https://snapshots.pfsense.org/

As to its suitability in your environment, your call.

There is none.  Captive portals break https.  Period.

Yes, all fixed.

On 2.1.x there isn't a simple way to do this unfortunately. If all else fails you can either upload an empty file, or a copy of the stock page from the code, or download a config backup and edit out the page contents from there and restore it.

On 2.2 there are buttons to clear the stored custom files so it will be much easier to manage.

Hard to accept but the problem was never PFSense, I had to delete the WLAN in the Ruckus Controller and created again.

1 second work took me a week to find out.

Hey can you set a script or something I can pay you Im new to pfsense and getting used too everything.

Thanks,
Sam

Thanks for the info.
I just uploaded all the files through the CP Web Interface to have them "permanent" in Pfsense.
As Workaround, it could work for now.

count me in for the same problem

upgraded to most recent stable and installed freeradius pkg and it counts wayyyy to fast

-Rich H.

This function I've placed in what I think you are recommending - however are these rule numbers the order they are performed in or basically arbitrary?

…....

$cprules = "add 65291 allow pfsync from any to any\n";
$cprules .= "add 65292 allow carp from any to any\n";

$cprules .= <<<eod<br># layer 2: pass ARP
add 65301 pass layer2 mac-type arp,rarp

pfsense requires for WPA

add 65302 pass layer2 mac-type 0x888e,0x88c7

PPP Over Ethernet Session Stage/Discovery Stage

add 65303 pass layer2 mac-type 0x8863,0x8864

layer 2: block anything else non-IP(v4/v6)

add 65307 deny layer2 not mac-type ip,ipv6

EOD;

$rulenum = 65310;
$ipcount = 0;
$ips = "";
foreach ($cpips as $cpip) {
if($ipcount == 0) {
$ips = "{$cpip} ";
} else {
$ips .= "or {$cpip} ";
}
$ipcount++;
}
$ips = "{ 255.255.255.255 or {$ips} }";
$cprules .= "add {$rulenum} pass ip from any to {$ips} in\n";
$rulenum++;
$cprules .= "add {$rulenum} pass ip from {$ips} to any out\n";
$rulenum++;
$cprules .= "add {$rulenum} pass icmp from {$ips} to any out icmptype 0\n";
$rulenum++;
$cprules .= "add {$rulenum} pass icmp from any to {$ips} in icmptype 8 \n";
$rulenum++;
/* Allowed ips */
$cprules .= "add {$rulenum} pipe tablearg ip from table(3) to any in\n";
$rulenum++;
$cprules .= "add {$rulenum} pipe tablearg ip from any to table(4) in\n";
$rulenum++;
$cprules .= "add {$rulenum} pipe tablearg ip from table(3) to any out\n";
$rulenum++;
$cprules .= "add {$rulenum} pipe tablearg ip from any to table(4) out\n";
$rulenum++;

/* Authenticated users rules. */
$cprules .= "add {$rulenum} pipe tablearg ip from table(1) to any in\n";
$rulenum++;
$cprules .= "add {$rulenum} pipe tablearg ip from any to table(2) out\n";
$rulenum++;

$listenporthttp =
$config['captiveportal'][$cpzone]['listenporthttp'] ?
$config['captiveportal'][$cpzone]['listenporthttp'] :
$config['captiveportal'][$cpzone]['zoneid'];

if (isset($config['captiveportal'][$cpzone]['httpslogin'])) {
$listenporthttps = $listenporthttp + 1;
$cprules .= "add 65531 fwd 127.0.0.1,{$listenporthttps} tcp from any to any dst-port 443 in\n";
}

$cprules .= << <eod<br>**# pass traffic not destined for protected subnet 1
add 65532 pass all from any to not 192.168.1.0/24 in

redirect non-authenticated clients to captive portal

add 65533 fwd 127.0.0.1,{$listenporthttp} tcp from any to any dst-port 80 in

let the responses from the captive portal web server back out

add 65534 pass tcp from any to any out

block everything else

add 65535 deny all from any to any

EOD;

/* generate passthru mac database */
$cprules .= captiveportal_passthrumac_configure(true);
$cprules .= "\n";

/* allowed ipfw rules to make allowed ip work */
$cprules .= captiveportal_allowedip_configure();

/* allowed ipfw rules to make allowed hostnames work */
$cprules .= captiveportal_allowedhostname_configure();

/* load rules */
$cprules = "flush\n{$cprules}";
file_put_contents("{$g['tmp_path']}/ipfw_{$cpzone}.cp.rules", $cprules);
mwexec("/sbin/ipfw -x {$cpzone} -q {$g['tmp_path']}/ipfw_{$cpzone}.cp.rules", true);
//@unlink("{$g['tmp_path']}/ipfw_{$cpzone}.cp.rules");
unset($cprules, $tmprules);

if ($reinit == false)
unlock($captiveportallck);
}

I'm thinking that this isn't going to pick up if i have multiple protected subnets - not a huge problem but would be nice to know / get the syntax for this correct to start with.

**# pass traffic not destined for protected subnet 1
add 65532 pass all from any to not 192.168.1.0/24 in
**# pass traffic not destined for protected subnet 2
add 65533 pass all from any to not 10.0.0.0/24 in

Sorry only saw this today - must have missed the notification! Will try it tomorrow (Australia time)******</eod<br></eod<br>

mdmogreen solved this very problem and it worked perfectly for me.

@mdmogren:

I came up with this to use an external splash page:

Make sure to add the host where you're going to host your page to Allowed Hostnames

Use this code to redirect and pass the variables, (I only passed a few here that I needed, you can add more using the same method) the only downside is that if a user has JavaScript disabled in their browser they will have to click a button to load the page…

Make you you replace "http://www.myserver.com/splashpage.php" with the URL you want to redirect to.

<form action="http://www.myserver.com/splashpage.php" method="post" id="redirectform"> Javascript is disabled, click to </form> You'll then be able to pull on the variables from $_POST on your new page.
Example code for your external page:

Source: https://forum.pfsense.org/index.php?topic=46015.0