Hi, I have an issue with the captive portal. I can sign up but I can't install the PacketFence Android Agent from the Play store. When I press the Install button it does nothing.
I suspect this is an issue with how Packetfence redirects HTTPS traffic. I have a wildcard cert from Let's Encrypt and clients are on a registration VLAN. DHCP and DNS are handled by Packetfence. At first, I thought it was an incorrect/missing domain in Passthrough Domains. So I allowed all domains '*' to pass through but it made no difference. When I looked at my haproxy_portal.log I saw this: SSL handshake failure After reading a suggestion on this list I disabled Secure Redirect in the Captive Portal, this also made no difference. Here is the connection log from an Android phone. As you can see it can't verify www.google.com and it's using my wildcard certificate for my domain example.net, 01-12 15:33:19.256 1828 11376 D NetworkMonitor/109: PROBE_HTTP http://connectivitycheck.gstatic.com/generate_204 time=16ms ret=200 request={Connection=[close], User-Agent=[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36]} headers={null=[HTTP/1.1 200 OK], connection=[close], content-length=[431], content-type=[text/html; charset=utf-8], date=[Thu, 12 Jan 2023 02:33:19 GMT], location=[ http://signin.example.net/captive-portal?destination_url=http://connectivitycheck.gstatic.com/generate_204], server=[Caddy], X-Android-Received-Millis=[1673490799256], X-Android-Response-Source=[NETWORK 200], X-Android-Selected-Protocol=[http/1.1], X-Android-Sent-Millis=[1673490799248]} 01-12 15:33:19.257 1828 11374 D NetworkMonitor/109: isCaptivePortal: isSuccessful()=false isPortal()=true RedirectUrl= http://signin.example.net/captive-portal?destination_url=http://connectivitycheck.gstatic.com/generate_204 isPartialConnectivity()=false Time=29ms 01-12 15:33:19.257 1478 1682 D ConnectivityService: [109 WIFI] validation failed with redirect to http://signin.example.net/captive-portal?destination_url=http://connectivitycheck.gstatic.com/generate_204 01-12 15:33:19.258 522 566 I display : level=328, DimmingOn=1, Hbm=0, LhbmOn=0 01-12 15:33:19.267 1828 11375 D NetworkMonitor/109: PROBE_HTTPS https://www.google.com/generate_204 Probe failed with exception javax.net.ssl.SSLPeerUnverifiedException: Hostname www.google.com not verified: 01-12 15:33:19.267 1828 11375 D NetworkMonitor/109: certificate: sha1/******************** 01-12 15:33:19.267 1828 11375 D NetworkMonitor/109: DN: CN=*. example.net 01-12 15:33:19.267 1828 11375 D NetworkMonitor/109: subjectAltNames: [*.example.net] This there a way to do some kind of transparent redirect or am I missing something? Thanks Leon
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
