Your WAN is on private IP space, do you have allow Private Net/bogons on the WAN interface? Looking at the radius debugging output would have shown that there was no connection to the radius server.

use the radius to restrict bandwith per user not vouchers.

I solved!!  I unchecked :  Do not use the DNS Forwarder as a DNS server for the firewall -> in System: General Setup. Now DNS lookup in -> Diagnostics  resolve in my FQDN . thanks bye

In 2.0.2 and newer versions that are going to be release the problem has mitigated presented on that paper.

I would say you find a common basis for all clients which use CP. Make sure the network settings of a working client are the same as the settings of a "broken" client Use the same browser or change the browser if it is not working Try the same destination URL and try different URLs to find differences between the URL. If you have one client which gets the CP page, gets correctly redirected after authentication - compare this client with clients which are not working.

Check the docs, i think you will find the answer ;) http://doc.pfsense.org/index.php/Main_Page http://doc.pfsense.org/index.php/Captive_Portal PS: a "forum Search" will help too  ;D

thanks for the reply now i'm enlightened… ^_^

Local user manager/ vouchers is selected. It then is supposed to pull from the user manager where the access code is created and saved.

That is better handled inside your Access Point. Your Access Point may have a way to do authentication via RADIUS or similar (802.1x, WPA2 Enterprise) that would require a password from the AP to associate and get an IP address. Otherwise there is no way to get someone a portal login without an IP address (which you already asked in another thread) and at that point they're already on the local network, but AP isolation can prevent them from reaching other wireless clients.

@nguy5417: However, anyone that connects to my AP can connect to my network resources. Can that be blocked until the user authenticates? You would have to block "local" access in the AP or put the AP on a separate pfSense interface so pfSense can control the traffic from the AP to "local" network.

So I ended up using pfSense 1.2.3… user self registration via the php script above works beautifully. Too bad I couldn't get this working on 2.0. Since deployment I have run into some other issues in pfSense 1.2.3 that 2.0 would fix.

VAP == multiple SSIDs bridged over to multiple VLANs on your APs. Minus that, you have a flat network with all the APs that's behind the pfSense box, either way it will do DHCP, and be the gateway for the wireless network if you need to use CP.

this is what it says in the "After Authentication Redirection URL" option "If you provide a URL here, clients will be redirected to that URL instead of the one they initially tried to access after they've authenticated." So if you try to authenticate using a blank URL, it won't do anything. Just put in a redirect url. Rob

Try to play with "acct_unique" on freeradius2 settings if you use freeradius2 package. Try to use interim-updates

im newbie ..if u have a solution for pfsense 2.0 ..pls let me know. i need it. thanks a lot

Try this: http://jpardobl.wordpress.com/2012/11/28/pfsense-voucher-rest-api/

I will open 1 ticket, thanks Nachtfalke.

Hi, already I think the action for the form is not correct. It should be : action="$PORTAL_ACTION$"