OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of mibsy »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - mibsy

Pages: [1]
1
19.1 Legacy Series / Captive Portal change default port number for HTTP?
« on: March 25, 2019, 01:51:47 am »
One of my users was complaining they couldn't connect to the wireless guest network with their Kindle Fire HD (version 10 I think). I spent over an hour troubleshooting and pulling my hair out. Finally, between Tcpdump and using portquiz.net:8000, I was able to figure out that on that particular version of Amazon OS port 8000 is blocked on the device. The redirect to the Opnsense Captive Portal on port 8000 never leaves the device and there isn't a known way to change that behavior on this specific Amazon configuration.

So, what I want to do is change the default port number of the captive portal. I can't find a way through the web GUI to make the change (I have created a configuration that is not active and activated the second configuration so that the port is now 8001). My goal is to set it to something like 8080 and I don't have the desire to create 79 unused configurations (I think the captive portal creates the zone number starting at zero and adds one each time). The zone number seems to be added to the default of port 8000 to set the config for that particular zone/captive portal.

2
19.1 Legacy Series / [SOLVED] Captive Portal No Longer Working
« on: February 15, 2019, 12:51:18 am »
I'm running the Captive Portal on 19.1.1. I have it configured for no authentication with a splash page and an "Accept" button in place of the "Sign in" button. All was working well until I upgraded (I think it was one of the updates to 19.1 -perhaps .1). I can't think of any configuration changes that may have caused it, and I figured perhaps the template changed, so I tried the default template with a fresh captive portal configuration - no dice.

What happens is the captive portal page pops up and when someone selects the "Accept" button, which was Sign-in, they get a "Login Failed" error box in pink. Here are the pertinent error logs from configd.log

Code: [Select]
Feb 14 18:26:43 guardian configd.py: [feac4694-43b3-408d-b75a-38a38aaa52d0] allow client access to captive portal
Feb 14 18:26:43 guardian configd.py: [feac4694-43b3-408d-b75a-38a38aaa52d0] Script action failed with Command '/usr/local/opnsense/scripts/OPNsense/CaptivePortal/allow.py /zoneid '0' /username 'anonymous@192.168.111.81' /ip_address '192.168.111.81' /authenticated_via '' /output_type 'json'' returned non-zero exit status 1 at Traceback (most recent call last):   File "/usr/local/opnsense/service/modules/processhandler.py", line 481, in execute     stdout=output_stream, stderr=error_stream)   File "/usr/local/lib/python2.7/subprocess.py", line 190, in check_call     raise CalledProcessError(retcode, cmd) CalledProcessError: Command '/usr/local/opnsense/scripts/OPNsense/CaptivePortal/allow.py /zoneid '0' /username 'anonymous@192.168.111.81' /ip_address '192.168.111.81' /authenticated_via '' /output_type 'json'' returned non-zero exit status 1
Feb 14 18:27:19 guardian configd.py: [3b5831bd-0fed-422b-a9c6-778effb280b1] fetch captiveportal web template package default
Feb 14 18:28:04 guardian configd.py: [5f4e762f-f8b3-470c-bd00-229a065d6894] request mac table
root@guardian:/var/log # Feb 14 18:26:43 guardian configd.py: [bda40bd2-dbb3-4311-adf4-dd1ecc21cddb] Script action failed with Command '/usr/local/opnsense/scripts/OPNsense/CaptivePortal/listClients.py /zoneid '0' /output_type 'json'' returned non-zero exit status 1 at Traceback (most recent call last):   File "/usr/local/opnsense/service/modules/processhandler.py", line 481, in execute     stdout=output_stream, stderr=error_stream)   File "/usr/local/lib/python2.7/subprocess.py", line 190, in check_call     raise CalledProcessError(retcode, cmd) CalledProcessError: Command '/usr/local/opnsense/scripts/OPNsense/CaptivePortal/listClients.py /zoneid '0' /output_type 'json'' returned non-zero exit status 1
Too many )'s.
root@guardian:/var/log # Feb 14 18:26:43 guardian configd.py: [feac4694-43b3-408d-b75a-38a38aaa52d0] allow client access to captive portal
Feb: No match.
root@guardian:/var/log # Feb 14 18:26:43 guardian configd.py: [feac4694-43b3-408d-b75a-38a38aaa52d0] Script action failed with Command '/usr/local/opnsense/scripts/OPNsense/CaptivePortal/allow.py /zoneid '0' /username 'anonymous@192.168.111.81' /ip_address '192.168.111.81' /authenticated_via '' /output_type 'json'' returned non-zero exit status 1 at Traceback (most recent call last):   File "/usr/local/opnsense/service/modules/processhandler.py", line 481, in execute     stdout=output_stream, stderr=error_stream)   File "/usr/local/lib/python2.7/subprocess.py", line 190, in check_call     raise CalledProcessError(retcode, cmd) CalledProcessError: Command '/usr/local/opnsense/scripts/OPNsense/CaptivePortal/allow.py /zoneid '0' /username 'anonymous@192.168.111.81' /ip_address '192.168.111.81' /authenticated_via '' /output_type 'json'' returned non-zero exit status 1

The portalauth.log looks similar to what it normally logs:

Code: [Select]
Feb 14 18:23:18 guardian captiveportal[72660]: AUTH anonymous@192.168.111.81 (192.168.111.81) zone 0
Feb 14 18:26:42 guardian captiveportal[72660]: AUTH anonymous@192.168.111.81 (192.168.111.81) zone 0

The only thing that perhaps is not boilerplate in my config of the captive portal is the custom splash page and the fact that I bypass the splash page for two IP addresses. Both of these worked previously Under 18.7 and I think 19.1 (I could be wrong on the 19.1, so please don't hang your hat on that piece of information).

 

3
18.7 Legacy Series / Captive Portal with MAC Address "Allow" causes downloads to fail
« on: January 26, 2019, 06:59:02 pm »
I saw a mention of this for earlier releases (18.1), but none for 18.7. I set up the Captive Portal with no authentication (just the splash page with an "Accept" button). It works fairly well, but if I allow any device by MAC address then downloads over a few Megabytes fail (I've confirmed on both a Mac and Windows PC. I can assign them a static IP through DHCP, and allow the machine by IP address and that works fine.

The only thing I noticed is that both the previous poster and I have setup the "guest" network utilizing VLANs, which may be related. I have a VLAN9 that contains my guest network and assigned it as a separate interface and then run the captive portal on eth2_vlan9. I have a second VLAN for the internal wireless - vlan5. I would prefer to utilize MAC address "allows" over the IP address, but can't until the large downloads item is addressed.

Any thoughts?

 

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2