Hi, I'm also a newbie here. I already set my captive portal page and it works in a view only. but the problem is I want the page will pop up automatically. thanks

Well, have you checked the source in your navigator ? Btw, what does firebug / inspect element say ? Also, you might check with a .php extension instead of html. At last, maybe add at least the minimum required CP code, for testing purposes. Good luck.

If you insert another device you are going to have another point of failure. I have no idea what to recommend since you haven't really given many details. I see no reason not to have pfSense behind the cisco if you need its portal capabilities. Use the DHCP server on pfSense or the DHCP relay to forward DHCP to the Cisco. I also see no reason not to replace the Cisco with pfSense unless it's terminating T1s or something. Only you know the requirements of your network unless you provide the details of what you are trying to do.

Can you send the configs you made to make this setup work? I've been figuring this setup for weeks now.

Session Time Out, allow the user navigate the time in seconds you entered. For example: a value of 300 would be just 5 minutes after that el CP disconnect the user, with a Session Timeout entry log. Of Course the same user can continue surfing the web, if you configure  the option below (Amount of time). For Example : 60 minutes. So, the user will be hard out disconnected every 5 minutes until he reached the total 60, thats means about 12 times. Greetings!

Thanks everyone. I finally got this to work. I had to make one modification. I had to change "After authentication Redirection URL" from 192.168.100.1/captiveportal-PC.html to 192.168.100.1:8002/captiveportal-PC.html.The URL for the main captive portal page contains the port 8002 and the second page never would come up until I added the port to it. Hope this helps anyone who might run into this issue.

It works!! Somewhat. I get disconnected after 30 minutes and cannot get internet without authenticating with an username and password for another hour which is good. But I have another problem. When pass-through-credits for a user is 1 and I connect to the captive portal network, I get a notification about logging in (usual). But when I tap that, I get no landing page to accept the terms and service and directly get redirected to connectivitycheck.gstatic.com (or something lke that) and I get internet access. I want my guests to accept to my terms first and after that get internet access. Is that possible with this method? Thanks

@jpsolis: Can i set a separate portal on this setup or 192.168.1.1 have portal and 192.168.2.1 don't have portal. this can be possible? Of course. You have at least 3 interfaces : WAN LAN OPT1 On the last two, you can activate a CP. You have to do so for each interface (LAN and OPT1) - just go to  Services => Captive Portal and click on the green "Add" button.

I belive it's not IP range issue because the DHCP range contain more that 200 IP to use and I adjusted the lease time to 1 hour. What are your LAN firewall rules ? I didn't configure any firewall rules on em0 (LAN), only the default rules (Anti-Lockout Rule & Default allow LAN to any rule). What did you removed from default after you installed pfSense ? Nothing! can you use the Captive Portal "as it should be used" : on a dedicated, NOT LAN, but OPTx interface ? is it mandatory to add OPTx interface for Captive Portal ? -pfSEnse runs in a VM ? (and guess what, when it is NOT running in a VM, but running in its own box, the errors disappear ;) ?) Not VM, I installed pfSense directly on PC. Finlay, after along time search in google I found that may be the problem occurred because of network memory buffer, so I am tried to increase the buffer size by adding some buffer tuning settings in "System Tunables" and "loader.conf.local"  , it helps some how as the error didn't occurred again but I got some delay on network. I don't know it's solved permanently or it will occurred again but for 2 days now it's not occurred. before the tuning settings it was occurred one or two times every day

Vouchers are the key to the (your) access to Internet. If someone looses his key, well, this should be his problem, not yours. The "use only ones to gain access" has an nasty side affect. Let say : you hand out vouchers that last 24 hours. The guy logs in, all is well. Then, he goes of site, his IP in the lease table will get removed eventually. Another guy logs in with his voucher, and obtains the IP the first guy was using. Our first guy comes in, and want to connect. Ok, the MAC address is (could be) known, but he will be using another IP => he will NOT having access anymore. A captive portal session is based on : the IP and the MAC address. If the voucher code come in again, and their is still time left, old sessions are removed, as you saw, and a new one is created. Inform your voucher user that he should consider this voucher as a 100 $ paper, a credit card or his house keys. That will do the job. If he calls in and say "I lost it !!" and you have a copy of the voucher code, you can declare it "used". Then you yell at him - sell him a new voucher, or keep him out because he proved he couldn't take care of his stuff (or whatever ;)) The same way : what you are asking for, is that a voucher user can only use his voucher for ONE device - but many users have also a smartphone, an iPad, notepad, whatever. Using a voucher on ONE device will lock the usage to that device, as long as he keeps the same IP (that pfSense gave him). Your question concerns a household-with-kids situation, right ? In this case I can imagine why you asked. Btw : I do think it's possible what you are asking. You will have to change the code (PHP) somewhat.

The way captive portal works in many cases it has to reauthenticate users to make sure their login is still valid. For example, to enforce time or data limits. If you limit a user to one login, this reauthentication fails since they are currently online when the reauth happens. So for one user to connect from one device the limit has to be at least 2. So to allow them to login twice, it would have to be set for 4+. Kind of ugly, though. Using multiple logins so they have one unique login per device is cleaner and more secure.

You can't edit the vouchers and make your own codes. The codes are computed mathematically based on the keys and other info stored in the roll. There isn't a way to change any attributes that are not shown in the GUI already. If you want to allow people to login using a "code" that lets them on indefinitely, create users instead. You can change the usernames to whatever you liked to stop an old "code" from working for new logins.

@Gertjan: @bishoptf: Running 2.2.6 and having issues with …. What about leaving this old version, and upgrade ? I didn't heard about android users complaining that 2.3.2 isn't working well for them. Take note : who remembers issues and bugs present in 2.2.6 ? Yeah understand, it's in the plan and will be taking place hopefully shortly but was hoping to tweak and keep things working.  I finally had to turn the portal off and just leave it running without the TOS, its not working for anything including PC browser.  Source looks correct with a URL in the redirect value but nothing I tried got it working.  It redirects to the portal page and when you select continue it just reloads the portal page and adds your MAC address to the passthrough list but thats about it, each time you do your MAC address gets added to the list. Hopefully I can get it working when I upgrade, I have new hardware so I will be able to test it and make sure its working before going live.

I put together a one-time-password radius server using this: http://motp.sourceforge.net/ Not Google, I know, but as Gertjan says, this takes a bit of coding. Alternately, you might be able to write an interface between your radius server and Google, but the details are up to you to find.

Use some javascript to change it in the HTML on submission, it won't require any changes to pfSense code, just the portal page you upload.

Hi, Without telling more about your setup ? Well …. euh ..... no. When a user logged in, check using this doc page : https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting and double check that you can find the user's IP and MAC in related tables. Is their a reason for the fact your are using an (very) old pfSense version ?? You shouldn't - and if you do, do not ask for help, people that know or knew 2.2.4 upgraded for very logic reasons. No one knows what issued 2.2.4 had back then ....