Any suggestions?

@bassmoore: Hi, We have setup a captive portal page but it will only display when you enter a HTTP address. For example the idea is when they connect to a Free Wifi service they open Google Chrome they are met with the Captive Portal Page and then they press continue and they can browse the web. This works but only with HTTP addresses. E.g. when you open Http://www.google.com it shows the captive portal page but when you open https://www.google.com nothing happens! running 2.0.3 no more updates available. Thanks in advance!!! Check enable HTTPS login then https browsing will be redirected also. You need to setup your cert.

Not all were disconnected, there are those that still can and have an internet connection, and there are cannot connect anymore stuck on the captive portal page.

I've found the problem, though not the solution. The tablets are configured to connect to a https site, and CP redirects only access to port 80, not port 443, as mentioned here: http://forum.pfsense.org/index.php?topic=53630.0 For the tabelts that do work, I guess there's some background process that's communicating with a site via port 80, this allows CP to authenticate the MAC, so https access then works as expected.

Don't worry. This is something related to your setup only. Normally, the MAC shows up - I can see them for my clients that are connected to the portal interface. pfSense can show the MAC of the clients IF the client connects to the portal interface NIC. Often, this isn't the case if you put a router between the client and the portal interface. So: don't. Mostly, this is related to an AP that is setup as "AP and router" ….

The allowed IP address requirement only comes into play for basic CP functionality if the DNS server the client is instructed to use is not on the client's local subnet, including the pfSense LAN port/DNS forwarder. You will therefore see many cases where it's not necessary. It, along with allowed hostnames, is also useful in configuring a "walled garden" which allows access to certain web assets without going through the portal first.  It also allows you to use outside assets to make up the portal page itself. Glad it's working.

With VLANs. One VLAN for the first SSID, another VLAN for the second SSID. I doubt Tenda supports VLANs.

Hi, I fillep up those form (only on my slave box) with the ip address of my master pfsense box for example: Shynchronize Voucher Database IP…................................172.16.10.1 Voucher sync port..............................................................8880 Voucher shnc usename.....................................................admin Voucher sync password....................................................xxxxx I also use these details for my CARP setting, but when I did failover test, the voucher list seems to be NOT synchronized. even though the "Voucher Rolls" statistics are the same with master box, but the list it self is not the same. For example, i tested  "dun5smgq59r47" come out as valid in master box, but come out as invalid in slave box Appreciate if anyone can help... Thanks so much! ;D

51492  ??  Is    0:00.00 /usr/local/bin/minicron 240 /var/run/ping_hosts.pid /usr/local/bin/ping_hosts.sh 51866  ??  S      0:03.81 minicron: helper /usr/local/bin/ping_hosts.sh  (minicron) 52202  ??  Is    0:00.00 /usr/local/bin/minicron 3600 /var/run/expire_accounts.pid /etc/rc.expireaccounts 52799  ??  I      0:00.24 minicron: helper /etc/rc.expireaccounts  (minicron) 52866  ??  Is    0:00.00 /usr/local/bin/minicron 86400 /var/run/update_alias_url_data.pid /etc/rc.update_alias_url_data 53096  ??  I      0:00.01 minicron: helper /etc/rc.update_alias_url_data  (minicron) However, on the slave node I have two extra lines: 46536  ??  Is    0:00.00 /usr/local/bin/minicron 60 /var/run/cp_prunedb_cpzone.pid /etc/rc.prunecaptiveportal cpzone 46718  ??  I      0:14.54 minicron: helper /etc/rc.prunecaptiveportal cpzone (minicron) Wonder how they have disappeared from the master node!? As I knew it would happen - clicking Save on Captive Portal settings fixed it… Now I should make another cron job to watch over this minicron job and send alerts if it disappears again.

Hi. @buford: I have tried the solution where i added 127.0.0.1 in the Allow IP Addresses area. But after a system reboot, no change at all. I even tried adding the systems LAN ip in the Allow IP Addresses area, but to no avail. Don't - please undo. When you are authenticated, severing the web works well ? In other works, for you, the user on the PC, you are connected to the net, but the OS on your PC that you are using while surfing states that you are NOT corrected ?! (we all love this OS …..  ;D) Please describe your setup. WAN type and/or IP LAN IP Portal is on LAN (  >:( ) OPT1 (  :D ) etc. and its IP. Portal rules (Portal interface needs a boatload of rule to work well, and at least one 'all pass' rule to make it plain work?

@mangkaw: I cant make captive portal work on pfsense 2.0.1 amd64 Lan - 192.168.10.10 WAN  192.168.10.129 on user - DNS 192.168.10.10 - Gateway 192.168.10.2 Captive portal enabled on Lan Hi there. Dealing out Private Ip's on your local LAN should be done like that. Your are really violating every network rule here. Everyone is on 192.168.10.x - that is not possible. I propose: WAN Static IP : 10.0.0.2/24 - Your gateway in front of it, the modem/router/cable box/adsl/… should have this IP : 10.0.0.1 Your LAN : 192.168.1.1/24 - this will be the IP of the pfSense box on your local LAN (it's the default value). And now, run to the hardware shop, go buy a 4$ network card and slide it in your pfSense box. Give it Static IP 192.168.2.1/24 - this will be interface 'OPT1' - and hook up the portal interface onto it. Always start with easy and known solution before trying impossible - never seen elsewhere - home made - solutions.

I believe this is feature, not a bug :)

This does not really sound like a freeradius2 problem. You can try to run freeradius2 in debug mode to see what is going on and if it takes long to proceed requests. For this stop freeradius service on GUI. Go to pfsense console or SSH and type: radiusd -X Then try to authenticate a user through your CaptivePortal. Yo will see the request and this should be done really fast. Further you should try without accounting enabled and restart freeradius and CP. Then try again. Accounting information will be written to /var/log/radacct/ And the checks for simultaneous use will be done here: /var/log/radutmp So if your HDD is slow or you have to many users then it could be possible that you should connect your freeradius server to an external sql database and do the accounting there.

Hi there. As instructed here: https://doc.pfsense.org/index.php/Copying_Logs_to_a_Remote_Host_with_Syslog supply ipSense with the IP of the PC where your log server is running. In your case, this IP belongs to the Windows PC where http://tftpd32.jounin.net/ is running on. I'm not using tftpd32 myself, but normally it - the tftpd32 log server program - should 'listen' on port 514 UDP (because it's the default value, and if you looked well, pfSense is sending its logs to this IP:port). If things don't seem to work, remember one thing: your Windows PC where tftpd32  is running on probably has a firewall. So, instruct the firewall to accepts UDP trafic from your pfSense box (his IP !) into the log server and you are ok. Btw: this is not a "Captive Portal question", more a General question  :)

try squid3-dev, marcelloc has added a feature for captiveportal authentication with non transparent proxy, whit this feature squid now gets the username from captiveportal and content filtering with captiveportal usernames by squidguard is now possible, the only issue is to force the clientsto use proxy and it can be done by using wpad/pac function my solution is 1-use non-transparent proxy 2-block everything except proxy 3-force clients to use autoproxy via wpad/pac feature or set browsers to use my proxy manually 4-so if a client does not configure his browser to use my proxy or not set it to autodedect the proxy, he can not access internet 5-all the web based software must be configured to use proxy too 6-use squidguard to apply content filtering by captiveportal usernames The one and only problem I am facing is, some java applets(especially games) does not work behind squid, but  it can be solved by adding allow rules for every domain that java wants to connect using firewall rules and aliases, and setting the connection method to "direct connection" in windows java settings and also if you have some php skills, you can modify marcelloc's solution in squid.inc and squid.xml files to be used for transparent proxy too