I thing have the same problem, try this: @alltime: One thing I might also add, we simply added our DNS server addresses to the Allowed IP list and that resolved our problem. We were experiencing exactly what you are.

@Nachtfalke: Whe you want to connect internet from LAN to WAN then you must do the following: Enable the CaptivePortal on interface LAN (and not the WAN interface). The clients on the LAN network must use the pfsense DNS forwarder als DNS Server or it will NOT work. On LAN interface you must at least allow the port 8000 which is the CP. I enable only on LAN interface, 8000 allowed. This didn't help me. @alltime: One thing I might also add, we simply added our DNS server addresses to the Allowed IP list and that resolved our problem. We were experiencing exactly what you are. Thanks a lot! This helped me!!!! :D Very big thanks. Problem solved.

Hey Des, You are right. I'm using it right now. I don't feel too secure with my Proxy Port (3128) is available to the public (I'm w/ a WiFi deployment.) So I want to block direct connection to it so that the DNS Forwarder service will kick in and land them right to my Captive Portal Auth Page.

restartcaptiveportal(file in phpshellsessions folder) require_once("captiveportal.inc"); captiveportal_configure(); this worked for me with extra log entries but kicked all users out the ssh command is pfSsh.php playback restartcaptiveportal

The OP refers to a situation where the new CP user tries to initally load an https URL (for instance, https://google.com as opposed to http://google.com) You could redirect his initial connection to e.g. https://google.com to your own https server ("impersonating" google.com in order to further redirect him to your CP login page) but unless the user's browser has loaded your CAcert, it would result into various scary-looking warnings by his browser about "problems with the security certificate" recommending to him to close the page.

likely you're breaking DNS by not using the DNS forwarder or permitting the DNS server IPs

You can use aliases.

As far as I know this optin just means which IP address should be sent to your radius server when there are packets coming from CP. http://freeradius.org/rfc/rfc2865.html#NAS-IP-Address

My solution is ; Allow my dns server in the Mac Pass through list. And everything is working now

There are timecounters included into freeradius. The one is the "db.daily", "db.monthly" and so on. This can be used without sql database and is just counting the time the user is connected. Another possibility is to use the same counter module but a sql database to do the counting: http://abechik.wordpress.com/2007/03/15/freeradius-disconnected-user-when-time-limit-exceed/ But it is always for the connected time but not the offline time of the user. Perhaps you can do some tricks on the sql database to solve this.

No bandwidth limits in CP, I will try your tip and let u know, thanks!!!

it isn't html but it might help you out?   if (!empty($_GET['act'])) {     echo "Hello world!"; //Your code here   } else { ?> (.. your html ..)   } ?>

you'll need another machine with mysql p h p & apache  and a radius manager such as daloradius which can generate the prepaid usernames and passwords. with a download and/or upload quota a dd to that pfsense 2.02 which fixes a bug in the captive portal accounting.

The problem is just to put the whole link including http ie: https://www.google.com

Thank you… works fine now  :o @wallabybob: @carcar: Can I have also a GUIDE on how to edit my captiveportal.html file permanently? Always having problem during system reboot, it will revert to its original file. Why can't you use a custom portal page? (See Services -> Captive Portal, on the Captive Portal tab scroll down to Portal Page Contents (near the bottom).)

What brand are your bridge devices? Can you set them up to use WDS or transparent bridge mode?