Bug #12976
closed
Captive Portal not working with CARP-VIP configured on Captive-Portal-Interface
0%
Description
When Captive Portal is configured with a CARP VIP on the interface the captive portal does not work. DNS traffic to CARP VIP is blocked. DNS traffic to interface IP works.
CARP VIP is configured as allowed IP under Services => Captive Portal => "ZONE_NAME" => Allowed IP Addresses.
Removing the CARP IP the guest portal works as expected.
Updated by Jim Pingle about 3 years ago
Have you applied the workaround from #12834? It's possible this is the same root cause.
Updated by Alex Boettrich about 3 years ago
Updated by Alex Boettrich about 3 years ago
It looks like I found the issue. I had to explicitly check the CARP-address on the guest-portal interface for unbound. Strangely on other interfaces Unbound listens on the CARP address without checking them explicitly... only on the Guest-Portal interface it had to be "ticked".
I think this ticket can be closed. I apologize for the inconvenience.
Updated by Jim Pingle about 3 years ago
- Status changed from New to Not a Bug
Usually if you select any specific interface it doesn't necessarily include the VIPs, so it's somewhat surprising that it worked on the others. I'll close this out.
Updated by Steve Wheeler about 3 years ago
Yeah this doesn't appear to be CP related. The generated ipfw rules allow access to the CARP VIP on the interface:
[2.6.0-RELEASE][admin@m470-2.stevew.lan]/root: ipfw table test_zone_host_ips list 192.168.146.1/32 0 1197 220705 1648077743 192.168.146.5/32 0 0 0 0