You would need to setup pfsense with a wan and a lan then setup captive portal accounts. After that you would assign captive portal to the LAN interface. On your original issue with getting your PBX to work behind pfSense. I am the developer of the FreeSWITCH package for pfSense and before that I used Asterisk behind pfSense. To get a PBX to work behind pfSense you can need to setup Advanced outbound NAT at Firewall -> NAT -> Advanced Outbound NAT and set it to 'static'. For best result use pfSense 1.2.3 RC1 which has a change in it to maintain UDP connections alive. Another change that is needed is to setup System -> Advanced -> Firewall Optimization -> Conservative. If the phone system is behind NAT then you need to make NAT Port Forward entries for SIP and RTP. Then make sure the Rules are setup correctly most likely this would be created when you create the NAT Port Forward entries.

There is a failure in DD-WRT not PFSENSE. I solved this for the moment by allowing AP9 mac in CP. The problem is that everybody can now get in that way.

OK I found the problem. When you activate the captive portal it's impossible to join the CARP IP address of the interface where the captive portail activated. Just go in the menu: Services/Captive Portl /  Allowed IP addresses and add rules "direction" => To and put the CARP IP Address, in my case .85  And thats all good (very usefull for DNS reolution, you can now put .85 for the DNS in DHCP configuration, and the SSL for the captive portal working on the virtual IP address.)

You probably want to ask that question in the Captive Portal forum, rather than the General one (after you've searched).

Please do not post the same question multiple times. No this is not possible. But even if it where possible. Beginning by having multiple subnets on the same physical layer. This is bad practice. Someone could assign himself directly an IP and have access to everything (in his subnet). Also its not good for your security to identify users based on MAC. Do you know how easy it is to sniff some traffic on a network and fake one of the "authenticated" MACs? Maybe if you could elaborate on what you're trying to do in the end someone could provide a better solution.

Just wanna ask a question; I have a similer problem but the situation is something like this: I have fixed computer's that are on the pass through macs list of the CP Those computer's are also on the static pool of the DHCP Firewall rules do apply to THOSE machines. But when I try to connect with a dinamic client, only the firewall rules apply which I set before turning CP on. (80 443 and msn live login port) They can't use the webcam on msn nor play WOW. The symptoms are, New rules (which works for ONLY static's) defined after CP turning on. Old rules works for auth'ing clients, but not the New ones. Any idea's?

Nevermind, I found it out by myself. For those who are intrested in the solution: Log in to pfSense and go to Diagnostics -> Edit File. Edit the following file: /usr/local/captiveportal/index.php To use one of the POST value's you can alter the var called $my_redirecturl. Since I dont want to send the username in plain text I've put md5 encryption around it. Snippet: $my_redirurl .= "&id=" . md5($_POST['auth_user']);

Thanks for the answer by the way  :) So can you tell me how did you achieved that goal? I do have an external MySQL DB Server so all I need is Chillispot. But I need guidance  :(

It is definitely what I'm looking for. I'll write down a post as a feature request, with some details of our shared "wish" :D

DestekTeknik, sorry to tell for pfsense, but the solution I found and I'm going to test is to use another appliance I found in the internet. Following the URL: http://www.zeroshell.net/

I made the assumption that the backup and restore of the config would take care of that. The 80/20 rule turned out to be true. I just got the version that was working, reloaded from scratch setting up the base config, and then imported that back in, and that worked perfectly. When I get some time, I will try the rebuild manually from scratch again and test it.

ok thank u all and i happy for all ur help

I'm late answering, sorry :-) I tried to add some code to my captured html page, called index.html, but it didn't work. Have you any example of an html file I could use as example ?

Hello, @yanosz: we've some trouble configuring captive portal on 1.2.2. While some features work, some doesn't: Accessing the portal on 8000/tcp? - works. Non-Whitelisted hosts are blocked? - works. Whitelisted hosts are not blocked? - works. Portal page is shown, if not-authorized hosts try to access web pages by http? - doesn't work Actually, it seems there is a bug in the configuration code and / or firewall code. After removing some firewall rules ( "pass"-definitions only - sounds strange) and after switching the interface from wlan to lan and back, everything is running fine… Keep smiling yanosz

@GruensFroeschli: They probably have a popup-blocker running. I don't think that's it as the CP doesn't use a pop-up AFAIK, plus I use a popup stopper and it works for me. Thanks though. @Still: Did you add your internal/ISP DNS servers IPs to the captive portal "Allowed IP addresses" list? It happens when a client request an internet page and can't DNS resolve it, the CP loginpage won't show up. I did not add them, but i'm going to right now, not sure when the next time I can test the theory out is as i'm not sure when Canada Revenue will be back but i'll backup and remove all the Pass-through MACs and i'll find out eventually if it works and let you know. Thanks for the tip, hopefully it solves the problem.

Hi, ive tinkered with this some more and it appears it does work after all though so far ive only managed to get back a message when the radius server was down. Are there any plans to extend the range of messages? It would be nice for instance to know why the login failed, ie bad credentials, expired account or to many simultaneous logins for exmple. Regards Nick