@nothing: Just add your DNS servers to "allowed ip addresses" in captive settings. I can confirm that this is probably the problem. /erik

No worries, sorry my explanations might not have been the clearest. Glad you got it working. Send me a pm if you have any problems, just starting to learn server 2012 myself for work.

Maybe you are using external DNS, which you should add to "Allowed IP addresses" in Captive settings? Try browsing any IP address instead of hostname - 1.1.1.1 for example.

You have to change the ipfw fwd line as it was back in 2.0 or 1.2.x days to redirect everything.

H'm, still having troubles understanding the problem. Let me get this straight: You connect yourself with a PC to repeater1 - you use the voucher and it works. Now, you move on to the next repeater, call it repeater2, and you have to re-authenticate again, with a new voucher. Is that right ? Can you tell me what your IP was when you connected yourself to the portal when you were using repeater1 ? What is your IP when you use repeater2 ? Btw: normally, to make things simple to work with, you have some work to do. Behind the Portal-interface-NIC, you hook up a switch. On this switch, you hook up - by cable - all your wifi access points, and theses boxes should work in AP (Access Point) mode. These AP's should have their DHCP server function shut down. Never use the WAN ether net port on these devices (if one is present). I have many 'DD-WRT' on WRT54GL working like this for the last 10 years. Using repeater might change the IP …. this messes up the portal authentication. Using repeater might change the the MAC .... this messes up the portal authentication. "Repeaters" are nice boxes, but you only use one if nothing else is possible. You only move the 'cable' problem to a 'logical network' problem. Btw: I had some good experiences with AP-boxes using "WDS" mode.

You already have your keyword - and you already know the way it works  ;) gmail The authentication process is a two-phase procedure. FIRST: When hitting the the portal autnetification page, the client should enter 2 credentials. The client should enter a gmail adress and an 'unkown' password. Of course, the client doesn't know this password. To retrieve this password, the user should enter his gmail mail account address. [[b]Hey, this procedure is being used by every site on the Internet !!!! - You saw it before - you used it before - it's always the SAME procedure] The portal code should send a mail to the visitors gmail mail address with the secret, randomly generated password. The client should login to the gmail's WEB mail interface to grab the 'challenge' mail - find the secret random. SECOND: Back on the portal interface, the visitor has the password, he can login. Note: All IP's from Google that are used to access the GMAIL web mail account servers should be listed as 'Allowed IP adress' on the portal service page. Maybe POP/IMAP accss should be handled as well, a part of the planet nevers uses web mails, they use mail-client software like Thunderbird, Outlook, etc. Access to SSL (https) pages can be problematic when you aren't yet authenticated with the portal. This is a pure PHP coding exercise. I advise you to create a mail adress (your-portal@gmail.com) that can be used by your own portal code so it can safely send maisl to other gmail accounts. BTW: this is just an idea, not a solution. I didn't Google anything up - just used my memory.

I figured out this is part of the Radius SQL on my Radius server and not part of pfSense. If anyone is interested… The dialup.conf file in /etc/raddb/sql/mysql/dialup.conf has an entry for Authentication Logging options and this entry for the INSERT stmt was incorrect. mike

Hello All, Sorry for replying to my own post again. I did try setting up my captive portal per the link I have in  post number two of this thread,and still cannot get captive portal to work with static routes. After some more searching it appears that my problem,is what is posted in this link.Bottom line the captive portal takes your to pfSense (ipaddress) rather that pfSense(hostname) http://forum.pfsense.org/index.php?topic=43089.0 I am not sure what I am wanting to do,,is possible with load balancing,failover, transparent proxy?,,, Thank You, Barry

jimp, Thank You..! I will give this a try in the morning when no one is here. Makes perfect sense. It goes without saying I have never set up captive portal,period. Take Care, Barry

The PHP only configures the underlying system. dhcpd is the DHCP server.