@Gertjan said in Captive Portal not working on iOS devices only (DHCP 114):

Anyway, I've edited services.inc :

I assume you are now aware of the fact Kea's Affinity memfile does not survive a reboot and will loose expired leases that still have affinity "protection". Netgate has raised Redmine #15934 to attempt to address this and other lease expiry concerns but so has the Kea development team. See the link in the Redmine.

The Kea development team have scheduled this for possible correction in V 3.0 which is slated for an April 2025 release. There is no certainty that they will include it.

Until Kea supports Affinity surviving a reboot, using Kea with Captive Portal is very risky as a reboot will likely scramble the IP/MAC assignments unless the devices reconnect in the exact same order. We will have to use ISC until then, religiously have idle timeouts less than lease duration (and the frequent re-logins that implies), or incorporate a MAC Captive Portal authorization scheme like that proposed in Redmines 15854 or 15904

This suggests that we are unlikely to have a built in solution for Captive Portal ISC equivalent support under Kea at the next plus release (25.03?) or until Netgate incorporates Kea 3.0 into the pfSense plus and CE releases.

@EDaleH , great info. Thanks for the tips for testing. Good to know about the 2k limit. I don't I will have that problem at my site, but if it were to become a problem, maybe I'll look at the radius protocol and make my own listener that can respond correctly to pfsense.
I have done similar services in the past for flow control on openwrt type devices.

hello, sorry reply an old but interesting post. can i use this solution on premise inside my net without internet access , i meant in a local server with apache or nginx whatever.

@Jozy good luck with that mess.. I asked if you had messed with your outbound nat, I didn't say set it to manual..

Auto is the default - all of this would work with clicky, clicky with pfsense out of the box - the only reason it wouldn't is you messed with the defaults, etc..

Or you not even using pfsense as the gateway.. Which it seems your not.. ugggh..

@jarlel said in FreeRadius: Something reduces the value in octet file (used):

Has anybody seen the same? Is there a workaround? Can 64 bit be supported by doing some modifications?

Also make sure you have Authentication setup correctly. In order to update used-octets, CP must be "re-logged in", i.e. reauthenticated so the data is sent from CP to/from freeRadius.

0c0de4a8-2fa1-4241-9405-5c4aee67af65-image.png

@Gertjan said in Issues After Update from 24.03 to 24.11:

@Cornel

It took me a while, but the issue was hiding in plain sight.

Thx - glad we now fully understand what was happening.

@johnwilliams1 Thanks for info!

@heper

yeah, that's probably the one.
It was solved. I was using 2.7.2 in the post for a while and had no issues what so ever.

@EDaleH said in Feature #15321 shows how to use Option 114 in Kea:

Hopefully the Jan release of Plus .... continue using 24.11 or have the #15321 patch updated.

The patch is an easy one. An extra entry box is added to the GUI, and the info entered is stored (and retried from) in the main pfSEnse config.
The second part is where this info (JSON structure) it is inserted on the right spot when the kea config file is created. Also pretty straight forward.
If 25.0x is any different, then it will be easy to modified it somewhat.

@EDaleH said in Feature #15321 shows how to use Option 114 in Kea:

I would also like to point out .... you want to add any suggestions.

I didn't even considered this as an issue, as I had just a couple of users connected when I was switching.
Switching from ISC to KEA is something that, in theory, only should happen ones . A small reminder 'somewhere' that portal users should be disconnected will do just fine.
Maybe converting the existing leases from from ISC leases file to Kea leases file when switching ? ( Yep, I'm joking ).

Btw : I always thought that an authenticated portal users were 'recognized' by a matching IP + MAC pair. If one of these two changes changes, the device (user) is considered being another device (user) and login has to reoccur.
But nope. The rfc8910 file just checks the IP if it is listed as a authenticated user, and doesn't check the MAC.

I will dig it.

Many thanks!

@carlosi7

Hover the mouse over the Stop button :

1fc11747-ea64-46c2-b13d-3b8481586f5b-image.png

The "Services Status" status dash board widget is a file you can find here : /usr/local/www/widgets/widgets/smart_status.widget.php
This file will bring you straight to /etc/inc/services-utils.inc, where services like the captive portal can be stopped and started.

As cron task can be an executable (so you have to build your own^^) or, most often, look at all the pfSense cron tasks already present, a script file.
Now you know where to find the examples that shows you how to do that.

@chinraam said in Nginx "404 Not Found" Error after POST action to "$PORTAL_ACTION%2quot;:

Can you please guide or let me know how to overcome?

I'm not modifying or editing any of the pfSense PHP files. So I have no issues neither errors.

I can't do "self registration" as I'm not allowed (and not want to, neither maintain) ask for any private info like phone numbers or email addresses.

@FSC830 hello I'm researching about some like this, exist some github repo? it will be nice because the community can contribute
this is grate i will test soon
thanks

@Gertjan said in Does anyone know how to get count of logged users in Captive Portal ?:

php -q /root/captiveportal_count_online_users.php

PERFECT!

Tks,

@Gertjan @JonathanLee
It has been fixed, found the same issue.
https://redmine.pfsense.org/issues/15404

@msalavee said in Ips allowed in Captive Portal pfsense 2.7.2 does not work:

2.6.0

I've been using 2.7.2 for a while and then switched to pfSense Plus, currently 24.03.

Did you saw the last post in the thread I've shown ?

@msalavee

It's always a language issue ;) See your other post.