Captive Portal

• R

  TYPO invalid magic
  • rvandam  

  4
  0
  Votes
  4
  Posts
  11
  Views

  R

  @free4 thank you for the info! I will look if I can find a release date. Perhaps it is worth to wait a bit with the upgrade
• M

  Pfsense syncing user/directory with google g-suite for VPN and WIFI authentication
  • mephisto  

  4
  0
  Votes
  4
  Posts
  417
  Views

  B

  @mephisto Did you eventually figure it out? I'm in the same situation. Appreciated any info you can share. thanks
• W

  Pfsense, No internet when it is said "You are connected".
  • weiphyo  

  151
  1
  Votes
  151
  Posts
  8961
  Views

  

  I'm running : The patch URL : The title == the URL for me. The patched can be cleanly reverted for me, which implies it is applied right now. So it should applied. This patch does not modify the visual part of GUI like adding a button. It will retain the info in the ipfw tables, which represent connected users if you have to edit/save captive portal settings while users are logged in. The issue with 2.4.5-p1 (and some previous version) was that these tables would be emptied, so users would be blocked by ipfw and redirected to the captive portal page. Upon reaching the login page, pfSense find the user already in the "list with connected users" and shows a simple "You are connected" message. Btw : the list with connected users is the list you see in the GUI : It will empty the list with connected users when booting.
• R

  Max-Daily-Session not working
  • Rafael.Silva  

  4
  0
  Votes
  4
  Posts
  24
  Views

  

  edit : see below - bottom - 0.15.7_17 includes this edit. See here https://forum.netgate.com/topic/139132/need-help-on-max-daily-session-attribute?_=1600411248200 pastebin.com (do not post it here) your /usr/local/pkg/freeradius.inc file. Just search sql1 {$varsqlconf2authorize} } and add there : dailycounter monthlycounter noresetcounter expire_on_login just before the line with EOD; Save, stop FreeRadius, start FreeRadius and again, keep in mind settings are thrown away if you upgrade the FreeRadius package. But re editing (if needed) is so easy .... edit : I just upgraded FreeRadius to 0.15.7_17 and this edit (patch) is now included.
• C

  Wifi hotspot while connected to CP
  • chanrio13  

  4
  0
  Votes
  4
  Posts
  16
  Views

  

  If the phone has two wifi NIC's, then yes, it could be possible. One radio NIC would be set up as a AP - and the other one as a classic Wifi client, connected to the CP. I'm not aware such a phone exists. A (portable) PC is often equipped with a Wifi NIC and a wired NIC - and the OS permits to 'share' a connection on 'the other NIC', the PC behaves as a router. Remember : you are connected to your ISP using a router. They can't do nothing to enforce that just one device behind your router can use Internet. So can't you.
• 

  Windows RADIUS Server
  captive portal radius windows server windows radius • • mohkhalifa  

  14
  0
  Votes
  14
  Posts
  219
  Views

  

  @Xavi_IT said in Windows RADIUS Server: After writing the last message, I have successfully configured LDAP authentication server in the same PfSense device that points to the same Windows Server. This way everything works, including OpenVPN clients validation using allowed domain user accounts. Sounds good. Also, you can add custom attributes to control per user bandwidth. it's really amazing integration. ENJOY :)
• 

  Control Users Bandwidth in CP
  • mohkhalifa  

  15
  0
  Votes
  15
  Posts
  268
  Views

  A

  @mohkhalifa oh ok. thanks.
• B

  Attempting to fetch Organizational Units from ldap.google.com failed
  • biggy  

  1
  0
  Votes
  1
  Posts
  9
  Views

  No one has replied

• E

  How does it work in the Background?
  • eterelle  

  11
  0
  Votes
  11
  Posts
  35
  Views

  E

  @free4 I will definetely have a look at that. Thanks for all the help, i really appreciate it!
• A

  Captive Portal CORS problem
  • alexs20  

  2
  0
  Votes
  2
  Posts
  31
  Views

  

  You need to create a custom Auth error page with the appropriate Access-Control-Allow-Origin header, see https://enable-cors.org/server_php.html
• C

  Captive Portal User Usage Track
  • ccmks  

  8
  0
  Votes
  8
  Posts
  224
  Views

  F

  @Ahabash you are already able to do that. Using DNS logs+ captive portal logs, you can check which user accessed which website. If you are looking for the precise URL (and not just domains) : please be aware that most of websites are in HTTPS nowadays (which mean : you can't).
• D

  Automatically Expire Vouchers via script outside of pfsense
  • dragon9981  

  2
  0
  Votes
  2
  Posts
  17
  Views

  F

  @dragon9981 said in Automatically Expire Vouchers via script outside of pfsense: non-used but issued vouchers to be no longer valid. Well that's quite simple : just delete the vouchers roll then create it again?
• A

  Need help on Max Daily Session Attribute
  • AYSMAN  

  7
  0
  Votes
  7
  Posts
  940
  Views

  

  FreeRADIUS SQL backend counter feature: https://redmine.pfsense.org/issues/10871
• C

  Captive portal with two-factor authentication (2FA)
  • Chris00  

  1
  0
  Votes
  1
  Posts
  12
  Views

  No one has replied

• A

  Captive portal one step log in
  • artemmavrych  

  3
  0
  Votes
  3
  Posts
  41
  Views

  

  Hi, FreeRadius is better integrated these days, and can be installed as a pfSense package. You'll be needing a MySQL (MariaDB) SQL server. This one doesn't (should not) run on pfSense. If you're capable of running and maintaining** these these two, you're pretty close to redoing a bit the code used in the project, as html, ccs and PHP. These 3 had their rocket science status removed in the late nineties. The problem with big addons is .... they only work for a couple of months. As soon as pfSense updates, chances are that something breaks. The author should solve the issue as soon as possible. This means he should be using a portal himself. Which means he already knows that an animal called "RGBD" really exist. When you run a captive portal, you should apply this rule " keep it simple ". Not doing so means : Very soon, you will not be doing what you are doing right now. pfSense is a security device, not some nicely coloured gadget. If updates exist, you install them. If the installed code is personalized which this kind of addons, admins tend to stop updating. And that's another way of going out of business with a lot of buzz. ** FreeRadius and MySQL are not "set them and forget them" type of services. Btw : I guess you do understand that the nearly identical question "Can I use the user's Facebook account to login in into my portal ?" vanished. Some English company did woke up a lot of people. And Facebook changes it's API every week or so. edit : almost forgot : this method is still allowed !
• S

  CP with voucher code only
  • soheil.amiri  

  2
  0
  Votes
  2
  Posts
  20
  Views

  S

  hi thanks from Calvin Bui for this post, i found a way to create a login page that show only voucher filed. i change this particular code to : <div class="form-group"> <input name="auth_voucher" type="text" placeholder="Voucher" class="form-control"> </div> <input name="auth_pass" type="text" class="hidden" value="password"> <input name="redirurl" type="hidden" value="captiveportal-success.html"> <input class="btn btn-lg btn-success btn-block" name="accept" type="submit" value="I Agree">
• R

  Session Timeout not working
  • Rafael.Silva  

  3
  0
  Votes
  3
  Posts
  15
  Views

  R

  Hello. Thanks for the feedback. I managed to solve by creating a record in the radcheck table, with the information of Session-Timeout and Idle-Timeout. Only then does pfSense disconnect expired users. Gracias.
• E

  Nginx "404 Not Found" Error after POST action to "$PORTAL_ACTION$"
  captive portal php redirect ngin • • emad  

  2
  0
  Votes
  2
  Posts
  8
  Views

  

  Hi, @emad said in Nginx "404 Not Found" Error after POST action to "$PORTAL_ACTION%2quot;: So, do I miss knowledge with CP behavior or should I modify something? You might as well check (== read and understand what happens when and why etc) this file /usr/local/captiveportal/index.php It's the file that's get 'executed' when a users is redirected that the portal login interface. Read that file carefully - and also check this one : /etc/inc/captiveportal.inc which contains all the functions. For instance, you'll find why/where/when a string like $PORTAL_ACTION$ is replaced by the correct URL before getting send to the client. Throwing $PORTAL_ACTION$ at the client's web browser who throws it back to the captive portal web server will produce 404 errors.
• I

  Radius MAC authentication
  • itworx  

  3
  0
  Votes
  3
  Posts
  18
  Views

  I

  @viktor_g Hi Victor! The webui certificate has < 398 days but the Freeradius certificate is 10 years. I will try setting up a new Freeradius cert with < 398 days lifetime to see if that resolves the issue. Thank you!
• G

  Allowed-hostnames not working.
  • ghassen  

  7
  0
  Votes
  7
  Posts
  19
  Views

  

  @ghassen said in Allowed-hostnames not working.: I have disabled both the DNS Resolver and Forworder if that's what you mean. And then how is client on your captive portal suppose to look up www.google.com then? Do you hand them external dns that you allow through captive portal? @Gertjan stated - working dns is a MUST for captive portal to function. Where does pfsense point for dns? When it finds the ip for www.google.com better hope it matches what the client finds when it does query.. Pointing to different dns can exacerbate problems with mismatch of IPs..
• 

  User can login with different VLAN on Captive Portal.
  • ontzuevanhussen  

  6
  0
  Votes
  6
  Posts
  76
  Views

  

  Ok, I am done. I am using OpenLDAP for Authentication Servers. Now everything work fine. This is my configuration: Now user 'direktur' can login to Captive Portal 'Direksi' but can't login to Captive Portal 'Dokter'.
• I

  One Voucher Per Device
  • ishtiaqaj  

  147
  1
  Votes
  147
  Posts
  3451
  Views

  W

  @Gertjan I have two systems both 2.5-dev version . second system is up to date always. I keep an eyes on all updates and bug fixes (redmine) everyday i am testing both system in different ways. second system i didn't apply any patch and people can reuse voucher on other device so they get disconnected from old Aug 3 13:00:03 logportalauth 38072 Zone: campco - CONCURRENT LOGIN - TERMINATING OLD SESSION: 9478394944, 7c:78:7e:4d:1c:43, 10.10.21.188 Moving soon to FreeRADIUS base solution which has no issue with concurrent logins. I have already done initial testing in production environment.
• H

  Newbie need help to merge pfSense Captive Portal with old Linksys WRT54GL hotspot feature
  • ha11oga11o  

  3
  0
  Votes
  3
  Posts
  18
  Views

  H

  @Gertjan said in Newbie need help to merge pfSense Captive Portal with old Linksys WRT54GL hotspot feature: @ha11oga11o said in Newbie need help to merge pfSense Captive Portal with old Linksys WRT54GL hotspot feature: Also on router i have WiFiDog and Chillispot. But my problem is that i dont know what to use as redirect page to pfSense machine. The "page to redirect" etc does not concern pfSense at all. You'll be using the hotspot's facilities of the AP, there is nothing to be done on pfSense. If you set up the AP on the WAN side of pfSense, the question is even less relevant, as the traffic isn't seen by pfSense. For help about the hotspot's (DDWRT) : see their forum. I don't know what Chillispot is, neither Wifidog. You can also transform your WRT54GL as a simple AP - I'm using several of these Linksys/Cisco routers, with the DDWRT firmware - and activate the portal on pfSense. In that case, I strongly advise you to use a dedicated interface on pfSense (a third interface) for the portal, leaving the LAN for trusted devices - and the OPT1 interface for the non trusted devices, as are portal users by default. I you choose to use pfSense for the portal management, start by looking up the Youtube site on the Internet. Then locate the Netgate channel, and see (several times) the Captive portal and DNS videos. When done, a portal can be set up in less then 10 minutes. Remember : keep it simple at first. Well, you definitely pointed me right way. I do want that pfSense is handling portal and WiFi just to be "radio" device for that. Thank you.
• S

  MS AD
  • soheil.amiri  

  2
  0
  Votes
  2
  Posts
  28
  Views

  

  Dear @soheil-amiri No need to use freeradius in pfSense. Just deploy MS Radius Server and integrate it with pfSense and send your own attributes and that's the best way I'm using.
• C

  CP Issue longer hours of timeout
  • chanrio13  

  4
  0
  Votes
  4
  Posts
  16
  Views

  C

  I have reviewed and its true its timing out on correct hour. however i think it has something to do with timezone since I changed the timezone. captive portal login uses the default timezone and co timeout uses the system timezone. lol
• Y

  captive portal settings not saved
  captive portal save error • • yanqian  

  7
  0
  Votes
  7
  Posts
  26
  Views

  

  Issue created: https://redmine.pfsense.org/issues/10798
• C

  Nature of the voucher database, is it possible to fetch vouchers from rolls
  • coder  

  5
  0
  Votes
  5
  Posts
  24
  Views

  C

  @Gertjan Okey, thanks. I will do that.
• P

  Number of voucher per roll
  • pierrelyon  

  2
  0
  Votes
  2
  Posts
  9
  Views

  

  There might be a 'pfSense' limit, but you will not find it out. Handling a voucher roll with thousands voucher needs a special way to handle used and unused vouchers. Will that be you using a print out and a pencil ? Some excel sheet that you maintain by hand ? When things get messy, it might be easier to remove the roll, ans start using another one. Btw : the bit numbers determine the seed, so there will be a limit for sure.
• W

  DHCP Stop Working when captive Portal is enabled
  • wakasavan  

  3
  0
  Votes
  3
  Posts
  18
  Views

  

  The ipfw firewall rules, put in place when the captive portal is activated, start with some rules letting through DHCP traffic. It's part of the default rule set. When a device is hooked up, can you see DHCP traffic (DHCPDISCOVER) in the pfSense DHCP logs ? If not, NIC is bad, cable is bad, or some switch device between user and pfSense. Btw : you should keep LAN for admin purposes, and use a second interface - OPT1 - for the portal. If remote admining is needed, use OpenVPN @wakasavan said in DHCP Stop Working when captive Portal is enabled: As long as captive portal enabled no Internet at all. That's what a portal should be doing. @wakasavan said in DHCP Stop Working when captive Portal is enabled: I repair the the firewall but there is no issue there What do you man ? You repaired something that wasn't broken ? @wakasavan said in DHCP Stop Working when captive Portal is enabled: Firewall can be accessed via WAN link but from local interfaced it is not working. If a portal is activated on that LAN, then,except for obtaining an IP, nothing should work. Exception : DNS requests ! Check that. But ok, if the device can't get an IP, all will be down. @wakasavan said in DHCP Stop Working when captive Portal is enabled: There was a power outage for a long time The power of pfSense was shut down using the way it should ? Do you use a UPS ? The file system is clean ? ( see very recent Netgate video on Youtube).
• 

  Captive Portal Bug
  • ariel.chiong  

  8
  0
  Votes
  8
  Posts
  188
  Views

  

  That's the one - or actually one of the two solution proposed. It's merged again 2.5.0 so it will haunt the 2.4.5.x series for long time, except if it can get backported.
• I

  Active voucher restore problem
  • ishtiaqaj  

  30
  0
  Votes
  30
  Posts
  235
  Views

  

  https://redmine.pfsense.org/issues/3128
• S

  how connect freeradius to MS AD
  • soheil.amiri  

  32
  0
  Votes
  32
  Posts
  5950
  Views

  M

  @soheil-amiri do you have any news about your issue? I'´m, trying to implmenet a similar scenario. My scenariou include FreeRadius with LDAP background authentication for WAP2-Enterprise authentication. I setted up FreeRadius and background LDAP authentication, i tried authentication form pfsense, and works well. But when i'm trying to authenticate users over WPA2-Enterprise SSID, i have authentication errors. my users file config: DEFAULT Ldap-Group == "cn=account-users,ou=wireless,dc=example,dc=com" Tunnel-Type = VLAN, Tunnel-Medium-Type = IEEE-802, Tunnel-Private-Group-Id = "1010" Errors Logs: jul 3 18:53:55radiusd98680(39) Login incorrect (eap_peap: The users session was previously rejected: returning reject (again.)): [radiuser1] (from client AP_LAB port 0 cli 92-1F-E6-B9-E9-1E) Jul 3 18:53:55radiusd98680(38) Login incorrect: [radiuser1] (from client AP_LAB port 0 cli 92-1F-E6-B9-E9-1E via TLS tunnel) Can you help me?
• M

  Captive portal + Free Radius, Corrupted tracking files after power failure
  • malhabibi  

  8
  0
  Votes
  8
  Posts
  79
  Views

  M

  If your files used-octets-* do not get emptied - but actually get filled with "0" it might be this line : echo 0 > "/var/log/radacct/datacounter/$TIMERANGE/used-octets-$USERNAME" Add a echo "used-octets-$USERNAME was emptied" line to see if this line gets executed. Check the logs to see the log line. used-octets-* are empty, it's not filled with "0" Unfortunately, with the 1st power failure, I got both used-octets-* and backup-*.log empty (all files size is zero) I wish I could catch the root cause.
• G

  Captive Portal + freeRadius 3 + MySQL (PFSense 2.4.3)
  • giovannio  

  9
  0
  Votes
  9
  Posts
  1385
  Views

  

  @curvian said in Captive Portal + freeRadius 3 + MySQL (PFSense 2.4.3): @Gertjan Could you tell me what this screenshot is from? Yes : @Gertjan said in Captive Portal + freeRadius 3 + MySQL (PFSense 2.4.3): (the image is part of the FreeRADIUS => Users => Edit => Users page.) Maybe I should add : pfSense, when added the FreeRadius package
• A

  Allowed Hostnames incorrectly resolving AWS ELB and CDN hostnames with multiple IPs
  • alexs20  

  3
  0
  Votes
  3
  Posts
  47
  Views

  A

  thanks for answer, at least somebody confirmed my suspicions. i know that it is impossible to track all CDN IP addresses, and that sucks because I had very big expectations about pfSense captive portal. Looks like we can not use it for our purpose..
• D

  Redirection issue
  • defender110  

  6
  0
  Votes
  6
  Posts
  149
  Views

  

  No ;) An image : the other Redirection issue - 2 inch lower :
• B

  Captive Portal redirect after 2.4.5 update
  • brcisna  

  6
  0
  Votes
  6
  Posts
  106
  Views

  B

  @jimp Hi Jimp, Thank You for the explanation. All I know is I am glad this is back to working transparently. This is ina production/school setting so very dynamic users as there are as many 'visitors' that were getting 'stuck' at the 'continue' button. You don't realize how many phone calls happen once this isnt working,even with the COVID-19 thing a school is like grand central station even in small town USA. Used to really enjoy figuring this kind of stuff out,,now,, i just like to do some clicks,,and it works. :) Thanks again.
• 

  How To install MySQL on Pfsense 2.4.5-RELEASE-p1
  • ontzuevanhussen  

  21
  0
  Votes
  21
  Posts
  218
  Views

  

  You can't. To have FreeRadius use all the MySQL database tables, you have to modify /usr/local/etc/raddb/sites-enabled/default - and probably other files as well - which means you have to modify pfSense itself. This means thorough FreeRadius knowledge and a good understanding about how pfSense makes the set up files. If that was the case, you wouldn't ask question, you were just doing it.
• K

  Free Hotspot- CP and Filtering Porn, gambling etc
  • kabrutus  

  11
  0
  Votes
  11
  Posts
  2294
  Views

  

  Locking this. Just collecting spam now.
• P

  Voucher creation for Dummies
  • pierrelyon  

  2
  0
  Votes
  2
  Posts
  42
  Views

  

  Hi, @pierrelyon said in Voucher creation for Dummies: As any of you has faced that situation? Yep. Half the planet was working from home last month. These people are now aware that some activities can be done "from everywhere" ;) You could write down the steps you do. Try to enumerate what can go wrong - and what to do. Use your phone for some serious stuff : film yourself doing it. Then : meet up with the candidate that replaces you. Tell him what a voucher code is - and be sure he actually understands it. Show him how to make a voucher roll. Let him always test one of the new vouchers himself before he thinks he's done. Btw : you can prepare also yourself enough vouchers roles for a week, or even longer. Print them out, put a date or number per page and you're good.