Hi Everyone, I have been looking for a custom logout page for 2.2.4 but I could not find one. What I've been using in my setup is this tutorial but it is only usable only for 2.1.5 "https://www.youtube.com/watch?v=xk60lg-9o3A". Can you share some ideas on this? Thank you.

client[10.200.200.50/24]–-pfsense opt1[VLAN131 10.200.200.10/24]–-router LAN [VLAN131 10.200.200.11/24]–-rouer wan All that is on the same subnet.  The only possible way that might work is if pfSense was a transparent bridge and Captive Portal can't work on a transparent bridge. client[10.200.200.50]–-[VLAN131 10.200.200.10/24]opt1 pfSense opt2[VLAN130 10.100.100.10/24]–-router LAN [VLAN130 10.100.100.11/24]–-router wan client has default gateway 10.200.200.10 pfsense has default gateway 10.100.100.11 NAT should be disabled in pfSense router has default gateway of WAN plus a route to 10.200.200.0/24 gateway 10.100.100.10 router must perform NAT for 10.100.100.0/24 and 10.200.200.0/24

I am beginning to thing there is some kind of a db cache file in the PfSense Captive-Portal that is stuck or corrupted or not getting cleared. That's about the last thing I would suspect.  portalauth.log should log something.  You can also run a packet capture on the portal interface and see what's going on.  You can do that from remote if you can get into the pfSense captive portal node in question.  Save the pcap, download it, and pull it into wireshark.

Hi Thanks for your answer. Well PHP is not one of my best sides and therefore I am looking for help here. Maybe a template. I have tried to edit the captiveportal.inc as suggested earlier in the thread but that screws up captive portal totally. We are using 2.1.5 because we did not manage to get squid with SSL proxy to work correctly under 2.2. This works fantastic in 2.1.5 and is one of our most important functions. So the question is still their. Can anybody give us a hint on how this could be done. In the best of worlds we would propose the pfsense team to implement this in the GUI :-) Best regards Toby

Thank you. In my search I could not find this answer.

yea… i dont know what to do now. Because i installed pfsense in pc because mikrotik didn't supported UDP port openvpn, but now i cant limit the bandwidth of hotspot user in pfsense. For sure they don´t and this perhaps for ever, related to the circumstance that OpenVPN is OpenSource Software and mostly if you or another one adopt something from this kind of software you must be serve then this new software to the whole public again! But MikroTik is taking license fees for their software called RouterOS, and so they don´t take all inside of RouterOS, thats the point. If you need a really good VPN server that is accepting nearly all kinds of VPN types you should be having a closer look on this project here, SoftEtherVPN si able to be installed on Linux, Windows, FreeBSD and is really feature rich. Many peoples use it in a DMZ as a VPN server with great efforts on older HP Proliant Micro Servers. I'll probably just flash the mikrotik router with openwrt and run both thing from there. thanks for the reply You could be taking a small MikroTik router behind the pfSense and let the MikroTik do the queuing job for all the user limitings, its not such a big deal or?

Good luck.

@doktornotor: Yeah, stop using the Squid patch.@new_in_pf: when i enable  transparent mode of squid, these empty lines added to file, even i get any permission of capticeportal.inc file but this will continue to add empty lines. Yeah, stop enabling that with CP. https://redmine.pfsense.org/issues/4583 Now with PR to remove the "feature" and hopefully fix the screwed code. https://github.com/pfsense/pfsense-packages/pull/904

Dude, dunno. If you make vouchers with short expiration as said above and add the MAC to passthrough, it's kinda hard to share it later because it's no longer valid.

Could you send me a backup of your impacted config? Not sure what could be happening there but there's clearly something wrong. Can email to cmb at pfsense dot org with a link to this thread.

@doktornotor: Meaning CP in general just miserably FAILS to work with Squid. Plus will itself get screwed by the Squid "integration" patch. Hi Thanks for the information,seems got no solution for this, may be an update in the future  will… Thanks a lot..

n3by is right. Just activate 'Local user' login - don't add any users. This way, users with a MAC on the list have access - others will just hit the portal ….

@uaxero: then you mean, that functionality will no longer be present from the 2.2 release? No, just saying in that context, lan_vip15 is no longer listed because it no longer exists. You get redirected to 127.0.0.1, not the CARP IP, which is always how things worked. There is no need to do anything with the CARP IP there.

Same Problem with me. Anyone got an idea?

I am also getting this problem after changing the hard timeout value from empty to some number. I am using 2.2.3. A temporary fix is to remove the hard timeout value.

Will do that, thank you!