10-20-2023 02:41 PM - edited 10-20-2023 02:42 PM
Hello all,
on a test system we try to integrate the pfSense captive portal into Ruckus unleashed and ran into issues.
I just explain below what we have done and what is the issue with that setup.
Maybe somebody can enlighten me.
On pfSense we have done following:
Adding a VLAN 100 on top of a physical link:
Creating a new interface GUESTNET on this VLAN with a static IPv4 address with CIDR 24:
Adding a firewall rule for the GUESTNET with full access for testing:
Enabled DHCP on GUESTNET with a range, no limitations, rest is default:
Adding a Captive Portal zone getcom_Guest_Net on interface GUESTNET with max 100 concurrent connections and a idle time of 1440 minutes, customized login page with terms and conditions and SSL enabled server name plus letsencrypt wildcard certificate:
Creation of a Voucher list:
Created a host override entry in the DNS resolver for the virtual server name:
The letsencrypt cert is working for all services and with this we have no issue here.
Cisco VLAN setup: all stacking ports/LACP ports/PoE ports for Ruckus APs are trunk ports.
VLAN 100 was added into the VLAN setup.
On Ruckus:
Created a SSID / WiFi Network with a Hotspot Service and added VLAN 100, Access Control, Radio Control, Others is default:
Hotspot Service has a redirection URL for unauthorized users to https://guestlogin.getcom.de:8003/index.php?zone=getcom_guest_net which is only reachable from VLAN 100:
On iOS or Android client:
After selecting the new WiFi "getcom guest net" the login page is popping up, you can type in a Vouche code, accept the terms and conditions and press the login button. Then it tells you you are connected but nothing else is happening. It stays on this side. iOS and Android is telling you that you are not connected to the internet.
It looks like a name server issue, but if I connect to the pfSense I can nslookup over the GUESTNET interface.
If I check the client status it is telling me it is unauthorized:
The question is, how Ruckus unleashed is getting the information that the client is authenticated?
Thanks for reading this post...
10-26-2023 01:02 AM
Does it need username and password?
The Captive Portal is configured to use vouchers because this type of WLAN is for guest users only, so no username/password is needed here.
The voucher could be the password. As username I could use the MAC address without colon.
I will test this settings and will come back.
11-26-2024 11:00 AM
After struggling to get authentication working on my ruckus unleashed r770 and pfsense (I could not get pfsense to send post request back to ap that client is authenticated) I decided to just update hot spot walled garden settings to allow basically everything through. So even though clients appear unauthorized in unleashed, they have internet access and captive portal works as expected.