The problem was the day I did the upgrade I also changed my captive portal page by changing a phone number in the text part.  I did this clicking the link to "View current page".  I changed the number and loaded it back.  The only issue is that when I pulled it from the link the line <form method="post" action="$PORTAL_ACTION$"> was changed to I change it back to and redirurl started working. Thanks for anyone who looked at this.  Hopefully somone else will not fall into the same mistake I did. </form>

ไม่ทราบเหมือนกันครับ กำลังหาข้อมูลอยู่เหมือนกัน

For 2.0.3 features is quite stable. Only some IPv6 related issues are the ones being looked after.

@andymk: @cmb: Yes it does. It does nothing different in that regard. I have to disagree here as i have been using monowall for a long time now and this issue has never happened to us. Then the issue isn't as you've described in the linked URL because m0n0wall doesn't do anything differently than we do in that regard.

I use cron to kick users at just past midnight for our WiFi access (when the pub closes).  I also have a time lock implemented which shows a "Our WiFi is off" message instead of the captive portal once users are kicked. See this post here: http://forum.pfsense.org/index.php/topic,61730.msg333062.html#msg333062 I have posted the code I used to kick users at a set time. In saying this, when I run my script to kick all users, it does kick all users perfectly, and when you look in the captiveportal.db file, it is completely empty, so obviously works.  It does make me wonder if it would be simpler to just open the .db file and delete the contents, or even just delete the file (assuming pfsense will re-create it when required).  Not tried this though, so don't take my work for it!  The script linked to above works perfectly though! you can remove all the echo outputs from the script, and also remove the portion that writes a log file (that was more for me to check it was running through cron).

Did you try using the captive portal function instead of your own callout to arp? In /usr/local/captiveportal/index.php I see: $clientip = $_SERVER['REMOTE_ADDR']; $clientmac = arp_get_mac_by_ip($clientip); That function is in /etc/inc/util.inc.  It does things like try to ping $clientip first to repopulate the arp table if necessary and check the result with is_macaddr().

Cmb thank you for your advise. Actually, i post the question because i wanted to know if the above can be done. Specifically, instead of IP i wanted the user to see a domain name. All of them are connecting with smartphones or tablets by the way. How is that possible?

After digging around, there is post on m0n0wall forum. It seems re-authenticate time interval could be changed in xml config file. http://m0n0.ch/wall/list/showmsg.php?id=312/54 We use FreeRadius and Rodopi billing software. We setup a test gateway and enabled captive portal using PFSense. We did not specify an idle timeout or hard time. We enabled "re-authenticate user every 1 minute". We cannot enable hard timeouts or idle timeouts for fear VOIP customers will get sideways. So our only option is to re-authenticate every 1 minute in order to terminate their service if they fail to pay their subscription. Since the billing system only runs once per day to cut off users (essentially just makes them absent in the RADIUS users file), is there a way to change this 1 minute to 1 hour or 1 day? If so, would I be making resource problems worse by forcing the gateway to track things longer? Yes, its a hidden option in the configuration (meaning you should backup your config, manually adapt it and restore the adapted config) <captiveportal><croninterval>secondsblah</croninterval> othercaptiveportalblah</captiveportal>

I have a new information: I found on radius server the logs about the autentication requests, and they seem all accept; Is it possible activate a debug log on pfsense cp? thank you Paolo

Actually the only thing that i had to change in order everything to work was to change my (&^%$&^%$#) ethernet cross cable. Now everything work. Thank you everybody for your answers.

I just reported the same problem here http://forum.pfsense.org/index.php/topic,62465.0.html with a possible fix. Lets hop :)

Thanks

@sheepthief: Success! 1. Initial problems were down to me having the login page as a sub-subdomain of the wildcard domain. 2. The more interesting problem I encountered after fixing item 1, was that at the login page Opera and Safari threw up certificate warnings, whereas Firefox and IE didn't. ;) than its fine. => yes, thats a problem. I don't know if an "official" certificate registrar ever offers such multilevel wildcard domains (ok, CaCert.org would but that registrar ist maximum only implemented in Firefox as I know) for complete "documentation": that is the CRL URL defined in certificates.   For instance Google:       URI: http://www.gstatic.com/GoogleInternetAuthority/GoogleInternetAuthority.crl mmh, when I tried to get cert and ospf uri per request: $ echo -n | openssl s_client -connect www.google.com:443 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -noout -subject -issuer -ocspid -ocsp_uri subject= /C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com issuer= /C=US/O=Google Inc/CN=Google Internet Authority there is no URL ^^… seems that OCSP ist an additionional CRL to make it more "secure" (looking ^^). ok, other site as example... here it works: $ echo -n | openssl s_client -connect www.amazon.de:443 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -noout -subject -issuer -ocspid -ocsp_uri subject= /C=US/ST=Washington/L=Seattle/O=Amazon.com Inc./CN=www.amazon.de issuer= /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa 10/CN=VeriSign Class 3 Secure Server CA - G3 http://ocsp.verisign.com ok, Verisign, you pay much more than at other registrars… so you also should got more out ;) CRL than this way: $ echo -n | openssl s_client -connect www.google.com:443 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -noout -text | grep -i crl             X509v3 CRL Distribution Points:                 URI:http://www.gstatic.com/GoogleInternetAuthority/GoogleInternetAuthority.crl