Ubiquity bridges its interfaces  in three modes , is it in router mode ? if so then change it to bridged. ofcourse DHCP, DNS etc … as Gertjan seas must be handled by pfsense.

@insurin: …..I think it was more to do with pfsense/captive portal already having a connection on that IP address with another user and when this new user tried to authenticate with the same IP address it caused CP to error. I rephrase. A user (with an IP obtained from your DHCP server) has a device with a MAC address. He connects to the portal interface, a session is opened with its IP MAC Start time End time (the End time will be 'Start time' + 'hard time out') Session-ID Etc. This user will NOT be redirected to the portal login web interface anymore. This user should manually LOGOUT (using the popup, so the session will be portal will be destroyed) if he want to see the portal login web interface again. His IP stays the same all this time. If another user connects, it should NOT obtain the same IP (IP conflict ! - note that user CAN hard code the IP, you better ignore these users  ;)). This other user has of course another MAC …. I cannot imagine how is could be possible that two users have the SAME IP ..... your DHCP will never allow that. A unique user with its unique MAC will receive a unique IP. This is how thing work in DHCP land  :)

@lsense: my plan is to use $config['captiveportal']['httpsname'] …... this should be the same as  $cpcfg = $config['captiveportal'][$cpzone]['httpsname'] (see function portal_hostname_from_client_ip($cliip) in /etc/inc/captiveportal.inc - pfSense 2.1.3) @lsense: that is "HTTPS server name" in web gui to configure what clients see in the address bar even if we are not using https. Well, this is where I need to explain: "Works for me" $cpcfg['httpsname'] is only set when you activate (ones) the "activate https authentication on the captive portal settings page. This will be done if you put in valid certificates … Not very difficult, its explaine here: https://forum.pfsense.org/index.php?board=2.0 The very first subject PFsense 2.1 MultiCP and https with Windows Radius Guide. As soon as "https" is setup and valid, de-activate it. The tric is: the $cpcfg['httpsname'] will be grayed out, but remains set and valid (so, you can use it as I did above  ;)). Exemple: My domaine is brit-hotel-fumel.net (to be set on the General setup page). The portal 'host' = 'portal' (IP 192.168.2.1, as set on the DNS Forwarder page) So, my 'httpsname' will be portal.brit-hotel-fumel.net When people connect to my Wifi network they will get an IP (they don't connect yet). They can ping at that very moment alreay portal.brit-hotel-fumel.net - this MUST give back a reply. This means the host name is resolved. This means that host name can be used instead of 192.168.2.1 And that's what the subject is all about. @lsense: portal_ip_from_client_ip($clientip)  is not called at all. For me, this is correct, because I'm using https login. For non-https login, this function will be called: (see function portal_hostname_from_client_ip($cliip) in /etc/inc/captiveportal.inc - pfSense 2.1.3)

Anything that speaks SFTP should work.  Just know that uploading directly doesn't put the files in the XML config and might not survive a reboot.

Not just www.apple.com See Using Apple Products with Captive Portal iOS 6 issues Not getting a "captive portal detected" message on iOS devices  etc. IOS devices have a boatload of URLs to test if the Internet is reachable.

If you have your user list in an Excel sheet, you could export it into a "easy to parse" format, like CSV, or even dot-comma separated lines. You need some lines of PHP that should do this: Remove all current user that are member of the group that are allowed to login to the portal: this is mine: http://pastebin.com/uQ6Ry4h0 You should remove all <user>…..</user> that have a that belongs to this group. Now, Rebuild the group, and insert all users. You will have to encode the password (3 formats). Any of this can be looked up in the pfSense portal PPHP code, so the bigger part of the code is just 'copying' what already exists. Note that, when a user is present in the User Database (managed by pfSense) their is no need to deleted it, you could also just 'deactivate' the account and reactivate when the "rent comes in". You could also add MySQL or MSSQL support to the PHP engine of pfSEnse, and use a separated SQL server that will do the authentication (better check how to generate the passwords then ...)

oh I think its a different topic …. well problem solved.. I need to authenticated to the portal before i can have net access... Thanks please close sir moderator. thank you

I activated the Portal Interface on the my LAN - I merely activated Local User Manager, not touching any other settings. This means I had two portal interfaces, one on OPT1, and one on the LAN. Just to be sure, I added the MAC of my PC to the MACC pass through page. I switch on another PC on the LAN and launched a navigator. Guess what popup up ? this one: http://www.test-domaine.fr/Capture-portal.PNG I had access to the net after authentication … I didn't really tested it for a long time, but a Portal Interface on LAN, it seems to work.

Hi Gertjan I am looking at the logs and I can now see what's happening as you have pointed out already logportalauth[83783]: CONCURRENT LOGIN - REUSING IP 172.110.14.67 WITH DIFFERENT MAC ADDRESS 18:20:32:27:17:b3: username timestamp cheers

Hi Gertjan I think this problem has also started to manifest itself into other devices so it may not just be Apple. I have started another thread to which you have kindly gave me some advice on how to diagnose the issue. The thread is here for anyone looking https://forum.pfsense.org/index.php?topic=77821.0 cheers

Thanks Gertjan for your info, I will follow your instructions.

Hello. Yes, it can be done. Yes, I guess its already done by some one. But, no, this (working with MySQL) isn't coded in the portal authentication system right now. That's for the short answer. The longer one: On this forum, examples are given how to add the package to your pfSense setup, so PHP can "speak" to MySQL - its just an extension to load. Of course, you will have to do some PHP coding. As a starting point: have a look how local authentication with the local databse is being used. Discover that pfSense uses also a small database motor (I forget the name, you'll find it in the code, in /etc/inc/captiveportal.inc). A while back, I even managed to add the package that gave me MSSQL (yep Microsoft SQL) PHP support. I could speak with a MSSQL server on the LAN for portal authentication. The thing is: no-one is gona do that for you, except if you make it a bounty case https://forum.pfsense.org/index.php?board=34.0 edit: go here  : https://forum.pfsense.org/index.php?board=2.0 (its where you posted your message). You will see a thread called : How to Captive Portal Self Registration Using Free radius & Mysql (Tutorial)

@mcircuits: My system setup: Internet –------- Modem/Wifi Router --------- computer with pfsense installed.... Your setup indicates: People would connect to your mentioned Wifi device. They won't be seen, neither handled by pfSense.

Hello Gertjan, thanks for your reply - finally i was able to solve my problem by myself - after hours :) My problem was the DNS forwarding and the correct entry of the DNS server. So i was able to ping 8.8.8.8 but not google.com. I could reach the captive portal via IP but not via name. After setting the correct entries it was working fine. Regards tommysense

Hi, look at this thread: https://forum.pfsense.org/index.php?topic=46015.0 (and please reply if you get it to work, I can't test it right now and there seems to be trouble with the solution posted there…) Best wishes, Eagle2

Hi, you should be able to do this by setting up the freeradius package (see https://doc.pfsense.org/index.php/FreeRADIUS_2.x_package) and then setting bandwith limits for the radius users. Then you can use the captive portal with radius auth or - if your access points support the speed limit - set up radius auth (WPA2-Enterprise) directly on the access points. Best wishes, eagle2

Hi guys. As far as I can see, both the GUI and XML are reporting a matching zone name (I presume this is the name of the captive portal). As I test, I've just disabled the Sync between the master and slave, disabled the portal setup on the slave and confirmed the settings were removed, then enabled Sync again. Everything seems to populate across from the master but still no luck. I'm still getting "TYPO Invalid Magic !!"

after every reboot pfsense ipfw rules start from 5000, 6000, 7000 and so on. the startnum is modified 2 to 50 and the end number is same 65400 but after reboots when the ipfw rules reach to 65400 then all the rules start from 1

What about using a switch ? Use one of the Juniper LAN port, put a 3 port switch (if it exists) on it, use port 2 f the switch to the existing network segment and the third to the pfsense box. Of course, bandwidth goes up to the capacity of the LAN port of the Juniper firewall. The DHCP server of pfSense isn't really from "pfSEnse". Its a industrial strengh DHCP server that is already known and being used on FreeBSD for years (also a reference). It can handle a lot of DHCP request … the only limit might be network bandwidth and "pure processor power" of your firewall. This is valid for your actual Juniper firewall, or the pfense box. I guess all possible setup-possibilities are there. I'm using pfSense as the main "firewall" at my work - about 10 PC's and seperate a Portal Wifi subnet for our customers (a hotel). I use a PowerEdge from Dell to handle it all (or an older Dell Dimension 51xx, an old retired desktop PC) with a quad NIC Intel PCI card - the onboard NIC is my WAN NIC. It runs fine for years now (it only breaks when I mess up the script/code ones more). Here are the stats: https://www.test-domaine.fr/munin/dyndns.org/brithotelfumel.dyndns.org/index.html As you can see, my 'firewall' is just twisting its fingers all the time ..... You could also consider buying a special appliance as said here: https://www.pfsense.org/hardware/index.html#sizing - stuff like this (example) http://store.netgate.com/Netgate-FW-7541-1U-Rack-Mount-System-BTO-P1903.aspx (6 Giga NIC's) will handle hundreds of PC's easily.