Captive Portal Not Working - Fresh Install from pfSense

Started by wifimasters, September 12, 2016, 08:38:26 PM

Previous topic - Next topic
Hello,  i got a simple setup of captive portal with the following interfaces;

LAN (vr0)       -> v4: (I USE TO CONFIGURE)
WAN (vr1)       -> v4: (WAN)

I followed all the steps from this URL; but it's NOT working.

1. I got the landing page on all my devices.
2. Entered the generated vouchers.
3. Nothing happened. Just stalled and totally nothing!
4. I run tcpdump in GUESTNET interface and I can see attempts to reach google, facebook domains etc.

How to make it work?

I attached some screenshots for your reference and the config XML file.

Thanks and more power!

PS. I was once a M0n0Wall user, then move to pfSense and now would love to stay with OPNSense.

I have been testing with Captive Portal to see if I can replicate this issue, but I can't with my setup.
I suspect a DNS or NAT issue.  Did you test if your internet is working on the Guest interface (opt) without the CP active?

If that does not work then try to set the NAT rules to manual and check if it lists the correct mappings and apply. Then test again without and with CP.

Also make sure the DNS is functioning without and with CP on the guest network.

thank you J for the response. yeah, probably can you provide me the proper NAT setup on OPT1 interface?


Check your outbound NAT and set it to manual or hybrid if it doesn't work.

Then look for a nat rule on WAN with source of your opt network ( and translate it to interface ip of the WAN.Hit Save/Apply.

That should probably do the trick.

Hey J, i had the whole evening of testing but success on the captive portal.

I have confirm that I can get internet without the captive portal running so I can say my NATs are fine!

Is this guide outdated? can someone please correct or update this?

I am desperate now need to get this working for the school.

Can I give you any logs or dump you want to check?

Please and thanks.

I am sure the docs are up-to date.. tested it serveral times in the last week.

Everything works as expected, however many people do not realize that you can't capture a https session and expect that to work as your browser will protect you for that man-in-the-midle attack.

In order to get that to work one needs to login first by either connecting to the captive portal page directly or access a http site first (will promt for login).

On wifi you can also make sure that the user is prompted to login first. For android see:

For iphone it should already work.

If things do not work out also check my suggestions in the other post for testing and building your configuration.

One last note: (In am not sure if you configured this) transparent proxy in combination with the Captive Portal is currently not supported.. this is expected to be resolved shortly with 16.7.5.

If you need more support then I advise you to take a look at our commercial support offerings, see:

thanks a lot, we will look into a possibility of a commercial support.
