Perhaps the question is very elaborate, the simple question is: is there anyway to change the Hard Timeout, ie that at any time you can add more time to "hard timeout" per user? thanks

Pass-through users are only found in the ARP table, when they're seen at all. Being passed through means they do not hit the portal at all, so there is no concept of being "logged in".

https://github.com/pfsense/pfsense/blob/master/etc/inc/captiveportal.inc#L277

It syncs the rolls when they are made, and it also syncs the usage when a user logs in and starts using a voucher, iirc. So there wouldn't be a need to periodically resync the whole DB when it happens as they are used.

@wallabybob: In pfSense version 2.1 snapshot builds the User Manager (System -> User Manager in web GUI) allows users to be assigned to groups and there is a group permission for "Login to captive portal". So it would appear you can accomplish what you describe by using "local authentication" in captive portal. I haven't tried this and I haven't checked availability in pfSense 2.0.x builds. I try this method (local authentication) and also Radius server (internal and external), it worked very well BUT there is NO WAY to disable a group of users to access internet at the same time. It appears that it must be done one-by-one, and for my needs it's a mess. I wish to disable/enable internet access to a group of 20/30 users at the same time… It seems no possible with pfsense. [UPDATE]: I realize that this function is added in pfsense v. 2.1 beta. You can choose at group (or user) level if the user/group can authenticate to Captive Portal.

One answer useful for all: in order to have it back, backup configuration, remove everything between the tags named logouttext and restore the file. Ciao

Thanks for pointing me in the right direction.  However my knowledge of this area is not sufficient to be able to work how to do it.  The reason the links mentioned earlier do not work is, apparently, the post was taken down by the user. If anyone has a saved copy of the Tutorial I would appreciate it if they reposted it. Also where does the CP store user credentials? Jodel

@ermal: No one has really pushed this to be implemented and is tedious. Its not supported but if you want to have this done you can go through portal.pfsense.org Could you give me a rough idea how much it would cost to implement functionality like this? (I have no idea whether it is 500€ or 5000€?) I could provide a printer like the SP-300e for free, although it would make much more sense to implement this feature using more open hardware.

The only thing I know is this: http://doc.pfsense.org/index.php/FreeRADIUS_2.x_package#CaptivePortal_Self-Registration:FreeRADIUS.2B_MySQL

@Metu69salemi: they need to be hosted on the cloud because I have several boxes over a large geographic area and need to change those fields periodically. @islandwifibill: great! Thanks! I will try that and come back if I have any issues.

@-mike-: what I'd like to do is remove this speed limit for any files that are already stored within squid. Is this possible? Check ZPH (Zero Penalty Hit) http://wiki.squid-cache.org/Features/QualityOfService

The problem solved.  My fault.  I had set up networking on my client computer to get the IP only from dhcp and I had given it the dns ip specifically to be the ip of the broadband router/modem. Thanks for all the help.  The more I look at pfSense, the better it looks! Jodel

Hi, thank oyu for your feedback. I will of course update to 2.0.3 if it is released. I know that there were many fixes. @dhatz I thought that Hard Timeout is an independent CP feature. Re-authenticate users every minute will spam my RADIUS even if its possible that it will work. What do you think - could Session-Timeout enabled on CP and set on RADIUS solve this problem ? Thanks

for 1:1 NAT configuration I tried to use as a type Internal IP = WAN address, I do not have an alias for this value (only "single host IP" or "WAN address") but I still have the same problem on the server pfSesne backup (GW unreachable "Offline"). It looks like a bug in pfSense synchronization between the primary and backup configuration CARP / VIPs or 1:1 NAT Everything works if I use "NAT Outbound" with: Interface = WAN Protocol = UDP Source Type = Network Source Address = 62.xxx.xxx.96/28 Destination = any Translation = 62.xxx.xxx.100 (CARP WAN) I run other tests

about freeradius you can use freeTDS libraries to connect to ms-sql. you can enable radius accounting to know when users disconnects as well as session informations such as time spent online or data transferred.

The image is being pulled from a host which is accessible from behind the captive portal?  I would double check this.  Also, you might want to tail your web server log file while you load the page and see if you get any error messages associated with the request.

I am querying a mysql server that is NOT running on the pfsense machine.  Pretty straightforward stuff.