Reply
Established Member
Posts: 1,408
Registered: ‎10-01-2014
Kudos: 695
Solutions: 66

Upgrade from to 5.9.29 to 5.10.12 External Captive Portal Broken

[ Edited ]

Paging @UBNT-MikeD 

 

I'm running a captive portal that has been working perfectly for the last 2 months with 5.9.29. I use the UniFi API to pass the required parameters to the UniFi Controller (running on Ubuntu 16.04) to authenticate and register the guest device to use the Guest Network.

 

Here's what a normal apache2 log looked like prior to the upgrade:

XXX.XXX.XXX.218 - - [08/Feb/2019:09:36:32 -0800] "GET /guest/s/f1u3q2kq/?ap=xx:xx:xx:xx:xx:xx&id=xx:xx:xx:xx:xx:xx&t=1549647392&url=http://connectivitycheck.gstatic.com%2fgenerate_204&ssid=Guest+Hotspot+Open HTTP/1.1" 200 6641 "-" "Mozilla/5.0 (Linux; Android 9; Pixel 3 Build/PQ2A.190205.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.99 Mobile Safari/537.36"

After the upgrade, the "id", "hotspot" and "t" parameters are missing and instead there is an "ec" parameter with a crypto key:

XXX.XXX.XXX.218 - - [09/Feb/2019:09:23:33 -0800] "GET /guest/s/f1u3q2kq/?ap=xx:xx:xx:xx:xx:xx&ec=u2NVnnX1L9B9BvrKaoq3H7A8ERecZ3Xx8HwTQMBNVym-hYhLJL_jChuUo7iv0WCWp4R2M__0CoJyZUz2z3PC1REFOnftxfLrGW5_itOcgiMpboZRM6T1mL8vgPzepvB2hj9SVJyw7b0reUk1IduaWzsQEYh55hr6igNRnCMne8c HTTP/1.1" 400 1783 "-" "Mozilla/5.0 (Linux; Android 9; Pixel 3 Build/PQ1A.190105.004; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/72.0.3626.96 Mobile Safari/537.36"

This has broken my external captive portal.

 

I checked the latest unifi_sh_api.sh to see if there are any changes, but there don't seem to be any.

 

Thoughts?

Please help the community find useful posts and solutions by using the "Kudos" and "Accept as Solution" buttons!
Emerging Member
Posts: 95
Registered: ‎08-15-2016
Kudos: 21
Solutions: 1

Re: Upgrade from to 5.9.29 to 5.10.12 External Captive Portal Broken

Hi @britannic 

 

We are running an external portal for many clients and haven't noticed anything unusual happening since the upgrade to 5.10.12

 

That being said I haven't looked at the logs in detail, but as far as we can see all is working as expected

Email Capture and Marketing for UniFi Networks - MyPlace Connect
Established Member
Posts: 1,408
Registered: ‎10-01-2014
Kudos: 695
Solutions: 66

Re: Upgrade from to 5.9.29 to 5.10.12 External Captive Portal Broken

@jamesmpc this is only affecting 2 of my sites in the same controller, a 3rd site is behaving normally. I'm at a loss, since new guests using those 2 sites can't connect, only existing users (who haven't hit their timeout yet). I need to find out what is sending the "ec" parameter to the device's WiFi capture portal, before it sends it to my captive portal.

Please help the community find useful posts and solutions by using the "Kudos" and "Accept as Solution" buttons!
Established Member
Posts: 1,408
Registered: ‎10-01-2014
Kudos: 695
Solutions: 66

Re: Upgrade from to 5.9.29 to 5.10.12 External Captive Portal Broken

I had to downgrade to 5.9.29. Sadly, I now have a ton of INFORM_ERRORs with Server Rejected in most sites, so some work to fix that. At least now my captive portal is working again in 5.9.29.

Please help the community find useful posts and solutions by using the "Kudos" and "Accept as Solution" buttons!
New Member
Posts: 2
Registered: ‎09-08-2016
Kudos: 1

Re: Upgrade from to 5.9.29 to 5.10.12 External Captive Portal Broken

I had the same issue when upgrading from V5.9.29 to the V5.10.12.

 

My setup is:

USG-PRO V4.4.36.5146617

US-24 V4.4.36.5146617

AP-AC-PRO V4.0.21.9965

 

I was able to downgrade the AP firmware from V4.0.21.9965 to V4.0.15.9872 and the guest portal would work as expected.

 

I looked into the logs on the AP when connecting to the guest network i would get this error:

user.err : libubnt.get_ieee80211req_sta_info(): IOCTL_STA_INFO2 failed: No such file or directory

Established Member
Posts: 1,408
Registered: ‎10-01-2014
Kudos: 695
Solutions: 66

Re: Upgrade from to 5.9.29 to 5.10.12 External Captive Portal Broken

[ Edited ]

@RimTech , thanks for highlighting the firmware versions. This explains why only 2 of my sites with newer APs and latest firmware had the issues. 

Please help the community find useful posts and solutions by using the "Kudos" and "Accept as Solution" buttons!
Veteran Member
Posts: 4,828
Registered: ‎06-13-2015
Kudos: 1309
Solutions: 228

Re: Upgrade from to 5.9.29 to 5.10.12 External Captive Portal Broken


@britannic wrote:

@RimTech , thanks for highlighting the firmware versions. This explains why only 2 of my sites with newer APs and latest firmware had the issues. 


@britannic Which redirect method are you using for the external portal? If you are using the built-in method it will help to see what your Guest Control settings look like.

 

BTW, with the builtin redirect method it is the APs (or USG for wired guests) that generate the redirect URL.

Art of WiFi
Check out our UniFi API browser tool on GitHub. The PHP API client which it uses, can be found here on GitHub.
The thread on our UniFi Device Search tool can be found here, also check out our Captive Portal solutions for UniFi.
Established Member
Posts: 1,408
Registered: ‎10-01-2014
Kudos: 695
Solutions: 66

Re: Upgrade from to 5.9.29 to 5.10.12 External Captive Portal Broken

@slooffmaster, in the controller settings, I set:

 

  • A guest VLAN
  • An open WiFi with "Apply guest policies (captive portal, guest authentication, access)" checked
  • In Guest Control, the "External portal server" radio button is selected
    • "IPv4 Address" is checked
    • "Use Secure Portal" is checked
    • "Redirect using hostname" is checked
    • "Enable HTTPS Redirection" is checked
Please help the community find useful posts and solutions by using the "Kudos" and "Accept as Solution" buttons!
Veteran Member
Posts: 4,828
Registered: ‎06-13-2015
Kudos: 1309
Solutions: 228

Re: Upgrade from to 5.9.29 to 5.10.12 External Captive Portal Broken


@britannic wrote:

@slooffmaster, in the controller settings, I set:

 

  • A guest VLAN
  • An open WiFi with "Apply guest policies (captive portal, guest authentication, access)" checked
  • In Guest Control, the "External portal server" radio button is selected
    • "IPv4 Address" is checked
    • "Use Secure Portal" is checked
    • "Redirect using hostname" is checked
    • "Enable HTTPS Redirection" is checked

Sounds fine although a screenshot would be better. No clue what is causing your issues based on this info...

Art of WiFi
Check out our UniFi API browser tool on GitHub. The PHP API client which it uses, can be found here on GitHub.
The thread on our UniFi Device Search tool can be found here, also check out our Captive Portal solutions for UniFi.
Established Member
Posts: 1,408
Registered: ‎10-01-2014
Kudos: 695
Solutions: 66

Re: Upgrade from to 5.9.29 to 5.10.12 External Captive Portal Broken


@slooffmaster wrote:

@britannic wrote:

@RimTech , thanks for highlighting the firmware versions. This explains why only 2 of my sites with newer APs and latest firmware had the issues. 


@britannic Which redirect method are you using for the external portal? If you are using the built-in method it will help to see what your Guest Control settings look like.

 

BTW, with the builtin redirect method it is the APs (or USG for wired guests) that generate the redirect URL.


@slooffmaster , thanks for the helpful info on where the redirect is coming from, when the Guest Control external portal is configured.

 

So I can avoid the problem by not having the APs generate the redirect URL, presumably by hacking the UniFi Controller's own captive portal by adding a redirect to the header, like this gist?

 

Or is there a better way, that makes controller upgrades cleaner?

 

Please help the community find useful posts and solutions by using the "Kudos" and "Accept as Solution" buttons!
Highlighted
Veteran Member
Posts: 4,828
Registered: ‎06-13-2015
Kudos: 1309
Solutions: 228

Re: Upgrade from to 5.9.29 to 5.10.12 External Captive Portal Broken

@britannic Yes that gist is from my Github account; we use that method of redirection as a fallback where:

  • the built-in redirect method can't be used (somehow you cannot work with the prescribed URL structure or if you have multiple sites with the same "short name", often this is default)
  • the built-in redirect method doesn't work for some reason (in the past certain firmware version had similar issues)

I have yet to discover another native redirection method for the UniFI platform.

Art of WiFi
Check out our UniFi API browser tool on GitHub. The PHP API client which it uses, can be found here on GitHub.
The thread on our UniFi Device Search tool can be found here, also check out our Captive Portal solutions for UniFi.
New Member
Posts: 2
Registered: ‎09-08-2016
Kudos: 1

Re: Upgrade from to 5.9.29 to 5.10.12 External Captive Portal Broken

I ran the upgrade to controller V5.10.17 and upgraded my AP's to the latest beta firmware (4.0.24.10010) and it appeard to be working as expected.

Veteran Member
Posts: 4,828
Registered: ‎06-13-2015
Kudos: 1309
Solutions: 228

Re: Upgrade from to 5.9.29 to 5.10.12 External Captive Portal Broken


@RimTech wrote:

I ran the upgrade to controller V5.10.17 and upgraded my AP's to the latest beta firmware (4.0.24.10010) and it appeard to be working as expected.


5.10.17 contains an important fix for the guest portal redirect. Anyone reading this and who is using 5.10.12 should read the release notes for 5.10.17 here:

https://community.ubnt.com/t5/UniFi-Updates-Blog/UniFi-Network-Controller-5-10-17-Stable-has-been-re...

 

Especially the reference to this issue that was fixed:

  • Fix external guest portal cookies
Art of WiFi
Check out our UniFi API browser tool on GitHub. The PHP API client which it uses, can be found here on GitHub.
The thread on our UniFi Device Search tool can be found here, also check out our Captive Portal solutions for UniFi.
Reply