Project

General

Profile

Actions
Copy link

Bug #12941

closed

Captive Portal on specific VLAN prevents routing to other networks (since 22.01)

Added by Lorenzo Marroccoli about 2 years ago. Updated about 2 years ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
Captive Portal
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

Hello there,

this weekend I updated my 1537 to 22.01-RELEASE from the previous latest stable version.
The update process went fine and everything seemed to work fine.

We use ix0 as our 10G LAN interface with several VLANs (ix0.xxxx). VLAN ix0.80 also has Captive Portal enabled, which worked like a charm for a couple of months now.

Today, I have troubles with all computers on ix0.80, as they can somehow not access any resource on our company network anymore.
After a successful login within the captive portal, clients can access the Internet, but all packets to other networks are somehow dropped.

This is not a firewall related issue. My PC (192.168.1.209) is on LAN and all traffic from it is allowed to everywhere. For the address of one PC on ix0.80 (10.10.81.101), I also set up a temporary "allow everything to everywhere" rule to ensure it is not the firewall causing the issues. Windows firewall have also been completely disabled on the test machines.

As soon as I disable Captive Portal, everything starts to work as expected again.

Overview of our net:

Description Interface ID Network
LAN ix0 192.168.0.0/16
VLAN w/ Captive Portal ix0.80 10.10.80.0/24
Another VLAN ix0.96 10.10.96.0/24
Things which should work but, doesn't:
  • from 10.10.80.101 ping 192.168.220.31 (DNS-Server)
  • from 10.10.80.101 nslookup to 192.168.220.31 (DNS-Server) always fail with "DNS request timed out." This prevents almost anything to work.
  • from 192.168.1.209 ping 10.10.80.101
  • from 10.10.80.101 ping 192.168.1.209
  • from 10.10.80.101 ping 192.168.200.25 (an apache webserver)
  • from 10.10.80.101 ping 10.10.96.12 (windows client on ix0.96)
  • from 10.10.80.101 ping 192.168.220.101 (windows rdp server)
  • from 10.10.80.101 ping 192.168.1.16 (pfsense ix0-IP)
Things which does work:
  • 10.10.80.101 can surf the internet (even though our DNS is not working! I can't figure out how.)
  • from 10.10.80.101 http to 192.168.200.25 via browser (even though ping the same host is not possible)
  • from 192.168.1.209 vnc into 10.10.80.101 (ping does not work, but vnc does?)
  • from 10.10.80.101 rdp into 192.168.220.101 (even thouhg ping does not work to the very same host)
  • from 192.168.1.209 ping 192.168.1.16 (pfsense ix0-IP)
  • from 192.168.1.209 ping 10.10.80.1 (pfsense ix0.80-IP)
  • from 10.10.80.101 ping 10.10.80.1 (pfsense ix0.80-IP)

It is a very strange situation, it seems everything is working but ping and DNS . As a result of those two, most services / things do not work either.
As soon as I disable Captive Portal, all problems are gone. No firewall rule changed. Furthermore, inspecting System Logs / Firewall confirms that firewall is not causing the issues.

I hope I provided all the information needed in order to recreate the issue.
For the moment, I have no choices but to disable captive portal.
Please feel free to ask any additional information.

Lorenzo

Actions
Copy link

Also available in: Atom PDF