Modify the 'my.cnf' (de main MySQL config file) so it accepts not only connection from localhost (127.0.0.1) but also the 'external' IP  that the other pfSense would use to connect to the server.
This is well described in the MySQL doc.

You need to locate the file, and change it.
Restart MySQL.
[ check if the firewall on the IP/NIC isn't blocking incoming connections on the MySQL port ]
Done.

Throw them away, take the build in pages.
Done  ;)

Thanks, Web Spider.

I am trying to mimic the captive portal of Mikrotik router. Unfortunately, I am having a hard time figuring out how to do it on Cisco devices. That's is why I am thinking of using Pfsense.

We are managing multiple networks, and it is not good to install Pfsense on each network because it 's hard to troubleshoot it when there is an issue with it. That's why I think it is better to host the Pfsense captive portal on AWS and let them connect to it, so we can easily access it and manage them properly.

I have read about pfSense Security Gateway Appliance which is available on Pfsense store. Do you think this is better than having a PFsense on AWS?

Please advise. Thanks

@cs1:

That's possible with RADIUS authentication. E. g. with FreeRADIUS you can store a custom RADIUS attribute like "Allowed-NAS" with each user and during the authorization phase you can use FreeRADIUS's "unlang" to compare the NAS-Identifier (which should be different for each of your zones) with the Allowed-NAS attribute and reject a user straightaway if they don't match. You can even update the Reply-Message attribute with something like "You're not allowed to log into this zone!" which will be displayed as the error message on the Captive Portal page so that the user immediately knows what went wrong. The manpage of unlang should give you a pretty good idea how to write the comparison code.

True.
I resolved using external Freeradius, Huntgroups, Groups and unlang.
I will update you if I can integrate solution on pfSense Freeradius :)

Thanks for your reply,  I design captive portal + freeradius + mysql to create the self register for customer's wifi system via device mac address, I have the separate internet connection so I dont use the firewall function on pfsense because outside pfsense I had already firewall.

The sqlite3 tool is a command line tool that is usable via ssh / console.
I don't have time to further explain the radius setup, and it is already well discussed in the forum, maybe you should seek some help from professionnal help.

Thanks "muswellhillbilly" for replying i can set timeout but i couldn't set download limit …

i am also interested dear :) :)

Thanks for the info, but as of my understandings today coDel is implemented but FairQueue CoDel is not, so fair bandwidth share won't happen.
Am I getting this wrong ?

… good point.

I guess I should have reworded my question to "how can I use Mongodb and Nodejs".

p.s. I appreciate your belief in my capabilities :D

yes im using radius but i dont know how to do this. i dont know where to get the active users.

Maybe this might help:

http://mgyinngetay.blogspot.co.uk/2014/04/how-to-configure-pfsense-captive-portal.html

How long is your :
Default DHCP lease time ?
Max DHCP lease time ?
concerning your interfaces interfaces ?

You are using a captive portal on LAN and OPT1 ?

Btw : Captive portal users are 'DISCONNECTED' by the function captiveportal_prune_old() (/etc/inc/captiveportal.inc)

Note : a "idletimeout" of 7200 minutes should NEVER log you out (= DISCONNECT). Today, every device does communicate all the time. For example, update checks are running all the time. A basic Windows system will sue the Internet - if a connection is available - all the time.
This means that the activity indicator (see Status -> Captive portal - and hit the "Show last Activity" button) will be set to a recent time all the time. A period of 5 days of NO activity at all is impossible.
This means that's something is very wrong ….

note2 : Did you checked "Status -> Captive portal - (and hit the "Show last Activity" button)" ? The Colum "Last activity" stays on recent times ?

@Artemiy:

https://google.com or https://facebook.com

Publish the golden rule for your visitors : never ever use a https site when you are connecting to a unknown (== captive portal) network.
Users want a protected one-to-one connection, that is understandable.
But you are using the captive portal - so users will be redirected from the site they want to visit, to the site where they have to authenticate first (pFsense).
This is against de 'https' rules
See it this way : Firefox is right.
Users ARE warned that they didn't land on their https …
This is another way to protect a users from a "man in de middle attack" - this time its clearly shown by the navigator.

If I was visiting https://my-bank-site.tld and another site sghows up instead (even emulating my banks site very well) and my navigator still accepts the connection, I would DITCH these browser.

This is solved.

The solution was to segment a DHCP pool that is restricted to a mac vendor (first six).

Then set that IP pool to bypass on the captive portal page.

Read and check this https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting

Is the nginx running on the portal interface ?
Use SSH acces and :
ps ax | grep 'nginx'
sockstat -4l | grep 'nginx'

Btw : being able to access the portal on the WAN NIC ….. well, something is very wrong.

;D

Nice !!!

Thank you, Skron.  That works perfectly.  :)