Bug #12976
closed
Captive Portal not working with CARP-VIP configured on Captive-Portal-Interface
Added by Alex Boettrich about 3 years ago.
Updated about 3 years ago.
Affected Architecture:
amd64
Description
When Captive Portal is configured with a CARP VIP on the interface the captive portal does not work. DNS traffic to CARP VIP is blocked. DNS traffic to interface IP works.
CARP VIP is configured as allowed IP under Services => Captive Portal => "ZONE_NAME" => Allowed IP Addresses.
Removing the CARP IP the guest portal works as expected.
Have you applied the workaround from #12834? It's possible this is the same root cause.
Thanks for pointing out #12834 - I missed that.
#12834 is installed now and I rebooted the box - same problem - captive Portal does not work when using a CARP IP for DNS / GW-IP for Clients on that subnet.
It looks like I found the issue. I had to explicitly check the CARP-address on the guest-portal interface for unbound. Strangely on other interfaces Unbound listens on the CARP address without checking them explicitly... only on the Guest-Portal interface it had to be "ticked".
I think this ticket can be closed. I apologize for the inconvenience.
- Status changed from New to Not a Bug
Usually if you select any specific interface it doesn't necessarily include the VIPs, so it's somewhat surprising that it worked on the others. I'll close this out.
Yeah this doesn't appear to be CP related. The generated ipfw rules allow access to the CARP VIP on the interface:
[2.6.0-RELEASE][admin@m470-2.stevew.lan]/root: ipfw table test_zone_host_ips list
192.168.146.1/32 0 1197 220705 1648077743
192.168.146.5/32 0 0 0 0
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by