The Mod_evasive issue is fixed with 2.0.3, that seems to have solved many of the CP problems we were having, in combination with the DHCP timeout changes suggested.  I haven't had a CP issue for several weeks now. Thanks Josh

I see we have different versions and configs. I am running pfSense 2.1-BETA1 snapshot - this has the CP "zone" feature. Also, I have authentication set to "Local User Manager / Vouchers". Thank you for showing your working config of radius authentication. I have radius package installed and so will set it up the same and see the result.

That is sent to the captive portal auth log, so if you setup a syslog server to keep those records as long as the law requires, it should suffice. Though tying a user's external traffic to their internal IP is tougher, for that you may need to setup and keep netflow records for the same time period.

in Captive Portal, you should check "Disable concurrent logins"… when you checked this option, if a user named "frank" logins at his pc, after that if the same user logins at a different pc, earlier session automaticallu closed, and the last session will be current. this means that, somebody can login only once at the same time by using the same username... But if you want that a user can login at maximum 4 pc by using the same username, then in freeradius you should use Simultaneous-Use attribute… @tripplex: how can i change the number of users that can be logged in the captive portal to use the internet.  right now i has no limit so for example if  i create a user acoount= frank: frank can only be logged in once if anyone tries to use his credential it will give them an error message stating that frank already logged in please use a different username and password. something like that somone please help me  :( :( :(

I have been using pfSense 2.0.3 and in this version there are no zones. in /var/etc, lighty-Captiveportal.conf file exists. but as far as I know, captiveportal automatically creates lighty-CaptivePortal.conf file according to the settings on captiveportal.inc and system.inc… The settings about auto-creation of lighty-Captiveportal.conf file, exist in system.inc file for that reason I added the evasive.silent="enabled" line to the system.inc file....bu it didn't work and didn't recognize the evasive.silent @clart: try putting it at end of file in; /var/etc/lighty-ZONENAME-CaptivePortal.conf where ZONENAME is the name of CP zone to apply to.

can anyone help me i want to limit the amount of user that can be logged in the captive portal at a time

doesnt work for me too i saw this post before I post :)

@marcelloc: The steps are: enable captive portal enable squid3 select patch captive portal on squid and save config got to captive portal gui and save config again This way, captive portal rules will forward squid connections to captive portal page if not authenticated. It works great with or without squid transparent proxy enabled including bandwidth restriction! This not working on latest 2.1 snapshot, should it be? I am accessing here (un-authenticated) bypassing the CP using the proxy IP and port setup in firefox

I think I've more or less figured things out for myself.  I would appreciate any input if there's a better or easier way to do this. I started with a fresh install of pfSense.  I disabled all packet filtering because I don't want it doing any of that.  I setup the captive portal following Nexudus's instructions to work with their system.  I bridged the WAN and LAN ports.  I then assigned the bridge to its own interface and assigned it an IP address.  Then, on the client machine, I made the bridge IP address the default gateway. That seems to do the trick. When I try to browse the Internet I get stopped by the capture portal.  I can authenticate, then I'm online just like I'm supposed to be. Now I just have to get this configured to work with the Watchguard.  I've got to figure out how to block Internet access that isn't filtered through the capture portal because someone out there will be clever enough to manually set their default gateway to bypass the pfSense box. If there's a better approach to all of this please let me know, but I think this will work.

thanks a lot.. it will force me to define 60-70 ip addresses (voip, card reading terminals, ip telephones, ip fax devices) in Allowed IP addresses… Thank you again for your help.. @Nachtfalke: If you add the hosts to "Allowed IP addresses" or "MAC bypass" then this host will bypass CP and does not need  to authenticate. The rest depends again on your firewall rules. "Allowed IP addresses" can be defines in source or destination.

I reported the same allready in thread http://forum.pfsense.org/index.php/topic,60860.0.html and also in an older one with 2.0.2. The last activity date/time isn't updated (sometime for days). I attached a picture from today. I tried 2.0.3 beta versions and the current official final relase of 2.0.3. It isn't working. For emergency case I modified captiveportal.inc file to log wrong timeout times and I only accept timeouts if last activity is newer then login date. ??? Please fix this release. I hesitate to switch to 2.1 directly. Probably I would be better to do so.  

It's the same. You can't redirect HTTPS.

Found this: http://forum.pfsense.org/index.php/topic,34354.msg178417.html#msg178417

I solved my own problem by using the HTTPS name method mentioned in this post: http://forum.pfsense.org/index.php/topic,53846.0.html

I have seen in other captive portals where the word "logout" is typed in browser address bar. This is much simpler  solution, but how to implement it? It needs some intercept/analysis of http request for word "logout" and then redirect to the logout URL. Maybe this could be put in captive portal code or squid proxy config or where? Also, would be useful to type "status" into address bar and get page back showing time remaining, etc.

As far as I know, the config.xml file is the place where the pass-through's are generated from to create the firewall rules and I dont think this is written to a flat file, though I could be wrong. You could try updating the config.xml and see if that works.

http://forum.pfsense.org/index.php/topic,60658.0.html

Ive since upgraded to 2.1 and it seems the config has migrated the error with it, in the end I had to edit my config and remove any reference to "vouchers", (even tho voucher support was disabled) restored the edited config, reboot and everything fine since then.