I agree - 'solved'. See other post concerning same mather.

@rexster: i didnt think it's problem with wds. coz, i just try out a friend's engenius wsr3800 wireless with built in authentication (captive portal) and using same wds with linksys wrt54g/gs all clients can successfully login, even those clients connected to the furthest repeater can still login with no problems. Checked that. Have a [ADSL modem] <–-> [pfSense Box {=>OPT1 interface}] <–--> [switch] <–-> [WRT54GS as AP+WDS] <–--- radio link ----> [WRT54GS as AP+WDS] <–- radio link ----> [Client PC]. The Client PC can login to the captive portal on the pfSense box, and then has access to the net. The question is: what firmware (in your AP's) are you using  ;) Linksys routers are as PC's: depends on what software you're using to make them fly…  :D

Captive portal doesn't work on a bridged interface. It has to be a seperate subnet and the clients of this subnet have to use the pfsense dnsforwarder as dns.

@m1s1u: Is it possible to display MAC address of the client machine on the portal login page? If so how to achieve this? Actually, its possible - to have it on the 'Logout' box…. Add this: LogoutWin.document.write('**Client MAC : {$clientmac}** '); To the file /usr/local/captiveportal/index.php on line 316 (search for the other LogoutWin.document.write…. code). Edit - save - Done

Hi again, No comments on this..? Can anyone running beta 3 check if they are able to successfully save changes to the captive portal gui page? Here a http error 404 is thrown immediately after clicking the Save button.  When reloading the page no values have changed. I cannot even use the captive portal /file manager to save my custom captive portal http pages. Everything else from the webgui seems to work ok. To help me out, in which folder can I manually save the custom http pages?  And where dio I assign their filenames? Secondly, if I make changes in config.xml, how do I apply the current config.xml to the pfsense config? Thanks a lot for comments best regards Tor

action accept proto: tcp source: LAN net port: any destination: RADIUS net port: 1812-1813 gateway: default

Well, seems like the newest firmware fixed my issue.  4-06-06 firmware Thanks, Andy Morris

Hi, User is still able to login to multiple pc's simultaneously with one username and password. Captive Portal setup as follows: Enabled Interface: LAN Idle timeout: 60 m Hard timeout 240 Logout popup: checked Disable concurrent login: tried both (checked and unchecked) Disable Mac filtering: unchecked Authentication: local user manager thanks

thanks sullrich that did it, ur great.

Just nmapped our captive portal here… And its not doing this. nmap -P0 10.0.0.80 Starting nmap 3.93 ( http://www.insecure.org/nmap/ ) at 2006-03-24 12:49 EST All 1668 scanned ports on 10.0.0.80 are: filtered MAC Address: 00:00:24:C1:F7:71 (Connect AS) Nmap finished: 1 IP address (1 host up) scanned in 36.169 seconds

actually I had to use Auth-Type== local, instead of system which is defult… in that case it will fall through all local modules installed

yep u are correct, everywjhere exept the part tha MAC addresses are sent during Accounting-Start…. all other junk thta I dont care about is sent when Accounting-Stop is sent :-(

ok, sounds good, but that is not going to ahppen any time soon :-(

Not at the moment.

Alright, good to know  :)

@Gertjan: @jeroen234: most browsers block the popups Why not explaining on your main Portal web page that users should/could use IE->Utils->Blocking popup windows->Parameters to block publicity-> [[b]add the opt1 IP : i.e. 192.168.2.1] so they would receive a 'disconnect' windows, from pFsense only. That wouldn't work, as depending on which page the user tried to access the captive portal popup page appears to be from that side and not the pfSense. Try going to google.com when not authenticated. you would have to allow popups from google. next time you hit it by going to myfavouritesite.org and you would have to enable popups from that site…doesn't work. I would rather like to see a single line small frame at the top of the next page after authentication to give the user the possibility to click "open logout popup" along with a note as most browsers allow the popup when the user clicked on it.