All right, I found out that radius mode of captive portal was on start/stop instead of Interim. Fixed.

@thanhit89: What would I do? Explain this more clearly : @thanhit89: I'm running 2.3.3-RELEASE version. I build two zones A & B in Captive Portal. In Zone A, I have three interfaces X, Y, X. In interface X, i have three Access Points: AP1, AP2, AP3. Now, I want AP1 & AP2 run in Captive Portal mode but AP3 is not. Upgrade; Explain " three interfaces X, Y, X", I count 2. "AP run in Captive portal mode" ?? Are you aware of the fact that the AP's should run in basic AP mode (no router functions, etc).

Upgrading to 2.4.0.RC solved the problem. Captive portal now recognizing the MAC bypass list.

@khan: Captive Portal Self Registration Using Free radius & Mysql Tested with 2.0.2-RELEASE (i386) built on Fri Dec 7 16:30:14 EST 2012 in vmware 8. Caution : this procedure was perfect for me. Please use at your own risk & make backup. You need few thing to do this php-mysql support in pfsense. Default is disabled. follow this post to do it http://forum.pfsense.org/index.php/topic,47150.0.html your command should be pkg_info -r http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/All/php52-mysql-5.2.13_3.tbz and pkg_add -rfi http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/All/php52-mysql-5.2.13_3.tbz tips: according to his (sash99) post some package dependencies should occur. But I did not found 1. what I did.. in command added package with pkg_add -rfi http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/All/php52-mysql-5.2.13_3.tbz in command /etc/rc.php_ini_setup installed freeradius2 package from system/package rebooted pfsense in command touch /etc/php_dynamodules/php52-mysql rebooted pfsense. Step 2 Config pfsense freeradius according to this doc http://doc.pfsense.org/index.php/FreeRADIUS_2.x_package and for sql  support http://forum.pfsense.org/index.php/topic,43675.msg235475.html#msg235475 add extra table using reg_users.sql.txt file sql command or u can rename this to reg_users.sql and import via phpmyadmin I hav added database file  also. step 3 now rename every file & remove “.txt” from file name ie captiveportal-cp_reg_suc.php.txt to captiveportal-cp_reg_suc.php captiveportal-bootstrap.min.css.txt to captiveportal-bootstrap.min.css and so … now edit captiveportal-cp_reg_suc.php in line 104 insert your sql server ipaddress & password. Upload evry file in captive file manager except cp_portal.php cp_error.php in captive portal main page enable captive portal in Lan check Disable concurrent logins in Authentication section check RADIUS Authentication in ipaddress box –----------- 127.0.0.1 port box ----------- 1812 sharedsecret box -----------your shared secret in Accounting check send RADIUS accounting packets in port ----------- 1813 Accounting updates ----- check strat stop In RADIUS NAS IP attribute select your lan. insert cp_portal.php in “Portal page contents” cp_error.php in “Authentication error page contents”. Save. And you are ready to go. Important 1. you should change php file content according to your need. 2. be aware about adding php-mysql package you may not be lucky as i was. if anything goes wrong follow "sash99" post carefully. 3. in my captive portal page i have some security like a client with a mac address can only register one account. please let me know your experiences. Hi  please provide with explanation and provide any link if you have create any document because i am new learner pfsense .

Hi, What about pfSense => Services => Captive Portal => [zone] => Configuration => Enable Pass-through MAC automatic additions ? It's better to auto purge non-authenticated clients, use at least one (big) time out value - don't leave them empty.

Hi, Look up all posts related to "FreeRadius". It's a package  for pfSEnse and can probably do what you want.

@jalegre: @heper: don't know what you are trying todo, but you can just upload new html 'templates' through the GUI … Hello heper, the problem I have is that, on my pfSense server I've configured almost 10 captive portal zones. So beyond number 8, captive portal service didn't start. After reading nginx config files I saw that 2 of them were listening on the same port, I've tried to change it manually but the server doesn't consider this kind of modifications. This is why I've opened this topic Regards this sounds like a bug. if it is, please report it on redmine.pfsense.org & explain the error & fix

@TheHitchhiker: PfSense WAN(192.168.1.14) connected to Router(192.168.1.1) which has DHCP enabled. So far, everything is fine on this interface. PfSense LAN(192.168.2.254) with DHCP enabled, ….... stop stop. First : check out your LAN network. Hook up a PC. A PC you just received - a brand new one, these always work. It should receive an IP - because dhcp was asking for it. Like a DNS a gateway. If that works, perfect. (but do explain me why not using  192.168.2.1 as an pfSense IP - why 192.168.2.254 ? - you took care off the dhcp pool ) (What about pfsense 192.168.2.1/24 AP = 192.168.2.2 (static) and pool 192.168.2.3-192.168.2.254 ?) Continue : @TheHitchhiker: connected to an AP(192.168.2.10) in bridge mode. …. Perfect. @TheHitchhiker: Now here, when enabling captive portal, I set the clients under the AP to use DNS of LAN interface, …. What ?? Where did that came from ? You shouldn't modify ANY settings on your PC / iDevice / whatever. You should NOT create the situation that you have to setup every device that visits your portal network. @TheHitchhiker: users are redirected to the portal, but then after authenticating, I have no internet access. What are your firewall LAN rules ? Did you modify your captive portal "html" file - uploadd your own ? Did your device (PC) obtained a gateway ? DNS ? What are these ? This https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting covers 99 % off all troubles. @TheHitchhiker: I added allow rules, to let in traffic from/to the internet on LAN interface but no luck. Normally, to begin with,  to have a setup that woks : NO rules on WAN NO NAT NO rules on the "LAN" interface - the global PASS rule ON LAN (== everything that comes INTO LAN interface from your LAN network, passes) which means : The captive portal setup on LAN (although NOT the best setup **) works with a minimal - read : none - if not no setup or changes have been applied on the interfaces ** best will be : Captive portal on separate OPTx interface.

@jimp: If you have a current version of Chrome it should see the cert error, try an HTTP portal test, and then automatically open a new tab with the portal login. At least it does for me. I do have HTTPS portal enabled with a valid cert (LE/ACME) for my hostname set on the portal config, and a host override pointing that hostname to the CP interface address. But last time I tested it, it should work with an invalid/self-signed cert, basically any unexpected HTTPS response, including a timeout, should kick in Chrome's portal detection. Firefox pops up its little portal detection bar with a button to open the portal either way. Good to here all this :D I didn"t even know that our browsers are also "captive portal aware" these days.

Like this : You give away a login + password. The first time the user logs in, the MAC of his device is attached to this "record". Further logins need a match against password AND MAC. I'm pretty sure that (Free)Radius can be teached to do just that. You need to define some policies, rules, settings or whatever they call that when you setup FreeRadius. Btw : MAC's can be spoofed rather easy.

This : @gadgetguy: …  I don't understand how to debug the comm between pfSense and FreeRadius.... is a method I use so I understand what two processes exchange. Like a database server MySQL can be put in some sort of debug mode, and log all the communication it receives, I'm pretty sure FreeRadius has the same mode. If everything works, that all this is not needed. You condemned to checkout your needs and curiosity, and look in the "manual" how to implement it.

Read also : https://forum.pfsense.org/index.php?topic=136951.msg749960#msg749960

Hi ! Google : pfsense vouchers shorter Have a look at the first link.

I have the same issue. I want to make pfsense can be used which1 username able to connect in 2 devices. If I enable Concurrent user logins, it will open to many devices. How to make it only limit for 2 devices with same radius server? Thanks.

You need Radius support. A reply - somewhat - starts here : https://forum.pfsense.org/index.php?topic=108493.0

The app it's only for print the vouchers. You need to create a .csv file in pfsense, then import it to the app.

@stinkfly: … Any other considerations like supported number of users, security etc;  Have others gone through this thought process? Checkout this thread - in the very same forum where you posted : [HOWTO] Captive portal + FreeRADIUS + local MySQL user friendly single step  « 1 2 3 4 5 … 9 » There is no such limit as "supported users" : your bandwidth will be depleted way before user authentication starts to crawl. Captive Portals with thousands of users online have been seen already. Security : well, depends how you set it up ;)

Could be anything, not enough detail. Basically the error message means that it tried to send a RADIUS request but it got nothing back. So it could be pointed at the wrong RADIUS server or port, it could have an incorrect NAS secret set, could be something on the RADIUS server (no entry for the firewall as a NAS, for example)… Check your logs on pfSense and on the RADIUS server, maybe run a packet capture and see what you show for RADIUS requests on port 1812.