cancel
Showing results for 
Search instead for 
Did you mean: 

Unleashed R610/T610 and captive portal from pfSense: No internet access after Voucher login

getcom
New Contributor

Hello all,

on a test system we try to integrate the pfSense captive portal into Ruckus unleashed and ran into issues.
I just explain below what we have done and what is the issue with that setup.

Maybe somebody can enlighten me.

On pfSense we have done following:

Adding a VLAN 100 on top of a physical link:

getcom_0-1697835144112.png

Creating a new interface GUESTNET on this VLAN with a static IPv4 address with CIDR 24:

getcom_1-1697835441326.png

Adding a firewall rule for the GUESTNET with full access for testing:

getcom_2-1697835628678.png

Enabled DHCP on GUESTNET with a range, no limitations, rest is default:

getcom_3-1697835777968.png

Adding a Captive Portal zone getcom_Guest_Net on interface GUESTNET with max 100 concurrent connections and a idle time of 1440 minutes, customized login page with terms and conditions and SSL enabled server name plus letsencrypt wildcard certificate:

getcom_4-1697835868552.png

getcom_5-1697836164440.png

Creation of a Voucher list:

getcom_6-1697836300712.png

Created a host override entry in the DNS resolver for the virtual server name:

getcom_7-1697836444635.png

The letsencrypt cert is working for all services and with this we have no issue here.

Cisco VLAN setup: all stacking ports/LACP ports/PoE ports for Ruckus APs are trunk ports.
VLAN 100 was added into the VLAN setup.

On Ruckus:

Created a SSID / WiFi Network with a Hotspot Service and added VLAN 100, Access Control, Radio Control, Others is default:

getcom_8-1697836979259.png

Hotspot Service has a redirection URL for unauthorized users to https://guestlogin.getcom.de:8003/index.php?zone=getcom_guest_net which is only reachable from VLAN 100: 

getcom_9-1697837323607.png

On iOS or Android client:

After selecting the new WiFi "getcom guest net" the login page is popping up, you can type in a Vouche code, accept the terms and conditions and press the login button. Then it tells you you are connected but nothing else is happening. It stays on this side. iOS and Android is telling you that you are not connected to the internet.
It looks like a name server issue, but if I connect to the pfSense I can nslookup over the GUESTNET interface.

If I check the client status it is telling me it is unauthorized:

getcom_11-1697837997258.png

The question is, how Ruckus unleashed is getting the information that the client is authenticated?

Thanks for reading this post...

 

 

 

 

 

6 REPLIES 6

getcom
New Contributor

Does it need username and password?

The Captive Portal is configured to use vouchers because this type of WLAN is for guest users only, so no username/password is needed here.

The voucher could be the password. As username I could use the MAC address without colon.
I will test this settings and will come back.

sash
New Contributor

After struggling to get authentication working on my ruckus unleashed r770 and pfsense (I could not get pfsense to send post request back to ap that client is authenticated) I decided to just update hot spot walled garden settings to allow basically everything through. So even though clients appear unauthorized in unleashed, they have internet access and captive portal works as expected.

Screenshot 2024-11-26 at 13.59.45.jpg