi you can also make sure that the user is prompted to login first. For android see: https://forum.opnsense.org/index.php?topic=3651.msg12706#msg12706

For iphone it should already work.

If things do not work out also check my suggestions in the other post for testing and building your configuration.

One last note: (In am not sure if you configured this) transparent proxy in combination with the Captive Portal is currently not supported.. this is expected to be resolved shortly with 16.7.5.

If you need more support then I advise you to take a look at our commercial support offerings, see: https://opnsense.org/support-overview/commercial-support/

Title: Re: Captive Portal Not Working - Fresh Install from pfSense
Post by: wifimasters on October 07, 2016, 07:48:15 pm
thanks a lot, we will look into a possibility of a commercial support.

Cheers