@chinraam said in Nginx "404 Not Found" Error after POST action to "$PORTAL_ACTION%2quot;: Can you please guide or let me know how to overcome? I'm not modifying or editing any of the pfSense PHP files. So I have no issues neither errors. I can't do "self registration" as I'm not allowed (and not want to, neither maintain) ask for any private info like phone numbers or email addresses.

@FSC830 hello I'm researching about some like this, exist some github repo? it will be nice because the community can contribute this is grate i will test soon thanks

@Gertjan said in Does anyone know how to get count of logged users in Captive Portal ?: php -q /root/captiveportal_count_online_users.php PERFECT! Tks,

@Gertjan @JonathanLee It has been fixed, found the same issue. https://redmine.pfsense.org/issues/15404

@msalavee said in Ips allowed in Captive Portal pfsense 2.7.2 does not work: 2.6.0 I've been using 2.7.2 for a while and then switched to pfSense Plus, currently 24.03. Did you saw the last post in the thread I've shown ?

@msalavee It's always a language issue ;) See your other post.

After two years of work, I was able to create a captive portal system on IPv6. installation guide on YouTube: https://youtu.be/iNjzQ0beCaA?si=6PNOC3vEFhUfPJe4 Download link for the trial version: https://drive.google.com/file/d/1cbmzbUVbu6Wg_kWNLfXjOb7QZB8LlZFS/view Best regards

@Intone said in Relationship between uploaded HTML and index.php in Captive portal.: the relationship When the device hits the captive portal's web server at @IP-Portal:800x the index.php is used. "index.php" because : see the nginx main configuration file - one for http and one for https. [image: 1726739465297-9c814fc8-8d56-4bad-acdb-fc7a62a19dc5-image.png] If the user isn't already logged in, the index.php doesn't do match and falls trough the index.php up until this point. The function portal_reply_page is called with $type set "login" so the main 'html' login page is sourced (line 1835), this is your uploaded html file, variables are put in place, stuff like #PORTAL_ZONE#, and then the magic happens at line 1868. echo $htmltext; and done. When you hit "Connect", now your 'posting', the same index file is used, and you reach the most common point where user and password entries are tested, and if ok, access is granted. short survey : You can use php in your self made 'html' page. edit : go for the easy mode : create a link text (URL) that links to another web page that you upload into pfSense. You will have to write some back end code (script) to handle the user input. Get a copy of the default build in login page (you can see it here) for an example.

@andreychernik999 Not something you can do on pfSense. And not an issue neither. As soon as devices are connected and authenticated against the captive portal, everything works as if there was no captive portal. So gmail, whatsapp, telegram and everything else just plain works.

I saw your network diagram. Normally, afaik, captive portal users are non-trusted users. Cameras, normally should be made accessible for trusted users. Try this : declare every camera as a host in one of these : [image: 1725218457531-ed7ad9c0-9cb4-4c65-bc6b-dfc9b835370c-image.png] so no portal access rule (and counters) are used to access the cameras ? (I'm not sure but easy to try out )

@dimsum said in How can I get a user sent/received size: idea Like this ?

@Gertjan Yes but it didn't work, the problem was still there

Using SQL and chosing for SQLight ? Didn't know that was possible / was an option. I use FreeRadius, but use a 'SQL' server (MariaDB on my NAS). "SELECT value FROM radcheck WHERE username = '$username' AND attribute = 'Max-Monthly-Data'"); Did you modify the FreeRadius config files manyally so it adds "attribute" in the radcheck table ? I see just this : [image: 1724249247048-2540284a-b474-4dd1-95de-9b8bb8b373c9-image.png] = the user name and password. No other colums. edit : wait : by default, this table is empty as pfSense uses the GUI to create a file ( this file : /usr/local/etc/raddb/mods-config/files/authorize ) that contains the users, passwords and some other stuff. Be ware : FreeRadius can have thousands of options, pfSense uses (enables) just a few of them. The rest is hard coded / not used. @fakearia said in pfSense Captive Portal + FreeRADIUS + SQLite Configuration Issues: Why is this happening, and how can I prevent it? pfSense controls the construction of config files of every and any process on the system. The the core essence of what is pfSense all about. If you want to have your own config files, you should modify the files that create these files (modifying pfSense, itself)

@ricardocasagrande said in Captive Portal + freeradius + LightSquid: so, maybe you have a better solution for my problem. Normally, there is the concept of being responsible for what is done with your Internet connection. So when I set up a captive portal for a hotel somewhere in 2006 using m0n0wall, pfSense was forked from it, I was looking for securing what portal clients could access. Today, I'm using pfBlockerng to block the most obvious host names (DNSBL) and if I suspect something, I can route all portal traffic over a VPN connection. Never had any issues with my ISP, knowing that I know they are looking, as I saw the warnings they send out when they detect something : a couple of my friends / neighbors were 'caught' while streaming and or sharing "Disney content". The real streamer / downloader uses a VPN anyway. Or is just to scared to connect to a network he doesn't know/trust. And, IMHO, all this has nothing to do with pfSense. If you want to use a proxy so you can analyze content, you need to know : What the "Internet" actually is, down to the packet. You need to know how proxies are set up and maintained. You need to have a good list with rules so you can actually detect something. You have to stay on to it permanently, as handling false positives will happen all the time. More and more sites just can't be proxied anyway. I've decided already a long time ago : it's not worth it. I already host my own web servers on my own dedicated Debian 12 dedicated server, a "big iron" device. I'm doing my own DNS domain name zone hosting using bind. When that was running, I've added DNSSEC everywhere, added my own postfix mail server for all my domains, fully compliant with all the modern mail constraints. No GUI what so ever to maintain all this, everything is set up the old way. All this to say : I've started to know what 'Internet' is, and I know also I still don't know enough.

@brunow said in Captive portal is not displayed in Windows 10: Could the request be stopping at the switch? if it has broken ports, or you are using bad (broken) cables, then yes ;) A switch, a non-administered switch, can't block anything. If the switch is manageable, then call the admin of the switch. Let him solve the issue, or fire him. Your image is a physical setup of your network, with some details about how the "Virtual" part is assigned. I've never used the devices you use, except pfSense. So all I can say is "... ok ...." I don't use VLAN at all, as I have to apply the rule "keep it simple" as this implies "nothing to learn". Btw : Why would you keep a Mikrotik in place if you have a pfSense ;) My advise : use a router, and this could be any PC you find out there, add an extra 5 $ network card into it, or better : a quad NIC if you want more interfaces (and wind up with a situation where you don't need VLAN, so one big can of worms less) and you have the perfect setup to test about everything, captive portal included. Later on, with the acquired experience, you can go wild with convoluted setups but I'll bet you'll say : "no-way ..."

Many thanks!

@Gertjan Thanks, man. You really help me

@publictoiletbowl Normally, I would tell you : upgrade, and see what new development offers you. 24.03 is out there for months now, and rock solid. But .... when upgrading, everything goes up, and old stuff 'that used to work just fine' disappears. Old security issues also. Like the openssl libraries and the functionalities it offers. Everybody want 4096 ... no 8192 bits (size !!) RSA encryption these days. Your question is : you want the "10 bit" encryption ... euh, yeah, sorry, that was probably ditched for 'security' reasons. After all, who (go count them) use openssl to make 'voucher' codes, and tries to make them as small as possible ? I don't say it isn't possible anymore, but you have to dive into the open ssl doc to see what is possible. To get the OMG experience, type : opensll help edit : so, for ones : downgrade way back to the version of pfSense that had the possibility to make 'small vouchers'

@Gertjan thanks for reply, it works now [image: 1722931567618-screenshot_20240806_160208_com.android.captiveportallogin.jpg]