packetfence icon indicating copy to clipboard operation
packetfence copied to clipboard

Published 20 hours ago verified publisher icon inverse-inc

v12 (Venom): GET http://IP_OF_PORTAL/captive-portal doesn't return captive portal webpage

Open nqb opened this issue 2 years ago • 2 comments

Describe the bug I noticed a difference when reaching captive portal through IP address (not using name) in Venom tests.

Previously, in order to check locales on captive portal, I used following URL: https://172.18.201.2/captive-portal which returned directly captive portal webpage. Now, it seems that this URL returned:

<html>
    <head>
        <meta http-equiv="refresh" content="0; url=http://pf.example.lan/captive-portal?destination_url=https://172.18.201.2/captive-portal/">
        <script type="text/javascript">
            window.location.replace('http:\/\/pf.example.lan\/captive-portal?destination_url=https:\/\/172.18.201.2\/captive-portal\/');
        </script>
    </head>

If I reached directly https://pf.example.lan/captive-portal (with pf.example.lan configured as general domain and hostname in pf.conf) , I got captive portal webpage.

I just opened that issue to discuss about difference and potential impact it will have.

nqb avatar Aug 23 '22 09:08 nqb

Additional notes:

  • I'm able to get captive portal webpage when using http://IP_OF_PORTAL/captive-portal on management interface with portal daemon enabled. I doesn't work when trying to reach captive portal on a registration interface (case described above).

haproxy-portal requests:

# on a registration interface
Aug 23 09:52:21 pfdeb11dev haproxy-portal-docker-wrapper[1131]: 172.18.201.115:46338 [23/Aug/2022:09:52:21.053] portal-http-172.18.200.12 proxy/proxy 0/0/0/5/5 200 602 - - ---- 2/1/0/0/0 0/0 {172.18.201.2} "GET /captive-portal HTTP/1.1"

# on management interface
Aug 23 09:52:27 pfdeb11dev haproxy-portal-docker-wrapper[1131]: 172.18.200.251:41690 [23/Aug/2022:09:52:27.534] portal-http-172.18.200.12 172.18.200.12-backend/containers-gateway.internal:8080 0/0/0/50/50 200 4916 - - ---- 2/1/0/0/0 0/0
{172.18.200.12} "GET /captive-portal HTTP/1.1"

nqb avatar Aug 23 '22 09:08 nqb

I hit same issue while running inline tests.

nqb avatar Aug 31 '22 18:08 nqb

Still unable to get the captive portal working with an Aruba2930M Series switch. Clients in the registration VLAN are redirected to msftconnecttest.com/redirect and after a while it redirects to the pfserver https://packetfence.nac/captive-portal?destination_url=http://www.msftconnecttest.com/redirect. my clients in registration can ping packetfence.nac or any other URL because it's redirected to the IP 66.70.255.147. They can also ping all the packetfence interfaces IP's.

Yass737 avatar Apr 06 '23 08:04 Yass737