Cannot access the captive portal in FreeBSD 12-CURRENT

Question

Problem

I'm trying to connect to an open WiFi with a machine running FreeBSD 12-CURRENT.

Normally, I run wifi-start.sh (see below) whenever I want to connect to the Internet. It works with WPA networks but I'm having a lot of problems with open networks. The dhclient is able to connect to the open network is set in /etc/wpa_supplicant.conf and it receives an IP address by DHCP. Later however, I'm unable to reach the captive portal to log in.

Sometimes it is sufficient to open http://neverssl.com in a browser but it does not always work.

Setup

• /boot/loader.conf:

  if_iwm_load="YES"
  iwm3160fw_load="YES"
  

• /etc/rc.conf

  local_unbound_enable="YES"
  

• /etc/resolvconf.conf

  # This file was generated by local-unbound-setup.
  # Modifications will be overwritten.
  resolv_conf="/dev/null" # prevent updating /etc/resolv.conf
  unbound_conf="/var/unbound/forward.conf"
  unbound_pid="/var/run/local_unbound.pid"
  unbound_service="local_unbound"
  unbound_restart="service local_unbound reload"
  

• /etc/wpa_supplicant.conf:

  ctrl_interface=/var/run/wpa_supplicant
  ctrl_interface_group=wheel
  network={
  ssid="Open Network"
  key_mgmt=NONE
  }
  

• wifi-start.sh:

  wlandev="${wlandev:-${1:-wlan0}}"
  device="${device:-${2:-iwm0}}"
  
  if ! ifconfig "$wlandev" 1>&2 2>/dev/null; then
      sudo ifconfig "$wlandev" create wlandev "$device"
  else
      sudo service netif restart
  fi
  
  sudo ifconfig "$wlandev" up
  sudo wpa_supplicant -B -i "$wlandev" -c /etc/wpa_supplicant.conf
  sudo dhclient "$wlandev"
  

  Script I use to configure the device and connect to the network

---

Details

1. The set up is hassle-free on Ubuntu and macOS so:

   1. it is most probably not the router's problem,
   2. it should be possible to configure FreeBSD correctly.

2. The Wi-Fi device is Intel Corporation Dual Band Wireless-AC 3160, so I'm using the iwm(4) driver.

3. Errors in xconsole

   Here's an error I got in the console after running wifi-start.sh -- dhclient gave up then. The second time I ran the script dhclient got an address successfully and there were no errors in xconsole.

   It might not be related to this problem, however.

   Ethernet address: 34:e6:ad:16:bf:66
   iwm_auth: failed to set multicast
   iwm_newstate: could not move to auth state: 35
   dumping device error log
   Start Error Log Dump:
   Status: 0x3, count: 6
   0x0000090A | ADVANCED_SYSASSERT
   080000B0 | trm_hw_status0
   00000000 | trm_hw_status1
   00000B30 | branchlink2
   000148E0 | interruptlink1
   00000000 | interruptlink2
   DEADBEEF | data1
   DEADBEEF | data2
   DEADBEEF | data3
   001CA815 | beacon time
   002362E3 | tsf low
   00000000 | tsf hi
   00000000 | time gp1
   002362E4 | time gp2
   00000000 | uCode revision type
   00000011 | uCode version major
   000561E2 | uCode version minor
   00000164 | hw version
   00809004 | board version
   0000001C | hcmd
   00022002 | isr0
   00000000 | isr1
   00000002 | isr2
   00417C81 | isr3
   00000000 | isr4
   00004110 | last cmd Id
   00000000 | wait_event
   00000080 | l2p_control
   00450020 | l2p_duration
   0000003F | l2p_mhvalid
   00000000 | l2p_addr_match
   00000007 | lmpm_pmg_sel
   15061432 | timestamp
   00003038 | flow_handler
   driver status:
     tx ring  0: qid=0  cur=1   queued=1
     tx ring  1: qid=1  cur=0   queued=0
     tx ring  2: qid=2  cur=0   queued=0
     tx ring  3: qid=3  cur=0   queued=0
     tx ring  4: qid=4  cur=0   queued=0
     tx ring  5: qid=5  cur=0   queued=0
     tx ring  6: qid=6  cur=0   queued=0
     tx ring  7: qid=7  cur=0   queued=0
     tx ring  8: qid=8  cur=0   queued=0
     tx ring  9: qid=9  cur=33  queued=1
     tx ring 10: qid=10 cur=0   queued=0
     tx ring 11: qid=11 cur=0   queued=0
     tx ring 12: qid=12 cur=0   queued=0
     tx ring 13: qid=13 cur=0   queued=0
     tx ring 14: qid=14 cur=0   queued=0
     tx ring 15: qid=15 cur=0   queued=0
     tx ring 16: qid=16 cur=0   queued=0
     tx ring 17: qid=17 cur=0   queued=0
     tx ring 18: qid=18 cur=0   queued=0
     tx ring 19: qid=19 cur=0   queued=0
     tx ring 20: qid=20 cur=0   queued=0
     tx ring 21: qid=21 cur=0   queued=0
     tx ring 22: qid=22 cur=0   queued=0
     tx ring 23: qid=23 cur=0   queued=0
     tx ring 24: qid=24 cur=0   iwm_newstate: Failed to remove station: 35
   iwm_mvm_mac_ctxt_changed: called; uploaded = 0
   iwm_newstate: Failed to change mac context: 5
   iwm_newstate: Failed to remove channel ctx: 22
   iwm_newstate: failed to update power management
   

4. ifconfig -v wlan0

   Here's the result of ifconfig -v wlan0:

   wlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
           ether 34:e6:ad:16:bf:66
           hwaddr 34:e6:ad:16:bf:66
           inet6 fe80::36e6:adff:fe16:bf66%wlan0 prefixlen 64 tentative scopeid 0x2
           inet 10.1.2.41 netmask 0xffffff00 broadcast 10.1.2.255
           nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
           media: IEEE 802.11 Wireless Ethernet OFDM/54Mbps mode 11g
           status: associated
           ssid "Open Network" channel 11 (2462 MHz 11g) bssid 4e:5e:0c:eb:8e:ad
           regdomain FCC country US anywhere -ecm authmode OPEN -wps -tsn
           privacy OFF deftxkey UNDEF powersavemode OFF powersavesleep 100
           txpower 30 txpowmax 50.0 -dotd rtsthreshold 2346 fragthreshold 2346
           bmiss 10
           11a     ucast NONE    mgmt  6 Mb/s mcast  6 Mb/s maxretry 6
           11b     ucast NONE    mgmt  1 Mb/s mcast  1 Mb/s maxretry 6
           11g     ucast NONE    mgmt  1 Mb/s mcast  1 Mb/s maxretry 6
           turboA  ucast NONE    mgmt  6 Mb/s mcast  6 Mb/s maxretry 6
           turboG  ucast NONE    mgmt  1 Mb/s mcast  1 Mb/s maxretry 6
           sturbo  ucast NONE    mgmt  6 Mb/s mcast  6 Mb/s maxretry 6
           11na    ucast NONE    mgmt 12 MCS  mcast 12 MCS  maxretry 6
           11ng    ucast NONE    mgmt  2 MCS  mcast  2 MCS  maxretry 6
           half    ucast NONE    mgmt  3 Mb/s mcast  3 Mb/s maxretry 6
           quarter ucast NONE    mgmt  1 Mb/s mcast  1 Mb/s maxretry 6
           11acg   ucast NONE    mgmt  1 Mb/s mcast  1 Mb/s maxretry 6
           11ac    ucast NONE    mgmt  6 Mb/s mcast  6 Mb/s maxretry 6
           scanvalid 60 -bgscan bgscanintvl 300 bgscanidle 250
           roam:11a     rssi    7dBm rate 12 Mb/s
           roam:11b     rssi    7dBm rate  1 Mb/s
           roam:11g     rssi    7dBm rate  5 Mb/s
           roam:turboA  rssi    7dBm rate 12 Mb/s
           roam:turboG  rssi    7dBm rate 12 Mb/s
           roam:sturbo  rssi    7dBm rate 12 Mb/s
           roam:11na    rssi    7dBm  MCS  1
           roam:11ng    rssi    7dBm  MCS  1
           roam:half    rssi    7dBm rate  6 Mb/s
           roam:quarter rssi    7dBm rate  3 Mb/s
           roam:11acg   rssi    7dBm rate 64 Mb/s
           roam:11ac    rssi    7dBm rate 64 Mb/s
           -pureg protmode CTS -ht -htcompat -ampdu ampdulimit 64k
           ampdudensity NA -amsdu -shortgi htprotmode RTSCTS -puren -smps -rifs
           -stbc -ldpc -vht -vht40 -vht80 -vht80p80 -vht160 wme -burst -dwds
           roaming MANUAL bintval 100
           AC_BE cwmin  4 cwmax 10 aifs  3 txopLimit   0 -acm ack
                 cwmin  4 cwmax 10 aifs  3 txopLimit   0 -acm
           AC_BK cwmin  4 cwmax 10 aifs  7 txopLimit   0 -acm ack
                 cwmin  4 cwmax 10 aifs  7 txopLimit   0 -acm
           AC_VI cwmin  3 cwmax  4 aifs  2 txopLimit  94 -acm ack
                 cwmin  3 cwmax  4 aifs  2 txopLimit  94 -acm
           AC_VO cwmin  2 cwmax  3 aifs  2 txopLimit  47 -acm ack
                 cwmin  2 cwmax  3 aifs  2 txopLimit  47 -acm
           groups: wlan
   

5. http://neverssl.com XML

   Also, I received an interesting XML response from http://neverssl.com when I did the following steps:

   • Connect to the Open Network (dhclient received an address successfully).
   • Try to open http://neverssl.com. It just hanged trying to load.
   • Reconnect to other Wi-Fi which actually works.
   • Look at the http://neverssl.com tab and see the following:

   This XML file does not appear to have any style information associated with it. The document tree is shown below.

    -<Error>
       <Code>AccessDenied</Code>
       <Message>Access Denied</Message>
       <RequestId>3FD41663CABFE8CD</RequestId>
      -<HostId>
         dsczv0lxKSFmBneOVS5nm5Ru5D3Br1bCRCqqj25WZVb1BzKI9McRR+djm9IrmgXHVIk/mdUCvfM=
       </HostId>
     </Error>
   

6. Tweaking /etc/resolv.conf

   It was suggested to me that I should set /etc/resolv.conf and then run resolvconf -i and resolvconf -l. Here are the results:

   • Inside /var/db/dhclient.leases.wlan0:

     lease {
       interface "wlan0";
       fixed-address 10.1.236.56;
       next-server 10.1.236.1;
       option subnet-mask 255.255.255.255;
       option routers 10.1.236.1;
       option domain-name-servers 10.1.236.1,194.204.159.1;
       option dhcp-lease-time 900;
       option dhcp-message-type 5;
       option dhcp-server-identifier 10.1.236.1;
       renew 5 2017/7/7 16:10:15;
       rebind 5 2017/7/7 16:15:49;
       expire 5 2017/7/7 16:17:45;
     }
     

   • Output of dhclient wlan0:

     wlan0: no link .... got link
     DHCPREQUEST on wlan0 to 255.255.255.255 port 67
     DHCPACK from 10.1.236.1
     bound to 10.1.236.56 -- renewal in 450 seconds.
     

   • Adding nameserver 10.1.236.1 to /etc/resolv.conf doesn't seem to change anything.

   • Output of resolvconf -i:

     wlan0
     

   • Output of resolvconf -l:

     # resolv.conf from wlan0
     nameserver 10.1.236.1
     nameserver 194.204.159.1
     

   • At no point I was able to open http://neverssl.com or http://gooogle.pl. I wasn't able to get redirected to the captive portal as well.

   • Result of ifconfig -v wlan0:

     wlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
         ether 34:e6:ad:16:bf:66
         hwaddr 34:e6:ad:16:bf:66
         inet6 fe80::36e6:adff:fe16:bf66%wlan0 prefixlen 64 tentative scopeid 0x2
         inet 10.1.236.56 netmask 0xffffffff broadcast 10.1.236.56
         nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
         media: IEEE 802.11 Wireless Ethernet OFDM/36Mbps mode 11g
         status: associated
         ssid "Open Hotspot" channel 6 (2437 MHz 11g) bssid 9c:1c:12:0b:10:73
         regdomain FCC country US anywhere -ecm authmode OPEN -wps -tsn
         privacy OFF deftxkey UNDEF powersavemode OFF powersavesleep 100
         txpower 30 txpowmax 50.0 -dotd rtsthreshold 2346 fragthreshold 2346
         bmiss 10
         11a     ucast NONE    mgmt  6 Mb/s mcast  6 Mb/s maxretry 6
         11b     ucast NONE    mgmt  1 Mb/s mcast  1 Mb/s maxretry 6
         11g     ucast NONE    mgmt  1 Mb/s mcast  1 Mb/s maxretry 6
         turboA  ucast NONE    mgmt  6 Mb/s mcast  6 Mb/s maxretry 6
         turboG  ucast NONE    mgmt  1 Mb/s mcast  1 Mb/s maxretry 6
         sturbo  ucast NONE    mgmt  6 Mb/s mcast  6 Mb/s maxretry 6
         11na    ucast NONE    mgmt 12 MCS  mcast 12 MCS  maxretry 6
         11ng    ucast NONE    mgmt  2 MCS  mcast  2 MCS  maxretry 6
         half    ucast NONE    mgmt  3 Mb/s mcast  3 Mb/s maxretry 6
         quarter ucast NONE    mgmt  1 Mb/s mcast  1 Mb/s maxretry 6
         11acg   ucast NONE    mgmt  1 Mb/s mcast  1 Mb/s maxretry 6
         11ac    ucast NONE    mgmt  6 Mb/s mcast  6 Mb/s maxretry 6
         scanvalid 60 -bgscan bgscanintvl 300 bgscanidle 250
         roam:11a     rssi    7dBm rate 12 Mb/s
         roam:11b     rssi    7dBm rate  1 Mb/s
         roam:11g     rssi    7dBm rate  5 Mb/s
         roam:turboA  rssi    7dBm rate 12 Mb/s
         roam:turboG  rssi    7dBm rate 12 Mb/s
         roam:sturbo  rssi    7dBm rate 12 Mb/s
         roam:11na    rssi    7dBm  MCS  1
         roam:11ng    rssi    7dBm  MCS  1
         roam:half    rssi    7dBm rate  6 Mb/s
         roam:quarter rssi    7dBm rate  3 Mb/s
         roam:11acg   rssi    7dBm rate 64 Mb/s
         roam:11ac    rssi    7dBm rate 64 Mb/s
         -pureg protmode CTS -ht -htcompat -ampdu ampdulimit 8k
         ampdudensity NA -amsdu -shortgi htprotmode RTSCTS -puren -smps -rifs
         -stbc -ldpc -vht -vht40 -vht80 -vht80p80 -vht160 wme -burst -dwds
         roaming MANUAL bintval 100
         AC_BE cwmin  4 cwmax 10 aifs  3 txopLimit   0 -acm ack
               cwmin  4 cwmax 10 aifs  3 txopLimit   0 -acm
         AC_BK cwmin  4 cwmax 10 aifs  7 txopLimit   0 -acm ack
               cwmin  4 cwmax 10 aifs  7 txopLimit   0 -acm
         AC_VI cwmin  3 cwmax  4 aifs  2 txopLimit  94 -acm ack
               cwmin  3 cwmax  4 aifs  2 txopLimit  94 -acm
         AC_VO cwmin  2 cwmax  3 aifs  2 txopLimit  47 -acm ack
               cwmin  2 cwmax  3 aifs  2 txopLimit  47 -acm
         groups: wlan
     

     • Also echo nameserver 10.1.236.1 | resolvconf -a wlan0 returns:

       cp: /dev/null.bak: Operation not supported
       

---

References & notes

• /var/db/dhclient.leases.wlan* files might store interesting information.
• /etc/resolv.conf is empty.

Answer 1

Try opening any site in FireFox after your wifi connection is established. It will open the captive portal; Firefox understands the protocols involved and will present you the authentication page.

From there on, after you correctly authenticate, you will have access to the services behind the captive portal as usual.

You must be using the DNS servers given by DHCP and not 8.8.8.8 for instance.

It works for me with FON captive portals.

Answer 2

Explanation

The problem was with the configuration of /etc/resolvconf.conf automatically generated during installation.

It turns out that because of setting local_unbound_enable="YES", FreeBSD added

resolv_conf="/dev/null" # prevent updating /etc/resolv.conf

to /etc/resolvconf.conf, which prevented the modification of /etc/resolv.conf. As a result my system seems to always send DNS queries to one of the roots instead of the DNS server provided by the hot spot.

Solution

1. Remove resolv_conf="/dev/null" from /etc/resolvconf.conf.

   The system automatically falls back to /etc/resolv.conf then.

2. Remove local_unbound_enable="YES" from /etc/rc.conf.

3. (Optionally,) run service local_unbound stop.