Bug #12941
closedCaptive Portal on specific VLAN prevents routing to other networks (since 22.01)
0%
Description
Hello there,
this weekend I updated my 1537 to 22.01-RELEASE from the previous latest stable version.
The update process went fine and everything seemed to work fine.
We use ix0 as our 10G LAN interface with several VLANs (ix0.xxxx). VLAN ix0.80 also has Captive Portal enabled, which worked like a charm for a couple of months now.
Today, I have troubles with all computers on ix0.80, as they can somehow not access any resource on our company network anymore.
After a successful login within the captive portal, clients can access the Internet, but all packets to other networks are somehow dropped.
This is not a firewall related issue. My PC (192.168.1.209) is on LAN and all traffic from it is allowed to everywhere. For the address of one PC on ix0.80 (10.10.81.101), I also set up a temporary "allow everything to everywhere" rule to ensure it is not the firewall causing the issues. Windows firewall have also been completely disabled on the test machines.
As soon as I disable Captive Portal, everything starts to work as expected again.
Overview of our net:
Description | Interface ID | Network |
---|---|---|
LAN | ix0 | 192.168.0.0/16 |
VLAN w/ Captive Portal | ix0.80 | 10.10.80.0/24 |
Another VLAN | ix0.96 | 10.10.96.0/24 |
- from 10.10.80.101 ping 192.168.220.31 (DNS-Server)
- from 10.10.80.101 nslookup to 192.168.220.31 (DNS-Server) always fail with "DNS request timed out." This prevents almost anything to work.
- from 192.168.1.209 ping 10.10.80.101
- from 10.10.80.101 ping 192.168.1.209
- from 10.10.80.101 ping 192.168.200.25 (an apache webserver)
- from 10.10.80.101 ping 10.10.96.12 (windows client on ix0.96)
- from 10.10.80.101 ping 192.168.220.101 (windows rdp server)
- from 10.10.80.101 ping 192.168.1.16 (pfsense ix0-IP)
- 10.10.80.101 can surf the internet (even though our DNS is not working! I can't figure out how.)
- from 10.10.80.101 http to 192.168.200.25 via browser (even though ping the same host is not possible)
- from 192.168.1.209 vnc into 10.10.80.101 (ping does not work, but vnc does?)
- from 10.10.80.101 rdp into 192.168.220.101 (even thouhg ping does not work to the very same host)
- from 192.168.1.209 ping 192.168.1.16 (pfsense ix0-IP)
- from 192.168.1.209 ping 10.10.80.1 (pfsense ix0.80-IP)
- from 10.10.80.101 ping 10.10.80.1 (pfsense ix0.80-IP)
It is a very strange situation, it seems everything is working but ping and DNS . As a result of those two, most services / things do not work either.
As soon as I disable Captive Portal, all problems are gone. No firewall rule changed. Furthermore, inspecting System Logs / Firewall confirms that firewall is not causing the issues.
I hope I provided all the information needed in order to recreate the issue.
For the moment, I have no choices but to disable captive portal.
Please feel free to ask any additional information.
Lorenzo