@sonidoP: Try URL: http://x.x.x.x:8002/index.php?zone=cp_guest (ref: https://forum.pfsense.org/index.php?topic=110073.30 ) with blank page result. Like that ? Your captive zone 'name' in question is really "cp_guest" ? The port used by pfSense is really "8002" (mine is 8003 for https and 8002 for http - you can't chose them, they are assigned by pfSense when creating portals) If "http://x.x.x.x:8002/index.php?zone=cp_guest" doesn't work, you have two possibilities : You portal doesn't work -> make it work first. Visiting "http://x.x.x.x" (your captive portal address) should redirect you to … as said here : https://forum.pfsense.org/index.php?topic=110073.msg679281#msg679281 Check your port number and zone name - it should be EXACT. @sonidoP: There is little documentation of the Pre-authentication procedure in version 2.3.2-RELEASE-p1, Someone could tell me if the process is correct? As said here https://doc.pfsense.org/index.php/Captive_Portal_Pre-authentication_Redirect and as you might guess, this page isn't really maintained, and rather tricky to use.

The file must somehow be listed multiple times in /usr/local/etc/php/extensions.ini

Don't put your wifi users behind routers. Put them behind access points (bridges) so the captive portal sees both the client MAC address and IP address.

@The: Just a quick warning about this… Apple in their wisdom, ..... .... see the "Success" page at Apple. Hummm. I remember. I tried to create a "logout URL", easy to remember for the visitor, so a "popup page" wasn't needed anymore. Juste type something like "logout.my-portal-pfsense.tld" and the user was logged out, no matter what. A very nice solution for those who like to $$ their connection. The "session ID" has to be stored using a Cookie …. or, as you said, Apple lauches a crippled Safari browser that discards all info (among them : Cookies). There is a huge thread somewhere in this part of the forum about this subject.

You would probably be easier creating a system at another host, and using cURL commands to send data? On my firewalls, the captive portal page checks that it can see a second box on the network which is used to host most of the captive portal page, and Syslog-NG for logging. If it can't see this box, it uses cURL to talk to my website, (via https:// and to a password protected area) and set a flag, if the unit is online, offline etc. If it is offline, I get an e-mail, and a button shows on the Captive Portal, saying "We've been automatically informed of the problem, however, to send us an SMS, please click here." if someone clicks on that button, I get an SMS through (using bulksms.com) So, it is definitely possible. What you would probably have to do, is setup a database, setup vouchers in pfSense, import the voucher roll into your database, then when someone sends the number through to you, you can set your system to send an SMS back to their number, taking a voucher code from the roll in your DB.

No need to checkout your pfSense install, you could tead this : The main 'index.php' file that generates the login page (and error page) : https://github.com/pfsense/pfsense/blob/RELENG_2_3_2/src/usr/local/captiveportal/index.php and https://github.com/pfsense/pfsense/blob/RELENG_2_3_2/src/etc/inc/captiveportal.inc captiveportal.inc contains most, if not all the logic.

Thank you.  Great tips.  I ended figuring out my issue.  I accidentally defined my entire network in the Allowed IP list not realizing this is a bypass list.  All is good, portal comes up.

Took the entire idea and moved it over to a posted bounty here: https://forum.pfsense.org/index.php?topic=122701.0 Anyone interested or finding this thread via search, I imagine it'll be more active there

@lupin212: I apologize for my question which is not specific so that you may misunderstand. When I configure pre-authentication redirecting to URL: http://abc.com, this causes problems. When users open the first website with form https, time to direct to portal login website is too long (still can redirect). In case users open the first website in day with form http, it can redirect immediately. How can users open the first website with form https and quickly redirect to portal login? Understand that you see your setup in front of you. I see none. Please: detail …. Also : lately, more questions about "per auth URL" have been posted and from what I can make of it, it's more then tricky to use it. Do you need pre auth ? (why has the visitor visit first page A on server B to auth to the captive portal on page B using server B (B = PfSense)) ? Is your A also pfSense ? If not, did you list the URL or the domain so that a connection to "A" is possible even when NOt auth against portal pfSense ? In that case : did you test that these rules where present ? ( use https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting - and show results here ) The GUI firewall rules permit visiting site "A" (if sdite A is not pfsense). These are only the question I would check if I decided to use pre auth page usage - and because I never used it, is even more questions will pop up ...... So : what about telling us more ?

Thanks. Got thinkgs working. I modified and pasted following.

Add "login.college.com" to the DNS resolver or forwarder so it point to the IP of your captive portal. See here : https://forum.pfsense.org/index.php?topic=63791.0 - read the DNS forwarder point. Edit : tel visitors to http - not https. Normally, you do not need to supply a login URL. Any http://what-ever-here.tld (like http://www.google.com ) will show the captive login  portal page without any user action needed. By nature, laws and other unbreakable rules : "https" will NOT show the portal page …. and people will be unable to login.

What about : debug the "pfSense to Radius" connection both ends ?

@bassc: ….So what do you suggest now my friend? Thx and good work. pfSene is translated in two other languages, one of them is … Turkish. Check out how all the other html pages are generated and you have the solution ;)

Hi Dylan, THANK YOU !!! After days searching on Google, I still couln't figure out what was happening with my "programatically ;)" submit button, then I found this topic ! I have the EXACT SAME issue, what a relief to find someone who could finally solve this. I'm a beginner in html/js and stuff (started only 2 weeks ago) so I just copy/pasted your code which did… ... Nothing :( Then I noticed the last line looked like jQuery stuff (you confirmed this at the beginning of this topic), so I thought it would be a good idea to add this to my code : but it didn't help. Of course I changed PortalAction and RedirURL to my own variables. I also put alert('xxx') right before and right after your code : I can see both but nothing happens. Since I know nothing in jQuery, I don't know if I should add a ; right after the last line of code : $( '#accept' ).click() I tried though, but it didn't change anything neither. Thanks to you I'm really close to the behavior I want to get from my portal page, but maybe I need help from a more experienced person. Could you suggest something obvious I may have missed ? I can post my code if needed, but it's part of a biggest website so it would look a bit weird out of its context). Edit : I changed PortalAction and RedirURL to static urls, didn't help. I also commented this line : //submit_form.display =  'hidden'; Shouldn't I be able to see the form appear on the page then ? I mean, btnSubmit should be visible, right ?

As long as it is not https and it is resolvable in DNS by the client, yes, any hostname will work.

@empbilly: …. How I can check If my certificate is Trust by default? When you obtain a certificate from a Trusted source ( Certificate Authority ) => https://en.wikipedia.org/wiki/Certificate_authority you'll be fine. The tutorial you mentioned showed you how to do it.

Google knows a lot about "Resource interpreted as Stylesheet but transferred with MIME type text/html". It isn't a pfSense or FreeBSD or even nginx or apache2 issue. It happens when …. well .... you'll find it out. I'm also using this : <title>xXx</title> ..... The file "captiveportal-style.css" is the uploaded style.css file. Always worked for me.

Thanks, I have this value set at 10 concurrent logins. Please note: The other pfsense doesn't get these disconnect's in the logs and doesn't get users being disconnected randomly, the same customers on the same physical network (different VLAN) using the same radius server. These disconnects dont' have a reason, all the other disconnect have a reason in the logs. This must be a clue? It seems that users don't get to stay on for more than a week, right now the longest online user is 3 days - there are about 14 test users. Cheers, Tim