cancel
Showing results for 
Search instead for 
Did you mean: 

Unleashed R610/T610 and captive portal from pfSense: No internet access after Voucher login

getcom
New Contributor

Hello all,

on a test system we try to integrate the pfSense captive portal into Ruckus unleashed and ran into issues.
I just explain below what we have done and what is the issue with that setup.

Maybe somebody can enlighten me.

On pfSense we have done following:

Adding a VLAN 100 on top of a physical link:

getcom_0-1697835144112.png

Creating a new interface GUESTNET on this VLAN with a static IPv4 address with CIDR 24:

getcom_1-1697835441326.png

Adding a firewall rule for the GUESTNET with full access for testing:

getcom_2-1697835628678.png

Enabled DHCP on GUESTNET with a range, no limitations, rest is default:

getcom_3-1697835777968.png

Adding a Captive Portal zone getcom_Guest_Net on interface GUESTNET with max 100 concurrent connections and a idle time of 1440 minutes, customized login page with terms and conditions and SSL enabled server name plus letsencrypt wildcard certificate:

getcom_4-1697835868552.png

getcom_5-1697836164440.png

Creation of a Voucher list:

getcom_6-1697836300712.png

Created a host override entry in the DNS resolver for the virtual server name:

getcom_7-1697836444635.png

The letsencrypt cert is working for all services and with this we have no issue here.

Cisco VLAN setup: all stacking ports/LACP ports/PoE ports for Ruckus APs are trunk ports.
VLAN 100 was added into the VLAN setup.

On Ruckus:

Created a SSID / WiFi Network with a Hotspot Service and added VLAN 100, Access Control, Radio Control, Others is default:

getcom_8-1697836979259.png

Hotspot Service has a redirection URL for unauthorized users to https://guestlogin.getcom.de:8003/index.php?zone=getcom_guest_net which is only reachable from VLAN 100: 

getcom_9-1697837323607.png

On iOS or Android client:

After selecting the new WiFi "getcom guest net" the login page is popping up, you can type in a Vouche code, accept the terms and conditions and press the login button. Then it tells you you are connected but nothing else is happening. It stays on this side. iOS and Android is telling you that you are not connected to the internet.
It looks like a name server issue, but if I connect to the pfSense I can nslookup over the GUESTNET interface.

If I check the client status it is telling me it is unauthorized:

getcom_11-1697837997258.png

The question is, how Ruckus unleashed is getting the information that the client is authenticated?

Thanks for reading this post...

 

 

 

 

 

6 REPLIES 6

sanjay_kumar
RUCKUS Team Member

Hi @getcom 

The config looks fine, but the client is authenticated but Unleashed (Controller) does not know about it from the Captive portal.

You need to have POST configured on the pdSense which tells to the Unleashed about the client authorization.
Then the Auth status for the client on the Unleashed changes from "Unauthorized" to "Authorized".

Hello Sanjay,

Thank you for your answer.

Which POST URL has to be requested on pfSense?

Thank you in advance.

getcom
New Contributor

 I found following:

  • https://${sip}:9998/login
  • http://${sip}:9997/login

Where ${sip} is the FQDN of the master AP.

Same result: blank page, user is still unauthorized.

Another documentation tells me to replace /login with /SubscriberPortal/hotspotlogin

Then I got the message to enable EjsErrors in the browser.

Is there an additional documentation to the current 200.14 release where I can read that?
All what I got was either missleading, outdated, wrong, not working or dead documentation links. Additionally I could not read anything about this topic, so lots of information, nothing new,, but without interesting content.

Maybe somebody ot the quality  people should check this...

 

sanjay_kumar
RUCKUS Team Member

Hi @getcom 

The POST URL is correct. But we should also look into the post parameters which will be submitting to the Unleashed. The Post parameters are something like this, no need to edit anything but pfSense should use this format and return the values accordingly. If you still have issues, then you can open a support case so that we can assist you on this.

username=${USERNAME}
password=${PASSWORD}
client_mac=${client_mac}
uip=${uip}
url=${RETURN_URL}