I'm working on this here: https://forum.pfsense.org/index.php?topic=95680

I'm working on this here: https://forum.pfsense.org/index.php?topic=95680

I'm working on this here: https://forum.pfsense.org/index.php?topic=95680

I'm working on this here: https://forum.pfsense.org/index.php?topic=95680

Perfect!  I already use freeradius, so this shouldn't be too difficult.  Many thanks!

Please, people, don't 'try' pfSense using very old version.

It will be confusing for you and difficult to get support.

Thank you cmb, I installed the syslog-ng package to retain and rotate this logs.

I believe this happens on upgrade if the CP .db files  in /var/db didn't get reset. On 2.1.x they were in SQLite 2.x format and on pfSense 2.2+ it's SQLite 3.

^^^

Great !

You just posted in the ENGLISH section.
That won't work.

Scotty !!! Beam me up, please.

No. Start coding… :P

@Gertjan:

Keep in mind that this (and maybe others) issue exists : https://redmine.pfsense.org/issues/4605#note-1

that has no relation to captive portal, OP's circumstance works perfectly fine in 2.2.2.

just to clarify,
yes the "After authentication Redirection URL" field in CP config works, to the extent that I can nominate a web a page to bring the user to.
But ideally we require to insert the user name on that page as you see from our PHP code. And that works fine on our test web server (not pfSense) when we use our own redirect coding

I would like to know if there is a way to pass a variable to the "After authentication Redirection URL" to achieve what we want to do
www.hayfieldmanor.ie/wifi-landing-page?user=$fname

And secondly with the user data we capture on the index.php to write the data to captiveportal-data.csv, again our code works on a regular webserver but not when uploaded to pfSense

Does anyone know what we should do to tweak things and get it working on pfSense?

Thanks

The DNS needs to be working. I.e., you must put the IPs into allowed IPs in CP. Doesn't need to be on pfSense at all.

https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting

Hi,

The bas news:
Natively, something like that doesn't exists in pfSense - as you already figured out.

The good one:
The possibility to make it happen is only limited to ONE thing : how good is your PHP knowledge ;)

@duke:

….
Any idea to fix this bug? Anyone can contact the maintainer of this package to report the problem?

You can do so  ;)

If … one still exists.

Where "disable concurrent logins" is checked and you're using vouchers, you'll see something like this in your portal auth log when connecting a second machine.

Jun 8 21:25:08 logportalauth[72742]: Zone: zone1 - CONCURRENT LOGIN - TERMINATING OLD SESSION: BvCaK7yXvRa3, 00:50:56:a7:5a:58, 192.168.155.101 Jun 8 21:25:08 logportalauth[72742]: Zone: zone1 - Voucher login good for 5 min.: BvCaK7yXvRa3, 00:0c:29:cc:8c:a3, 192.168.155.102

That removes the original session and adds a new one for the new MAC. It works, I just ran through testing of it again on 2.2.2.

Thanks, I had figured that out earlier.  Seemed to fix that.  Merci!

I think that's only if Concurrent user logins is disabled.

Regarding the voucher length, getting down to 4 or 5 characters is going to be hard.  The smallest I could manage was this:

31-bit RSA key

Character set: 2345678abcdefhijkmnpqrstuvwxyz
# of Roll Bits: 12
# of Ticket Bits: 12
# of Checksum Bits: 8

That yields 7-8 characters.  You can get fewer characters by adding capital letters to the character set, but that really doesn't make it any easier for users to enter on their phones.

No, you won't clobber the default page.  It's included in the captiveportal.inc php page.

As far as going back to defaults you have to upload a 0-length file.  On unix you could:

cp /dev/null captive_portal_reset.html

Then upload that as the page content file.

@rossmat:

…..
Regarding the portal index.php code, it should be the first one. Regarding the authentification method setting in WebGui, it should be the second one (option "Local User Manager / Vouchers", local auth method).

I guess you're right.

Keep in mind that it will be valid if you are using the default login page (which gives the user the possibility to enter a user+password, or voucher code).
Adapt this login page (throw out the voucher-part) and voucher are useless even if they exists and activated: no one could enter a voucher code.