I'm not sure this is the only way  although it does work.

I don't really understand what the initial problem is neither what additional authentication will bring but if this is what you want to deploy, why not looking at reverse proxy  ???
I don't know what pfSense reverse proxy package provides (in term of feature) but the is a lot of reverse proxy implementations (Nginx, HAproxy Vulture) that may solve your problem, kind of  ;)

Reverse proxy will prompt user for authentication. Most of then will allow you to select among various kind of authentication mechanisms and some will also add capability to create tunnelling and encryption  8)

What I really mean here is that captive portal wording is meaningless here (to me) as there is nothing captive. User may decide to access or not your interface.

Create temporary a user+password using the Local User Manager (or use the admin account).
Use the default html login page, where you can both enter a user+password or voucher code (both work at the same time).
Login should work right away.

A first attempt that doesn't work, and a second attempt that does work means that the voucher code is ok. There might be some 'html' or posting error.
Mention what YOU changed from default … settings, etc.

edit: You are aware that the current pfSEnse is 2.2.2 ? Using 2.1.4 means you are dealing with known bugs, and is normally reserved for experts who know how to deal with these.

Put rules blocking anything you don't want them to access before the pass rules on the interface captive portal is on.  This has nothing to do with the portal, but with your basic firewall rules.

Yes your DNS was wrong. Use pfSense as DNS server for your clients.

For your current problem check your firewall logs.

Just this moment I tried to verify this with windows 8 and it works very well: As soon as i got connected to the pfsense-network, a Browser opens automatically with the Captive Portal site.

Strange …..

Looking at this forum : pfSense Forum » pfSense English Support » Captive Portal (that is the forum where you posted !) there is a post named PFsense 2.1 MultiCP and https with Windows Radius Guide 
There is also this : https://doc.pfsense.org/index.php/FreeRADIUS_2.x_package#Using_the_FreeRADIUS_2_Package:_Basics
Even more : https://doc.pfsense.org/index.php/Using_Captive_Portal_with_FreeRADIUS

More then enough to get you started.

And when you install Google first, you even find more : Google : pfsense radius

The issue has been solved https://github.com/pfsense/pfsense/commit/ea6cbc390bba86336bf5a173922b20f0b3416c89

I don't know why but this doesn't seems to work for me.

I don't see any answer from the CP (tcpdump on the network interface with port 8003 only shows clients requesting the vip).

Added to that:
A Portal should be on its own interface.
So, its has its own firewall - which should enable Internet access, and forbid any access the private lans or any  other interfaces.

Hi,

i am seeking for the same solution too, can you find any solution for this?

thanks
serhan

Have you set your pfSense to act as DNS proxy/forwarder and are your clients using the pfSense's LAN address as their primary DNS? Unless your clients can resolve external addresses you won't be redirected to the CP landing page.

Hi, do you have any experience about reaching the captive portal through ipsec vpn?

local - cyberoam –-----ipsec vpn----------------pfsense in cloud

when an unauthenticated user wants to go to the internet, we want to pfsense's captive portal comes to this user, is it possible, how can i do this?

i wrote a policy in cyberoam, which asked pfsense's radius the users credentials, in cyberoam's captive portal, which asked the credentials to the pfsense, the user can logon correctly, and internet opened, and than,  i tried to redirect pfsense's ghost's url instead of cyberoam's captive portal, but the user can not be authenticated with this way, the mechanism is not the same.

i need a solution to popup the pfsense's captive portal in front of the unauthenticated users through ipsec vpn.

Thanks
serhan

There are 6 separate APs, spread around the two buildings.  I would not expect to see more than 20 or so users per unit (I have logged into them when busy).  I am generally not onsite when it's busy which is difficult.  2 APs are on one interface and 4 on the other.

I am not fixated on the CP max users as such, I was just wondering what happens when several people try to connect at once, and the max is reached.  I understand it's not the amount of users that can pass through, just the amount that view the login screen, but at times, looking at the logs, several people do login in quick succession.

iPhones recently do not seem to throw up the captive portal login when you connect the AP any longer.  They used to.  I wonder if this could be causing users problems, as they assume they are connected when they're not?  Many these days don't even open browsers, it's straight to FB, email, twit etc.

Need to find some time to update to the latest version I guess, but will see how things go now squid is disabled.

Ubiquiti AP's are supposed to be very good in terms of number of users?  I have used a few of them poreviously, and thinking of replacing with these.  They also allow roaming between APs, although I think this is software based, and not too sure how it works.  Need to have a closer look.

Thanks.

Same problem on 2.2.2. Empty radacct table

@teekaypapa:

i am using LAN for the Portal

Good luck  ::)

(P.S. DNS servers must be allowed through the CP or nothing works.)

@new_in_pf:

pfsense 2.1-release  i386

Perhaps you could try with something uptodate…

yap you right…not a professional like you guys...but try to find short cut and learn something new!! Thanks for reply

Creating master master replication is way easier then creating some RADIUS monitoring script.

Got it, thanks for your input.