Hi, thank you for this answere. Yes, I want just one "random" password every 24h. Every user will use the same username and password. The password should not be really random at all. Maybe something calculated out of the date. So I don't need the mailing capatabilities. Vouchers for 24h won't be a good solution for my purpose. It's for an exhibition, where users can access the internet over a captive portal only for the current day. And yes 'php' is difficult for me :(

Thanks for the answere. I've found an easy way to do this: I've added target="_blank" to the form-tag.

I'm just saying that whatever problems you're having, 2.0-RC3 is pretty much ancient.  Lots and lots of captive portal patches since then.

2.0.3-RELEASE (i386) built on Fri Apr 12 10:22:21 EDT 2013 FreeBSD 8.1-RELEASE-p13

Well, you nailed it. A couple of billion things are missing in pfSEnse - this one of them ! So, the "function" or "Environmental variable" that's initialized with the current online users doesn't exist. You have to make it yourself  ;) So, go grab a kid from the street and ask him to write a couple of PHP lines. Note that he isn't gona think a lot. He will 'borrow' some code from the gadget named "Captive Portal Status" and count the number of lines that that gadget will show. He will insert (include) the code in the portal page script. Done  ;D You didn't say anything about the version of pfSEnse you use, so I presume 2.0.3.

I have to ask to my boss..those changes are for our internal network. Anyway the main idea is to redirect the user to an external php page (idp) where he can authenticate. If the auth is ok the user gets back to the CP with a gpg signed message from idp. the CP checks the gpg sign and allows the user to login. I will publish more details if allowed.

Set the authentication to "No authentication" and upload CP HTML that doesn't include any fields but contains the appropriate form submit button somewhere. (You can test with the stock HTML.  When "No authentication" is selected, the fields are ignored.) You also have to make sure your CP hard timeout is shorter than your DHCP lease time and your DHCP pool is large enough to handle peaks. I believe you should be able to use the Pre-authentication redirect URL to redirect to your external web server and have that page include the proper Submit to the captive portal but I don't know why you'd do that.  I'd just have pfSense do the portal page.  You can host/link to heavy content outside if you have the proper Allowed IP Address/Hostname entries.

I just upgraded to 2.1. so on 2.0 ipfw tables were used as follows: Table 1 authenticated/allowed clients (IN) Table 2 authenticated/allowed clients (OUT) Table 3 allowed ‘from’ IPs without bw limits (IN) Table 4 allowed ‘from’ IPs without bw limits (OUT) Table 5 allowed ‘from’ IPs with bw limits (IN) Table 6 allowed ‘from’ IPs with bw limits (OUT) Table 7 allowed ‘to’ IPs without bw limits (IN) Table 8 allowed ‘to’ IPs without bw limits (OUT) Table 9 allowed ‘to’ IPs with bw limits (IN) Table 10 allowed ‘to’ IPs with bw limits (OUT) now on 2.1 : Table 1 authenticated/allowed clients (IN) Table 2 authenticated/allowed clients (OUT) Table 3 allowed IPs (IN) Table 4 allowed IPs (OUT) is it correct ? thanks.

Same problem here with: 2.1-RELEASE  (i386) built on Wed Sep 11 18:16:50 EDT 2013 FreeBSD 8.3-RELEASE-p11 Takes 20 sec. - If I use a manual "post-auth" page - then it jumps to it right away.

A reinstall solved whatever problem was there, thanks anyway

Here ist the ZIP file with all images for my proposal. Please remove the .txt captiveportal-images.zip.txt

Did you check https://redmine.pfsense.org/ for an open ticket which addresses that and if not - open a ticket? But probably the developers are now focused on pfsense 2.1

No, sorry. Once again, captive portals are broken by design as you've observed. And no, pfsense will not force any OS to launch a browser.

ok :) the problem is that I don't how to program it. Which language? bash? another way…is it possibile to open the users db and insert it directly? it should be more simple if possible.

Just to follow up, it was not the captive portal blocking webmail but the hosting company blocking traffic from the IP attached to the pfsense machine. Weird. They claimed too many unsuccessful login attempts to an email account.

Check the system, dhcp, and portal auth logs to see if there are any messages/errors at the time of the redirect. Sometimes that can happen if you have the portal's hard timeout set longer than the DHCP lease time and it can't properly re-use the sessions.

You should not just "view source" of the portal page, edit it, and then upload it. In doing so, the page loses some important internal macros. You should edit the original modified source, or attempt to "fix" the tags that were lost. See the sample code for a default portal page to see what those are, things like <form method="post" action="$PORTAL_ACTION$"> and and other such things that may have been used.</form>

@ermal: It is better to use the php commands to do the disable rather than the not correct shell commands provided here. Take a look at what happens when you click enable/disable button on the CP configuration page. Another easy way to do it would be tojust leave captive portal running and insert/remove a rule (using the IPFW command) to skip the portal rules.