OPNsense 25.1.5_4 - Captive Portal user authentication not working

[saleh]

Today I upgrade OPNsense 25.1.5 to the latest hotfix release 25.1.5_4 after that the Captive Portal user authentication not working and give the message "authentication failed" although the username and password is correct. Removing the captive portal and recreating it didn't solve the issue.
Note: Allowed addresses is working but the Captive Portal user authentication not working although the username and password is correct and tested with System: Access: Tester.

Thank you.

[mariohlg]

I'm having the same problem... However the captive portal log says that the authentication was successful

[tong2x]

25.1.5_4

same login error

then the submit/connect button was lost/missing even if not yet authenticated.
even reverting to default template same error but submit button shows
returns login failed

I am using no auththentication just conenct button to authenticate

[FraLem]

Could it be related to the we browser's cache?

25.1.5_4

same login error

then the submit/connect button was lost/missing even if not yet authenticated.
even reverting to default template same error but submit button shows
returns login failed

I am using no auththentication just conenct button to authenticate

[tong2x]

Could it be related to the we browser's cache?

25.1.5_4

same login error

then the submit/connect button was lost/missing even if not yet authenticated.
even reverting to default template same error but submit button shows
returns login failed

I am using no auththentication just conenct button to authenticate

tried with multiple devices, and tried maually entering portal addess and even in incognito mode
same login error, even using the default blank template

[dhqcn]

With the 25.1.5_4, I have the same authentication issue, but with SSH into root account. I do not use captive portal at all.
However, the issue was gone when I reverted to a snapshot with the 25.1.5_1 version.

[tong2x]

With the 25.1.5_4, I have the same authentication issue, but with SSH into root account. I do not use captive portal at all.
However, the issue was gone when I reverted to a snapshot with the 25.1.5_1 version.

whats the command to revert to that version?

issue with portal voucher reported in github
https://github.com/opnsense/core/issues/8540
the whole portal ithink is broken, I only use no authentication, clicking connect button returns "login failed"

[mariohlg]

issue with portal voucher reported in github
https://github.com/opnsense/core/issues/8540
the whole portal ithink is broken, I only use no authentication, clicking connect button returns "login failed"

The problem is not just the voucher, it's the captive portal in general.

[dhqcn]

With the 25.1.5_4, I have the same authentication issue, but with SSH into root account. I do not use captive portal at all.
However, the issue was gone when I reverted to a snapshot with the 25.1.5_1 version.

whats the command to revert to that version?

issue with portal voucher reported in github
https://github.com/opnsense/core/issues/8540
the whole portal ithink is broken, I only use no authentication, clicking connect button returns "login failed"

Oh I took a snapshot in System -> Snapshots before each upgrade. Thus, I can revert to the previous version when having issue(s) with the new one. The procedure is mentioned in this document:

https://docs.opnsense.org/manual/snapshots.html

[c-oolt]

After updating OPNSNESNE to the latest version, Cpativ Portal does not work. The SSL certificate verification failed on my site.

I have assigned a domain through CloudFire and the ACME certificate is being renewed. Up until the update, everything worked fine.

At this point, the Captiv Portal page loads but there is an ACME certificate error. The certificate is up to date but browsers interpret it as untrusted.

[kozistan]

same here, captive not working in a production. As a authentication I'm using external radius server, where the user get successfully negotiated.

Code Select Expand

Auth: (38) Login OK: [captive.user] (from client OPNsense port 0 cli XX:XX:XX:XX:XX) - VLAN ID: XXXX >> You're User (from client opnsense.ip)
Anyway, Captive says login failed.

[tong2x]

progress has been made in github
there is a patch

[flaax]

Same problem with CP and 25.1.5_4

The log shows successful authentication:
2025-04-14T11:55:45 Informational captiveportal AUTH myuser (xx.xx.xx.xx) zone 0

The CP web frontend displays "Authentication failed" and access to other networks is not possible.

Setup:
Captive Portal is configured on a WireGuard interface for clients
Authentication method: LDAP + OTP

LDAP without OTP also fails → not related to OTP or token order
Local database authentication doesn't work either

OPNsense LDAP authentication works (ldap user login on OPNsense with Lobby:Password priveleges)
If on the CP a wrong password is entered on purpose, CP does correct logging:
2025-04-14T12:00:39    Informational    captiveportal    DENY myuser (xx.xx.xx.xx) zone 0

If I enter a wrong password too many times, the ldap user is locked out on the ldap server. So the whole auth CP - opnsense ldap config - ldap server seems to work fine. At least with wrong login.

Workaround:
Rollback to previous version or add WireGuard peers to CP's allowed IPs.

[Shild73]

The solution to the authorization problem is solved here

https://github.com/opnsense/core/commit/413f49c3ef68c0269a7163410b01a19c7a2fa4b5#diff-a83c0e9291cd5f0655cbd690b0bfaaef4b91db4ca9e04a4f36520ec2777d29c9

[franco]

Hotfix is now available.