Sounds like we need to add some input validation, or a cdata escape. Open a ticket at http://redmine.pfsense.org/

I ended up rebuilding PFSense because no matter what I tried I could not get my browser to my instance.  The connection would simply time out.

if you create a user in "Users" then this user will be saved in a file called "users". pfsense 2.0.x /usr/local/etc/raddb/users pfsense 2.1 /usr/pbi/freeradius-i386/etc/raddb/users /usr/pbi/freeradius-amd64/etc/raddb/users And after adding/deleteing a user the server needs to be restarted to take effect.

Thank you all, I have made a new installation from the scratch, now it works fine  ;)

is there a way that if some people try to use the same voucher code there will be a message that say the voucher is invalid. (because someone is using it) i'm just using local user management. i've already tried to disable concurrent connections but still it got disconnected. should i restart my pfsense box for the settings to take effect?

@luke240778: i see you have done the "Invalid Credentials" just by inserting text, are you also unable to get the Radius Responses by using the "$PORTAL_MESSAGE$" ? No matter what i do i can't get that to work on my custom error page. Try

How about adding some javascript to the auth form so that the password field on not 'empty' to begin with? What I though was, pre-populate the 'password' field with, say, a few spaces so it looks blank, then use a javascript OnClick() or OnSelect() - or whatever it is - function so that if the user selects the field to enter a proper password the spaces are removed. i.e. "username" [ Tab / click ] "password" [ Enter / click ] –->>  "username"/"password" > {radius} "pin" [ Enter / click ] –->> "pin"/"    " > {radius}

It worked!  ;D Thanks for all your help!

@Alan87i: Just don't set user bandwidth daily/weekly/monthly. As of yet PF doesn't send the traffic data correctly. 50Mb could be counted as over 200 MB. BAndwidthD seems to be just as bad off. But using freeradius2 to limit speed works fine right now. Please don't mix up different things. The fact you are talking about is limit the amount of traffic. You want to stop access after a user downloaded 500MB. This is not related to that topic! What he is talking about is bandwidth limitation. He wants that a user is always having 2MBit/s download and 1MBit/s upload but another user should have different limitations!

Perfect.  Thanks alot.

Usually there you do proxy authentication schemes. But currently there is no possibility to do that with CP.

Main Server(2008r2 enterprise w/ Radius via NPS) -192.168.2.254 on subnet 192.168.2.0/24 Virtualbox PfSense(located on Main Server) LAN 192.168.1.1 and WAN dhcp(reserved at 192.168.2.109) Gateway is 192.168.2.1 on /24 subnet The radius is on the Main Server supplied by RRAS Radius. Clients are setup with friendly names that point to each device and access is supplied via a unencrypted channel.

@maikc12335: friends I am new to the forum I have a problem with the authentication of my site I tell you exit the portal nowhere and I followed the tutorials and guides nothing helps this is my mail blabla. That an easy one. The answer starts here : http://forum.pfsense.org/index.php/topic,50246.msg269884.html#msg269884 - last message.

I messed with it on 2.1 beta and noticed the same thing. I'm using radius2 as well , I had to re save CP and radius users to get things working again with the redirect url blank.

@krankykoder: How about squid & squidguard? EDIT: Or… don't use captive portal. If you're taking the time to add the mac id's into captive portal, you my as well tick the box on your DHCP server to deny unknown clients. can squid and squid guard monitor users' usages? if yes then please guide me to any guide / book related to how i can activate them. secondly, i have different bandwidth rate limits on different users, so i have to use Pass through mac option to set their rate limits, if you got any other idea to limit speeds then share it :)

@wallabybob: Since you didn't say what you tried and how it failed to work for you it isnot possible to say if it didn't work for you because you didn't quite do things properly. For example, it is easy to forget to reset firewall states after tweaking firewall rules. Perhaps a scheduled firewall rule (allow access to site aaa from 4pm to 5pm Mon-Fri) followed by a rule (block access to site aaa) would do something like what you want. I described what I am after in the first post.  A scheduled firewall rule doesn't meet my needs but thanks for your input.  In short, I am after a function that will allow me to limit elapsed time a user can spend on a couple of specific websites (time quota if you will).  If CP could be enforced to do this on only certain URL's that would meet my needs.  I don't want to punish the whole family with having to login into CP just because I want to setup elapsed time quotas against certain URL's.

Thanks for the report. Glad you have it working.

@mamaeggplant: I am having this exact issue. I tested the new pages on a VM and it all worked fine, but when I put the pages on the firewall, the captive portal login will not work. PortalAuth log shows no logins. Please start a new thread, don't hijack someone else's. Post the contents of your portal page there.