Captive Portal Problems After 25.1.5_5

Apr 25, 2025 by ADMIN 39 views

Introduction

OPNsense is a popular open-source firewall and network security solution that provides a robust and customizable platform for managing network security. However, like any complex software, it is not immune to bugs and issues. In this article, we will explore a specific problem that has been reported by users after updating to OPNsense 25.1.5_5, specifically related to captive portal functionality.

Captive Portal Issues after Update

Several users have reported that after updating to OPNsense 25.1.5_5, their captive portal is no longer functioning as expected. Specifically, when a client connects to the network, it does not have internet connectivity, and the captive portal login page does not appear. This issue is particularly problematic for users who rely on the captive portal for authentication and access control.

Symptoms of the Issue

The symptoms of this issue are as follows:

Clients cannot access the internet after connecting to the network.
The captive portal login page does not appear.
The issue is specific to OPNsense 25.1.5_5 and does not occur on previous versions.

Possible Causes of the Issue

There are several possible causes of this issue, including:

Default Captive Portal Block Rule (Zone 0): This rule may be blocking DNS traffic, which is necessary for the captive portal to function.
NAT-RULE: The NAT-RULE may be redirecting DNS traffic to a BIND DNS server, which is not compatible with the new captive portal functionality.
Unbound on the CP-Interface: Running Unbound on the CP-Interface may be causing the issue, as it may be interfering with the captive portal's ability to display the login page.

Steps to Reproduce the Issue

To reproduce this issue, follow these steps:

Update to OPNsense 25.1.5_5.
Configure the captive portal to use the IP (Carp-VIP) via HTTP.
Create a NAT-RULE to redirect DNS traffic to a BIND DNS server.
Run Unbound on the CP-Interface.
Connect a client to the network and attempt to access the internet.

Expected Behavior

The expected behavior is that the captive portal should display the login page after a client connects to the network.

Alternatives Considered

One potential patch has been applied to address this issue, but it has not resolved the problem for all users.

Screenshots and Log Files

Screenshots and log files may be helpful in diagnosing this issue. If you are experiencing this problem, please provide screenshots and log files to help us better understand the issue.

Additional Context

It is worth noting that this issue may be related to the use of a /23 subnet on the interface and a MSS of 1362.

Environment

The environment in which this issue is occurring is as follows:

OPNsense 25.1.5_5-amd64
2 OPNsense Appliances DEC4280
AMD EPYC 3451 16-Core Processor
64GB DDR4

Conclusion

The captive portal problem after updating to OPNsense 25.1.5_5 is a complex issue that requires further investigation. If you are experiencing this problem, please provide additional information and to help us better understand the issue. We will continue to monitor this issue and provide updates as more information becomes available.

Possible Solutions

Based on the information provided, possible solutions to this issue may include:

Disable the Default Captive Portal Block Rule (Zone 0): Disabling this rule may resolve the issue by allowing DNS traffic to pass through.
Modify the NAT-RULE: Modifying the NAT-RULE to redirect DNS traffic to a different server or port may resolve the issue.
Disable Unbound on the CP-Interface: Disabling Unbound on the CP-Interface may resolve the issue by preventing it from interfering with the captive portal's ability to display the login page.
Apply a different patch: Applying a different patch may resolve the issue, as the current patch has not resolved the problem for all users.

Future Development

We will continue to monitor this issue and provide updates as more information becomes available. In the future, we may develop a patch or update to resolve this issue. If you are experiencing this problem, please continue to provide feedback and suggestions to help us improve the OPNsense software.

Introduction

In our previous article, we explored the captive portal problem that has been reported by users after updating to OPNsense 25.1.5_5. In this article, we will provide a Q&A section to help answer some of the most frequently asked questions about this issue.

Q: What is the captive portal problem?

A: The captive portal problem is an issue that occurs when a client connects to the network after updating to OPNsense 25.1.5_5. The client does not have internet connectivity, and the captive portal login page does not appear.

Q: What are the possible causes of the captive portal problem?

A: There are several possible causes of the captive portal problem, including:

Default Captive Portal Block Rule (Zone 0): This rule may be blocking DNS traffic, which is necessary for the captive portal to function.
NAT-RULE: The NAT-RULE may be redirecting DNS traffic to a BIND DNS server, which is not compatible with the new captive portal functionality.
Unbound on the CP-Interface: Running Unbound on the CP-Interface may be causing the issue, as it may be interfering with the captive portal's ability to display the login page.

Q: How can I reproduce the captive portal problem?

A: To reproduce the captive portal problem, follow these steps:

Update to OPNsense 25.1.5_5.
Configure the captive portal to use the IP (Carp-VIP) via HTTP.
Create a NAT-RULE to redirect DNS traffic to a BIND DNS server.
Run Unbound on the CP-Interface.
Connect a client to the network and attempt to access the internet.

Q: What is the expected behavior of the captive portal?

A: The expected behavior of the captive portal is that it should display the login page after a client connects to the network.

Q: What alternatives have been considered to resolve the captive portal problem?

A: One potential patch has been applied to address this issue, but it has not resolved the problem for all users.

Q: What additional context is relevant to the captive portal problem?

A: It is worth noting that this issue may be related to the use of a /23 subnet on the interface and a MSS of 1362.

Q: What is the environment in which the captive portal problem is occurring?

A: The environment in which the captive portal problem is occurring is as follows:

OPNsense 25.1.5_5-amd64
2 OPNsense Appliances DEC4280
AMD EPYC 3451 16-Core Processor
64GB DDR4

Q: What are some possible solutions to the captive portal problem?

A: Based on the information provided, possible solutions to the captive portal problem may include:

Disable the Default Captive Portal Block Rule (Zone 0): Disabling this rule may resolve the issue by allowing DNS traffic to pass through.
Modify the NAT-RULE: Modifying the NAT-RULE to redirect DNS traffic to a different server or port may resolve the issue.
Disable Unbound on the CP-Interface: Disabling Unbound on the CP-Interface may resolve the issue by preventing it from interfering with the captive portal's ability to display the login page.
Apply a different patch: Applying a different patch may resolve the issue, as the current patch has not resolved the problem for all users.

Q: What is the future development plan for resolving the captive portal problem?

A: We will continue to monitor this issue and provide updates as more information becomes available. In the future, we may develop a patch or update to resolve this issue. If you are experiencing this problem, please continue to provide feedback and suggestions to help us improve the OPNsense software.

Q: How can I provide feedback and suggestions to help resolve the captive portal problem?

A: If you are experiencing the captive portal problem, please provide feedback and suggestions by:

Commenting on this article
Creating a new issue on the OPNsense GitHub repository
Contacting the OPNsense development team directly

We appreciate your feedback and suggestions, and we will do our best to resolve the captive portal problem as soon as possible.