Messages

One of my users was complaining they couldn't connect to the wireless guest network with their Kindle Fire HD (version 10 I think). I spent over an hour troubleshooting and pulling my hair out. Finally, between Tcpdump and using portquiz.net:8000, I was able to figure out that on that particular version of Amazon OS port 8000 is blocked on the device. The redirect to the Opnsense Captive Portal on port 8000 never leaves the device and there isn't a known way to change that behavior on this specific Amazon configuration.

So, what I want to do is change the default port number of the captive portal. I can't find a way through the web GUI to make the change (I have created a configuration that is not active and activated the second configuration so that the port is now 8001). My goal is to set it to something like 8080 and I don't have the desire to create 79 unused configurations (I think the captive portal creates the zone number starting at zero and adds one each time). The zone number seems to be added to the default of port 8000 to set the config for that particular zone/captive portal.

Thank you, you were correct. I filed a bug report and running the requested command clearly called out the sql database error. I deleted the database and restarted CaptivePortal which built a clean database. All is working well again! Problem solved.

For anyone who doesn't know, the database is located at /var/captiveportal/captiveportal.sqlite

Thanks again

[no]

I'm running the Captive Portal on 19.1.1. I have it configured for no authentication with a splash page and an "Accept" button in place of the "Sign in" button. All was working well until I upgraded (I think it was one of the updates to 19.1 -perhaps .1). I can't think of any configuration changes that may have caused it, and I figured perhaps the template changed, so I tried the default template with a fresh captive portal configuration - no dice.

What happens is the captive portal page pops up and when someone selects the "Accept" button, which was Sign-in, they get a "Login Failed" error box in pink. Here are the pertinent error logs from configd.log

Code Select Expand

Feb 14 18:26:43 guardian configd.py: [feac4694-43b3-408d-b75a-38a38aaa52d0] allow client access to captive portal
Feb 14 18:26:43 guardian configd.py: [feac4694-43b3-408d-b75a-38a38aaa52d0] Script action failed with Command '/usr/local/opnsense/scripts/OPNsense/CaptivePortal/allow.py /zoneid '0' /username 'anonymous@192.168.111.81' /ip_address '192.168.111.81' /authenticated_via '' /output_type 'json'' returned non-zero exit status 1 at Traceback (most recent call last):   File "/usr/local/opnsense/service/modules/processhandler.py", line 481, in execute     stdout=output_stream, stderr=error_stream)   File "/usr/local/lib/python2.7/subprocess.py", line 190, in check_call     raise CalledProcessError(retcode, cmd) CalledProcessError: Command '/usr/local/opnsense/scripts/OPNsense/CaptivePortal/allow.py /zoneid '0' /username 'anonymous@192.168.111.81' /ip_address '192.168.111.81' /authenticated_via '' /output_type 'json'' returned non-zero exit status 1
Feb 14 18:27:19 guardian configd.py: [3b5831bd-0fed-422b-a9c6-778effb280b1] fetch captiveportal web template package default
Feb 14 18:28:04 guardian configd.py: [5f4e762f-f8b3-470c-bd00-229a065d6894] request mac table
root@guardian:/var/log # Feb 14 18:26:43 guardian configd.py: [bda40bd2-dbb3-4311-adf4-dd1ecc21cddb] Script action failed with Command '/usr/local/opnsense/scripts/OPNsense/CaptivePortal/listClients.py /zoneid '0' /output_type 'json'' returned non-zero exit status 1 at Traceback (most recent call last):   File "/usr/local/opnsense/service/modules/processhandler.py", line 481, in execute     stdout=output_stream, stderr=error_stream)   File "/usr/local/lib/python2.7/subprocess.py", line 190, in check_call     raise CalledProcessError(retcode, cmd) CalledProcessError: Command '/usr/local/opnsense/scripts/OPNsense/CaptivePortal/listClients.py /zoneid '0' /output_type 'json'' returned non-zero exit status 1
Too many )'s.
root@guardian:/var/log # Feb 14 18:26:43 guardian configd.py: [feac4694-43b3-408d-b75a-38a38aaa52d0] allow client access to captive portal
Feb: No match.
root@guardian:/var/log # Feb 14 18:26:43 guardian configd.py: [feac4694-43b3-408d-b75a-38a38aaa52d0] Script action failed with Command '/usr/local/opnsense/scripts/OPNsense/CaptivePortal/allow.py /zoneid '0' /username 'anonymous@192.168.111.81' /ip_address '192.168.111.81' /authenticated_via '' /output_type 'json'' returned non-zero exit status 1 at Traceback (most recent call last):   File "/usr/local/opnsense/service/modules/processhandler.py", line 481, in execute     stdout=output_stream, stderr=error_stream)   File "/usr/local/lib/python2.7/subprocess.py", line 190, in check_call     raise CalledProcessError(retcode, cmd) CalledProcessError: Command '/usr/local/opnsense/scripts/OPNsense/CaptivePortal/allow.py /zoneid '0' /username 'anonymous@192.168.111.81' /ip_address '192.168.111.81' /authenticated_via '' /output_type 'json'' returned non-zero exit status 1


The portalauth.log looks similar to what it normally logs:

Code Select Expand

Feb 14 18:23:18 guardian captiveportal[72660]: AUTH anonymous@192.168.111.81 (192.168.111.81) zone 0
Feb 14 18:26:42 guardian captiveportal[72660]: AUTH anonymous@192.168.111.81 (192.168.111.81) zone 0


The only thing that perhaps is not boilerplate in my config of the captive portal is the custom splash page and the fact that I bypass the splash page for two IP addresses. Both of these worked previously Under 18.7 and I think 19.1 (I could be wrong on the 19.1, so please don't hang your hat on that piece of information).

Funny, I was playing around with that last night before your message and I didn't get an error, but it wouldn't wake up the machine I was testing it against. Turns out, someone turned that machine off!  Anyhow, I tested it today against two other machines that were asleep and the command line works perfectly. The machines wake up, no errors and I can ping them. I'm trying to dig into the scripts and such to see where it gets called from the web interface.

Cool! My first firewall was a PC Engines and my second was a Soekris (it was a lower end unit). The PC Engines apu2 appears to use Intel, while the Soekris seems to depend upon what mini-PCI Express card you put in the box. I liked the reliability of the Soekris a lot, but it was too underpowered for what I needed and I had to upgrade.

Have you tried sending syslog to an external server to see if you can get any ideas as to what may be causing it?

I'm having the exact same issue with the same error. Did you ever identify the cause or solution? My guess is the plugin needs updating due to a change in the base OPNsense code, but I am pulling that out of the air. I have my configured only on my LAN interface, I've uninstalled and reinstalled the WoL plugin, and the LAN net doesn't have anything special that I can think of (it's not a VLAN, no bridging, no odd filtering, etc.

I'm not by any means an expert, but I did want to ask what hardware are you running for the network interfaces? The only reason I ask is because I switched to Intel a while back and they have been solid for me. My previous set-up utilized Realtek NICs and they did not handle VLANs, TCP Checksum Offload, etc. very well and caused instability. It may not apply to your situation, but thought I'd ask since I'm using VLANs and haven't had any Kernel Panic issues.

I saw a mention of this for earlier releases (18.1), but none for 18.7. I set up the Captive Portal with no authentication (just the splash page with an "Accept" button). It works fairly well, but if I allow any device by MAC address then downloads over a few Megabytes fail (I've confirmed on both a Mac and Windows PC. I can assign them a static IP through DHCP, and allow the machine by IP address and that works fine.

The only thing I noticed is that both the previous poster and I have setup the "guest" network utilizing VLANs, which may be related. I have a VLAN9 that contains my guest network and assigned it as a separate interface and then run the captive portal on eth2_vlan9. I have a second VLAN for the internal wireless - vlan5. I would prefer to utilize MAC address "allows" over the IP address, but can't until the large downloads item is addressed.

Any thoughts?