@watabigeye:

@Gertjan:

@watabigeye:

..
Hi, How to put this in the CP?

By default, this https://github.com/pfsense/pfsense/blob/master/src/etc/inc/captiveportal.inc#L294 IS present in the default 'login page'.

If you build your own login page, reuse the code  ;)

You mean, I will copy and paste the whole code and upload it in the captive portal login page?

You don't need to upload the 'html page' that is already there.

Only if you decide to make your own login page (html, some PHP, some Javascripts, whatever) THEN you should make one, and upload it.
If it doesn't work, make it work (or go back to the default page).

Btw : You can never ever force a browser to show a popup page - most users have this disabled, and YOU can NOT control THEIR browser.
You could try to explain to your visitors that they should accept popups when using YOUR portal page - but guess what ? :
-> People don't read
-> If they read, then they don't know how to make an exception for your portal page …
-> So yes, they can't logout. (pfSEnse will end the session after a idle timeout or the HARD time out for sure).

A simple solution might be (if you need them to disconnect because your are selling the access for big bucks) :
Set the idle time very low (a couple of minutes).
Explain people that they should deactivate their wifi (just de wifi access - most devices have a slider or a button for that) a couple of minutes, then pfSense well ditch their session (connection). Most people can handle that.
If not, well, THEY will consume some more time ...... (so they loose some more money ..... and NOW you have their attention ! )

@beamen:

Setting up a CP with pfSense but the stock login is pretty horrible and I have no need for username and password.

Anyone have a basic login page for voucher only?

Just edit the default html login code, keep only the voucher related input.
Upload your 'own' html file - test and done ;)

@Gertjan:

What about saving your config first, and then you empty that list.
Reboot.
Check if this related to the boot time.
Then re - import config.

That's an idea, yes.  But I'd like to avoid doing that.  I'm moreso just curious what it's doing during this time, if it's normal, and if a newer version of pfSense still takes as long to start Captive Portal.

@ishtiaqaj:

now some client complain with some AP's they require to login again but with some AP's they don't need to login, although i have enable the enable pass through MAC in setting.

To many 'some' here.
Remember :We don't know anything about your setup.
First determine :
Who are these clients : voucher / device used / etc.
And which AP's work well, which don't.

It's seen often that an AP is in router mode ….. then exactly what you described happens ... but : this is only one possible erroneous situation, other can exist.

Hi, I'm also a newbie here.
I already set my captive portal page and it works in a view only. but the problem is I want the page will pop up automatically.

thanks

Well, have you checked the source in your navigator ?
Btw, what does firebug / inspect element say ?

Also, you might check with a .php extension instead of html.

At last, maybe add at least the minimum required CP code, for testing purposes.

Good luck.

If you insert another device you are going to have another point of failure.

I have no idea what to recommend since you haven't really given many details.

I see no reason not to have pfSense behind the cisco if you need its portal capabilities. Use the DHCP server on pfSense or the DHCP relay to forward DHCP to the Cisco.

I also see no reason not to replace the Cisco with pfSense unless it's terminating T1s or something.

Only you know the requirements of your network unless you provide the details of what you are trying to do.

Can you send the configs you made to make this setup work? I've been figuring this setup for weeks now.

Session Time Out, allow the user navigate the time in seconds you entered. For example: a value of 300 would be just 5 minutes after that el CP disconnect the user, with a Session Timeout entry log.

Of Course the same user can continue surfing the web, if you configure  the option below (Amount of time). For Example : 60 minutes.
So, the user will be hard out disconnected every 5 minutes until he reached the total 60, thats means about 12 times.

Greetings!

Thanks everyone. I finally got this to work. I had to make one modification. I had to change "After authentication Redirection URL" from 192.168.100.1/captiveportal-PC.html to 192.168.100.1:8002/captiveportal-PC.html.The URL for the main captive portal page contains the port 8002 and the second page never would come up until I added the port to it. Hope this helps anyone who might run into this issue.

It works!! Somewhat. I get disconnected after 30 minutes and cannot get internet without authenticating with an username and password for another hour which is good. But I have another problem. When pass-through-credits for a user is 1 and I connect to the captive portal network, I get a notification about logging in (usual). But when I tap that, I get no landing page to accept the terms and service and directly get redirected to connectivitycheck.gstatic.com (or something lke that) and I get internet access. I want my guests to accept to my terms first and after that get internet access. Is that possible with this method? Thanks

@jpsolis:

Can i set a separate portal on this setup or 192.168.1.1 have portal and 192.168.2.1 don't have portal. this can be possible?

Of course.

You have at least 3 interfaces :
WAN
LAN
OPT1

On the last two, you can activate a CP.
You have to do so for each interface (LAN and OPT1) - just go to  Services => Captive Portal and click on the green "Add" button.

I belive it's not IP range issue because the DHCP range contain more that 200 IP to use and I adjusted the lease time to 1 hour.

What are your LAN firewall rules ?
I didn't configure any firewall rules on em0 (LAN), only the default rules (Anti-Lockout Rule & Default allow LAN to any rule).

What did you removed from default after you installed pfSense ?
Nothing!

can you use the Captive Portal "as it should be used" : on a dedicated, NOT LAN, but OPTx interface ?
is it mandatory to add OPTx interface for Captive Portal ?

-pfSEnse runs in a VM ? (and guess what, when it is NOT running in a VM, but running in its own box, the errors disappear ;) ?)
Not VM, I installed pfSense directly on PC.

Finlay, after along time search in google I found that may be the problem occurred because of network memory buffer, so I am tried to increase the buffer size by adding some buffer tuning settings in "System Tunables" and "loader.conf.local"  , it helps some how as the error didn't occurred again but I got some delay on network.

I don't know it's solved permanently or it will occurred again but for 2 days now it's not occurred. before the tuning settings it was occurred one or two times every day

Vouchers are the key to the (your) access to Internet.
If someone looses his key, well, this should be his problem, not yours.

The "use only ones to gain access" has an nasty side affect.
Let say : you hand out vouchers that last 24 hours.
The guy logs in, all is well.
Then, he goes of site, his IP in the lease table will get removed eventually.
Another guy logs in with his voucher, and obtains the IP the first guy was using.
Our first guy comes in, and want to connect.
Ok, the MAC address is (could be) known, but he will be using another IP => he will NOT having access anymore.

A captive portal session is based on : the IP and the MAC address. If the voucher code come in again, and their is still time left, old sessions are removed, as you saw, and a new one is created.

Inform your voucher user that he should consider this voucher as a 100 $ paper, a credit card or his house keys. That will do the job.
If he calls in and say "I lost it !!" and you have a copy of the voucher code, you can declare it "used". Then you yell at him - sell him a new voucher, or keep him out because he proved he couldn't take care of his stuff (or whatever ;))

The same way : what you are asking for, is that a voucher user can only use his voucher for ONE device - but many users have also a smartphone, an iPad, notepad, whatever. Using a voucher on ONE device will lock the usage to that device, as long as he keeps the same IP (that pfSense gave him).

Your question concerns a household-with-kids situation, right ? In this case I can imagine why you asked.

Btw : I do think it's possible what you are asking. You will have to change the code (PHP) somewhat.

The way captive portal works in many cases it has to reauthenticate users to make sure their login is still valid. For example, to enforce time or data limits. If you limit a user to one login, this reauthentication fails since they are currently online when the reauth happens. So for one user to connect from one device the limit has to be at least 2.

So to allow them to login twice, it would have to be set for 4+.

Kind of ugly, though. Using multiple logins so they have one unique login per device is cleaner and more secure.

You can't edit the vouchers and make your own codes. The codes are computed mathematically based on the keys and other info stored in the roll.

There isn't a way to change any attributes that are not shown in the GUI already.

If you want to allow people to login using a "code" that lets them on indefinitely, create users instead. You can change the usernames to whatever you liked to stop an old "code" from working for new logins.

@Gertjan:

@bishoptf:

Running 2.2.6 and having issues with ….

What about leaving this old version, and upgrade ?

I didn't heard about android users complaining that 2.3.2 isn't working well for them.

Take note : who remembers issues and bugs present in 2.2.6 ?

Yeah understand, it's in the plan and will be taking place hopefully shortly but was hoping to tweak and keep things working.  I finally had to turn the portal off and just leave it running without the TOS, its not working for anything including PC browser.  Source looks correct with a URL in the redirect value but nothing I tried got it working.  It redirects to the portal page and when you select continue it just reloads the portal page and adds your MAC address to the passthrough list but thats about it, each time you do your MAC address gets added to the list.

Hopefully I can get it working when I upgrade, I have new hardware so I will be able to test it and make sure its working before going live.