You are saying that there is a chance to obtain this wispr compliance without asking help to pfsense developers? If yes do you have a suggest for me?

Thank very much. This seemed to be the solution.

Hello Board, We've got it working as intended! On Pfsense 2.1 beta we have now 3 OpenVPN services running connected to 3 different Captive Portals. De virtual interfaces have each a DCHP range and also the squid proxy is listening. The downsides are; RRD graphs are not there (yet) for providing statistical Information. shaper isn't working on de openvpn interfaces. IPv6 isn't working in conjuction with openvpn and / or captive portal. I'm sure this is only a matter of time! Thanks for delivering and stable box of pandora!

Ok, I have this bit of code which works to turn a MAC into the ID, and assume there wont be issues in using that to get the ID? //error_reporting(0); $ourmac = $_GET["mac"]; $oursid = ""; require("captiveportal.inc"); if (file_exists("{$g['vardb_path']}/captiveportal.db")) { $captiveportallck = lock('captiveportaldb'); $cpcontents = file("/var/db/captiveportal.db", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); unlock($captiveportallck); } foreach ($cpcontents as $cpcontent) { $cpent = explode(",", $cpcontent); if($cpent[3] == $ourmac){  $oursid = $cpent[5];  break; } } echo "The SID is: $oursid"; exit; ?> And I can then use: captiveportal_disconnect_client($oursid); to kick a client?

@dhatz: @Lee: It gets to be real fun when some antivirus link checker tries to check the database for the captive portal link and fails…  ::) Is this behavior common among AV software? (I've never actually used a AV …). And if it is relatively common, is there a "best practice" for dealing with that? Perhaps a list of URLs used by popular antivirus programs, so one can white-list them ? It seems to be in the hotels we support.  And they keep moving the servers!

ok, don't really know what happened, but even though I put the shared secret into the CP interface correctly, the capitalization of one of the characters was wrong in the clients.conf file.  That seems to have fixed it.  Thanks for the input folks.

Ok this problem has been fixed. Was not depending from the CP but from my Xampp/Apache configuration. On the 'index.php' inside \xampp\htdocs i had to change the word "xampp" with the folder's name of where my local site is located (and to where my CP is pointing to). if (!empty($_SERVER['HTTPS']) && ('on' == $_SERVER['HTTPS'])) {       $uri = 'https://';   } else {       $uri = 'http://';   }   $uri .= $_SERVER['HTTP_HOST'];   header('Location: '.$uri.'/xampp/');   exit; ?>

I have something similar happening to me, everytime i try to login to FaceBook, the connection get refused…..i allowed the https port too but nothing to do (using Squid). :-\

What do you mean exactly with "get redirected on their first access" ?? Do you want people to bypass the login page and go to the first page they have accessed after their first login (looks strange to me, as people wouldn't want to always return to a page that maybe have randomly visited on that specific occasion) or the homepage they set on their browser, or maybe a landing page you have created ??

Here is the output of top -SH  from a few hours before heavy utilization.  I will post another during peak utilization $ top -SH last pid: 26657;  load averages:  0.06,  0.04,  0.01  up 27+06:26:31    14:14:06 105 processes: 3 running, 85 sleeping, 17 waiting Mem: 434M Active, 36M Inact, 123M Wired, 972K Cache, 46M Buf, 2393M Free Swap: 8192M Total, 8192M Free PID USERNAME PRI NICE  SIZE    RES STATE  C  TIME  WCPU COMMAND   11 root    171 ki31    0K    16K CPU1    1 624.4H 99.37% {idle: cpu1}   11 root    171 ki31    0K    16K RUN    0 616.4H 98.97% {idle: cpu0}   12 root    -68    -    0K  136K WAIT    1 409:29  0.88% {irq257: bce1}   12 root    -68    -    0K  136K WAIT    0 470:10  0.59% {irq256: bce0} 7255 root      56    0 54764K 17504K accept  0  0:04  0.10% php     0 root    -68    0    0K    56K -      1 302:02  0.00% {dummynet}   12 root    -32    -    0K  136K WAIT    0 142:51  0.00% {swi4: clock} 15569 root      44    0  308M  305M bpf    0  76:24  0.00% tcpdump   14 root      44    -    0K    8K -      0  43:31  0.00% yarrow 20782 root      44    0  5116K  3236K select  0  32:01  0.00% openvpn 40867 nobody    44    0  6580K  3764K select  1  27:08  0.00% dnsmasq 15406 root      44    0  4948K  2540K select  1  24:32  0.00% syslogd 37705 root      44    0 62920K 56756K kqread  0  18:44  0.00% lighttpd 15721 root      44    0  3316K  924K piperd  0  12:15  0.00% logger 34014 root      64  20  3316K  1348K select  1  7:58  0.00% apinger     8 root      44    -    0K    8K pftm    0  5:43  0.00% pfpurge 39181 dhcpd    44    0  8436K  5796K select  0  3:57  0.00% dhcpd 17116 root      76  20  3656K  1464K wait    1  2:24  0.00% sh

Not at all, I think it has something to do with the buggy wireless interface (run0). Like i said it was "gone", had to reboot to get it to work again and then captive portal was broken (it showed errors that interface was missing etc) and now I'm unable to start it. It seems one-time interface errors causes it to break completely. How would I go about and fix this? The last time I had to do a complete reinstall :( The packages I'm running are : squid3, vnstat , lightsquid, nmap and mailreport. So nothing out of the ordinary. @cmb: You can just apply the update for the version you're running to replace that. What do you mean by applying a update? for the file?

Thank you very much for your ideas.

Isn't the 'Redirect to original URL' called as javascript? Have you checked the javascript debugging while waiting for the page to load?

Sounds like we need to add some input validation, or a cdata escape. Open a ticket at http://redmine.pfsense.org/

I ended up rebuilding PFSense because no matter what I tried I could not get my browser to my instance.  The connection would simply time out.

if you create a user in "Users" then this user will be saved in a file called "users". pfsense 2.0.x /usr/local/etc/raddb/users pfsense 2.1 /usr/pbi/freeradius-i386/etc/raddb/users /usr/pbi/freeradius-amd64/etc/raddb/users And after adding/deleteing a user the server needs to be restarted to take effect.

Thank you all, I have made a new installation from the scratch, now it works fine  ;)

is there a way that if some people try to use the same voucher code there will be a message that say the voucher is invalid. (because someone is using it) i'm just using local user management. i've already tried to disable concurrent connections but still it got disconnected. should i restart my pfsense box for the settings to take effect?

@luke240778: i see you have done the "Invalid Credentials" just by inserting text, are you also unable to get the Radius Responses by using the "$PORTAL_MESSAGE$" ? No matter what i do i can't get that to work on my custom error page. Try

How about adding some javascript to the auth form so that the password field on not 'empty' to begin with? What I though was, pre-populate the 'password' field with, say, a few spaces so it looks blank, then use a javascript OnClick() or OnSelect() - or whatever it is - function so that if the user selects the field to enter a proper password the spaces are removed. i.e. "username" [ Tab / click ] "password" [ Enter / click ] –->>  "username"/"password" > {radius} "pin" [ Enter / click ] –->> "pin"/"    " > {radius}