• AP that passes MAC adresses?

    4
    0 Votes
    4 Posts
    505 Views
    C

    @Gertjan:

    Your AP has its DHCP server shut down, router-mode is shut down, etc ?

    Yes, it is in AP mode. It offers quite a few modes.

    AP Mode
    AP router
    Client Router
    WDS Bridge
    WDS Router

    and I think a few others, at any rate its in AP mode.

    Also, the Mac addresses are shown in PFsense DHCP lease lists, however when the captive portal is on with the Mac pass through, it lets every device passthrough with the first logged in user.

    @Derelict:

    Any AP does.

    If that one is not it is either in a router mode, not an AP mode, or is for some reason proxying ARP or something of that nature.

    In either case you are probably going to get a faster reply asking on a forum specific to that product.

    I didn't know those existed lol, will do.

  • Authentication question for Local User Manger setting

    6
    0 Votes
    6 Posts
    2k Views
    jimpJ

    It depends on how the solution was made.

    What we'd like to see is:

    1. Captive Portal adapted to use all settings from the User Manager, including defined Authentication Servers
    2. Additional RADIUS settings moved from Captive Portal to the User Manager Auth Server RADIUS options where possible. Some settings may be specific to one portal and not others, but an admin could always define multiple RADIUS server profiles in the user manager to get the same effect, which is essentially what they're already doing now.

    In doing that, Captive Portal would naturally pick up LDAP support as an authentication source without actually adding or touching any LDAP-specific code. The problem is adapting all of the RADIUS options in CP to the User Manager and making sure they are used in the correct context.

  • Need Help - Captive Portal + Free Radius + SMS Authentication

    4
    0 Votes
    4 Posts
    2k Views
    jimpJ

    That is not currently a feature of FreeRADIUS on pfSense, and there are no plans for it.

    You might have better luck asking for help on a FreeRADIUS forum/mailing list/subreddit/etc, because anything you need to change would be specific to FreeRADIUS and not pfSense.

  • MAC address Log

    6
    0 Votes
    6 Posts
    2k Views
    DerelictD

    Month or two is probably not something you want to task your firewall for.

    Yes, that can be increased.

    Whether it is enough depends on how much device churn you are expecting.

  • Free Radius Conf

    7
    0 Votes
    7 Posts
    1k Views
    A

    jimp this is the test for free radius i did when i get the above failed radius message. i am also sending the test result.

    user:  shaheedullah
    Password: school
    sgared secret : cmc

    ![radius test.png](/public/imported_attachments/1/radius test.png)
    ![radius test.png_thumb](/public/imported_attachments/1/radius test.png_thumb)

  • Captive Portal Vouchers

    9
    0 Votes
    9 Posts
    2k Views
    A

    New learnings sir! :D :D :D
    I actually didn't know that I can view the voucher number including the time remaining per voucher.

    As I randomly checked 10 vouchers from the previously generated voucher, all are fine. Maybe, there were some which are considered invalid.

    Anyways, thank you so much sir's for your help!

  • PfSense 2.3.4 Captive Portal TCP Handshake IP dominating cURL custom IP

    1
    0 Votes
    1 Posts
    522 Views
    No one has replied
  • FreeRadius won't restart

    5
    0 Votes
    5 Posts
    812 Views
    jimpJ

    @yfarouq:

    @jimp:

    Not nearly enough detail here.

    What did you upgrade from?
    What did you upgrade to?
    What version of the FreeRADIUS package do you have installed now?

    Im at pfsense 2.3.4 version, and Im still working with freeRadius2. I had tested FreeRadius3 but the same issues

    Please answer all of the questions there. the first two are asking about pfSense versions before/after.

  • Captive Portal with Ajax Login

    1
    0 Votes
    1 Posts
    987 Views
    No one has replied
  • User Authentication

    Locked
    1
    0 Votes
    1 Posts
    653 Views
    No one has replied
  • Error sending request: No valid RADIUS response

    1
    0 Votes
    1 Posts
    650 Views
    No one has replied
  • Captive Portal Whitelist intermittent

    1
    0 Votes
    1 Posts
    536 Views
    No one has replied
  • 0 Votes
    3 Posts
    1k Views
    K

    I try Radius 3 also, but it seems to be the same.

    I try to check with the Log, but it shows nothing

  • Freeradius start error

    2
    0 Votes
    2 Posts
    534 Views
    jimpJ

    Under normal conditions it will start automatically. You will have to provide more detail about your specific configuration, including:

    Which FreeRADIUS version? If it's 2.x, uninstall that and install 3.x and try again. How is FreeRADIUS configured? You mentioned MySQL, is it supposed to use that? What other options do you have enabled? Show any radiusd log messages from the system log during boot time

    If nothing else, you can install the service watchdog package and have it babysit FreeRADIUS to keep it running.

  • What Happened To Users?

    8
    0 Votes
    8 Posts
    1k Views
    Q

    @Gertjan:

    Check the backup file you imported.
    They are there ?
    The file should have a name like config-your-host-and-domaine-20170718085441.xml and is VERY well readable by a human.
    If they are NOT in the file, well ….

    Just checked and it does have the users.

    <md5-hash>531501fb668ac7198544acf912d9c624</md5-hash> <name>qwerty</name> <expires><authorizedkeys><ipsecpsk><uid>2009</uid> <user><scope>user</scope> <password>$#$%^&#%TFSDDFDSR#$</password></user></ipsecpsk></authorizedkeys></expires>

    Anyway I'm good as long as the accounts are no longer active.

    Cheers!

  • Daloradius, PFsense and Simultaneous-Use

    3
    0 Votes
    3 Posts
    3k Views
    L

    Hi dude. Did you resolve your problem? Can you share?

  • Save "Session details" for Traffic-Volumen

    2
    0 Votes
    2 Posts
    441 Views
    M

    Push up …

    Any Ideas?

  • Captive portal Whitelist @Mac issue

    3
    0 Votes
    3 Posts
    703 Views
    M

    Hi

    Thanks, but the ipfw command not working, I have try all commands of this topics

    https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting#Zones

    [2.3-RELEASE][admin@]/root: ipfw -x guest show
    ipfw: Context 0 is invalid
    [2.3-RELEASE][admin@]/root: ipfw -x zone1 show
    ipfw: Context 0 is invalid
    [2.3-RELEASE][admin@]/root: ipfw
    ipfw: usage: ipfw [options]
    do "ipfw -h" or "man ipfw" for details
    [2.3-RELEASE][admin@]/root: ipfw -x zonel show
    ipfw: Context 0 is invalid
    [2.3-RELEASE][admin@]/root: ipfw -x LAN_GUEST show
    ipfw: Context 0 is invalid
    [2.3-RELEASE][admin@]/root: ipfw show
    ipfw: Context is mandatory: No such file or directory
    [2.3-RELEASE][admin@]/root: ipfw -x context list
    ipfw: Context 0 is invalid
    [2.3-RELEASE][admin@]/root: ipfw_context -l
    ipfw_context: Command not found.
    [2.3-RELEASE][admin@]/root:
    [2.3-RELEASE][admin@]/root: ipfw_context -1
    ipfw_context: Command not found.
    [2.3-RELEASE][admin@]/root: ipfw -x LAN_GUEST show
    ipfw: Context 0 is invalid
    [2.3-RELEASE][admin@]/root: ipfw -x 2 show
    ipfw: setsockopt: choosing context
    [2.3-RELEASE][admin@]/root: ipfw zone list
    ipfw: Error returned: Unknown error: -1
    : Invalid argument

    do you know why ?

  • Time restriction for CP users possible with pfSense?

    3
    0 Votes
    3 Posts
    2k Views
    T

    The plan is to both have a time limit for the users and to limit the amount of traffic for the users.
    Regarding the timing issue, I know that this is difficult when not having a users database to authenticate against. The only way would be to use the device's Mac addresses and to check when they logged in for the first time and then measure the time from then…

    Regarding the amount of traffic, I currently use ntopng to monitor and count the traffic the users are generating and as soon as they reached the 400 MB, I add their IP address to the firewall's block list. That's not a really convenient solution, as it involves manual tweaking where I thought ipSense could help...

    Are anonymous hotspot really that rare that there's no support needed for such features?
    (I think the free WiFi hotspots are becoming more and more common ... I think that the CP in pfSense would be even more attractive if there were more options for anonymous users... But's just my opinion. I still find it a great product and I can get what I need ;-) )

    Regarding the suggestion with FreeRADIUS: This would be a great solution, but I have to create the users (i.e. the Mac addresses) first in order to be able to authenticate against the user database. As I don't know the Mac addresses of the customers, this is quite difficult... Best would be if such users be generated on the fly by the RADIUS server...

  • Captive Portal for 1 AP on my network

    11
    0 Votes
    11 Posts
    2k Views
    johnpozJ

    Didn't we already go over this in this thread.

    https://forum.pfsense.org/index.php?topic=133348.0

    That you could just create a firewall rule to block access on your wifi router 2 network, and that you didn't need to nat it, etc. etc.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.