What reports cannot access no dns? I can think of many more interesting things to do than meddle with pfSense pages trying to make one report cannot access no dns Sorry, I don't understand the following and have no idea what "it" refers to. @dy6amj: what i want to do is there should be a captive portal so that it cannot get access thru the wan Firewall rules would normally be used to prevent access to the WAN. Maybe another reader can figure this out.

I don't think captive portal is quite the right tool to do this. How about using outbound NAT on the wireless client interface to redirect any outgoing port 80 connect to the IP address of the wireless client interface? I don't know enough about outbound NAT to know if its possible to redirect to the "local interface IP address" but if it isn't, it should be possible to redirect to one of the allowed external servers (which presumably are under control of the same organisation) which then issues a http redirect back to the local server. I have not ever configured squid but I see it is described as having the capability of rewriting URLs. Perhaps it could be configured to not cache and to rewrite URLs to the local server if they don't reference the local server or one of the allowed external servers. There is a pfSense vHosts package which extends the inbuilt web server. The fairly limited RAM on an Alix might make it unsuitable to be running packages like squid and vHosts. (My home pfSense runs fine with 256MB but I run a small number of small packages, certainly nothing large enough to force my system to swap.)

I have used them as both routers and AP's. I used them for radius auth for AP's. Mikrotik is a very stable product and has been used to provide wireless to entire cities.  A lot of wisp use mikrotik. Mikrotik has many features and in some ways I prefer over pfSense especially as an AP or WDS/mesh.  It can do both gui and command line like cisco which some like as all configuration can be done via ssh. I went back to pfsense for 2 reasons.  1.  Captive portal/radius improved in 2.0 2. I am very familiar with configuring pfsense and mikrotik required too much time for me to learn.  Also no paid support for mikrotik though many 3rd party engineers can support for $65/hr. If I were to deploy a very large infrastructure ..ie 25 to 50 AP's or larger I would go with mikrotik…  Cost wise it is also less expensive as it is primarily used by WISP's..... I would definitely recommend buying a level 4 mikrotik router and playing with it.  The experience was worth it as I now have a better solution for wireless which feature wise is on par with cisco for the price of a linksys/netgear device from a retail store!

I dont know about using the FreeRADIUS package if that is what you are thinking.. but all this is possible with an actual external FreeRADIUS server.  I do basically all of this already with FreeRADIUS with MySQL backend, and daloRADIUS for web management

I use Ruckus equipment, and highly recommend it.  Very simple to setup and install, cheap enough also.

@Metu69salemi: If you have wireless users, then that repeated mac-address could be access point. because there are quite a few ip-addresses behind it I have wireless users, but all the access points are config in bridge, so pfsense always see the real MAC of client.

pfsense adds a "captiveportal-" prefix to all files uploaded, so ensure you're referencing the correct new filename of the image file in your html form.

Hi, i just solved this issue. As it turned out, it was the switch, that was dropping some of vlan tagged packets when set in non-vlan mode. When i set it to vlan aware mode, all started to work.

Is the dhcp server for network interface in which you have enabled captive portal using the same interface IP as the DNS?  Not setting this up properly will cause this.  Ahem… First hand experience....

I had this problem until i changed the dns address in dhcp ( for the same interface) to the local interface in which captive portal was on.

@sekutt: Hi zcache, the files posted are not working … can u repost it again . Thanks post remove to http://forum.pfsense.org/index.php/topic,41845.0.html

I'm not seeing that error on my setup, but I don't have CARP setup at all.  In fact, I don't see any logs related to the captive portal sync being successful or not on the master.  The slave logs the message posted in my original post.

System -> User Manager -> Users

Awsome page.  ;D ;D ;D Is there any way to make the staff login default rather than the voucher?

@wallabybob: @dhatz: pfSense's CP "Allowed IP Addresses" feature will work with most websites, but it probably won't work very well with google.com (which the original poster asked for) due to Google NS constantly changing the IPs to which the www.google.com resolves. Fair enough, but I suspect Google won't be issuing new Captive Portal voucher codes for a (private?) captive portal. LOL, true, however I mentioned it because the issue of constantly changing IPs comes up with other Google websites, like Google Analytics, which people might want to use in a CP context.

@daveg: @ermal: The book is for 1.2.3 and there is no book for 2.0. Please do not hijack threads and if you are not willing to give information in order to get help back do not post at all. Just go and use you Juniper for the matter! I'm sorry your highness, I see its your time of the month & as you know the manual is not free. As a sysadmin I use lots of firewalls not limited to pfsense but if you could teach us (by that I mean the community) how we can setup captive portal over a bridge connection then I'll take my hat off to you sir. Obviously you're a smart guy because you answer lots of questions but putting other helpful people down wastes everyone's time. If you don't understand what a bridge connection is, or what captive portal is then please keep quiet. Your choice not mine since i have already done the choice!

Please do not hijack threads or you will get administrative provisions.

@Metu69salemi: Haven't done by myself so i can't answer Captive Portal does not work in transparent mode (layer2 bridge), you have to setup pfsense as a gateway & use pfsense DNS forwarding for Captive Portal to work. ~ Dave ~