@Gertjan nice write up..

@Jozy you could always just have the wlc do the captive portal as well, the one reason I could see having pfsense doing it is if you also had wired devices on this same network that you wanted to have to use the captive portal as well.

Personally I have little use for captive portal.. For my guests that want to use my guest wifi network I just hand them a card with a qr code on it to get them on the network.. They would hate how long and complex the psk is to type in ;) hehehe

They really only make sense when you need to time limit someones access, or have them pay for access, or can not in anyway just let them know the psk, etc. There are plenty of use cases where it makes sense, but in a home or smb sort of setup not really.

@Gertjan

@Gertjan said in Captive Portal not working on iOS devices only (DHCP 114):

Normally, a DHCP server (ISC, Kea, whatever) offers DHCP options, and adding custom option isn't a ISC only thing. Kea supports them just fine.

Yes, but as testing the patch demonstrated, Kea is very fussy about if the option is custom or built in. Enabling DHCP 114 as a custom option under Kea in the patch (https://redmine.pfsense.org/issues/15321) crashes Kea. It is essential you use the built in label for DHCP 114 in Kea, that label is "v4-captive-portal". You will place the string in association with that label in some unknown way as no GUI exists yet for Kea.

The patch in Feature #15321 also works in 24.11 Oct 31 Beta.

I will dig it.

Many thanks!

@carlosi7

Hover the mouse over the Stop button :

1fc11747-ea64-46c2-b13d-3b8481586f5b-image.png

The "Services Status" status dash board widget is a file you can find here : /usr/local/www/widgets/widgets/smart_status.widget.php
This file will bring you straight to /etc/inc/services-utils.inc, where services like the captive portal can be stopped and started.

As cron task can be an executable (so you have to build your own^^) or, most often, look at all the pfSense cron tasks already present, a script file.
Now you know where to find the examples that shows you how to do that.

@chinraam said in Nginx "404 Not Found" Error after POST action to "$PORTAL_ACTION%2quot;:

Can you please guide or let me know how to overcome?

I'm not modifying or editing any of the pfSense PHP files. So I have no issues neither errors.

I can't do "self registration" as I'm not allowed (and not want to, neither maintain) ask for any private info like phone numbers or email addresses.

@FSC830 hello I'm researching about some like this, exist some github repo? it will be nice because the community can contribute
this is grate i will test soon
thanks

@Gertjan said in Does anyone know how to get count of logged users in Captive Portal ?:

php -q /root/captiveportal_count_online_users.php

PERFECT!

Tks,

@Gertjan @JonathanLee
It has been fixed, found the same issue.
https://redmine.pfsense.org/issues/15404

@msalavee said in Ips allowed in Captive Portal pfsense 2.7.2 does not work:

2.6.0

I've been using 2.7.2 for a while and then switched to pfSense Plus, currently 24.03.

Did you saw the last post in the thread I've shown ?

@msalavee

It's always a language issue ;) See your other post.

After two years of work, I was able to create a captive portal system on IPv6.

installation guide on YouTube:

https://youtu.be/iNjzQ0beCaA?si=6PNOC3vEFhUfPJe4

Download link for the trial version:

https://drive.google.com/file/d/1cbmzbUVbu6Wg_kWNLfXjOb7QZB8LlZFS/view

Best regards

@Intone said in Relationship between uploaded HTML and index.php in Captive portal.:

the relationship

When the device hits the captive portal's web server at @IP-Portal:800x the index.php is used.
"index.php" because : see the nginx main configuration file - one for http and one for https.

9c814fc8-8d56-4bad-acdb-fc7a62a19dc5-image.png

If the user isn't already logged in, the index.php doesn't do match and falls trough the index.php up until this point.

The function portal_reply_page is called with $type set "login" so the main 'html' login page is sourced (line 1835), this is your uploaded html file, variables are put in place, stuff like #PORTAL_ZONE#, and then the magic happens at line 1868.

echo $htmltext;

and done.

When you hit "Connect", now your 'posting', the same index file is used, and you reach the most common point where user and password entries are tested, and if ok, access is granted.

short survey : You can use php in your self made 'html' page. edit : go for the easy mode : create a link text (URL) that links to another web page that you upload into pfSense. You will have to write some back end code (script) to handle the user input.
Get a copy of the default build in login page (you can see it here) for an example.

@andreychernik999

Not something you can do on pfSense.
And not an issue neither.

As soon as devices are connected and authenticated against the captive portal, everything works as if there was no captive portal.
So gmail, whatsapp, telegram and everything else just plain works.

I saw your network diagram.

Normally, afaik, captive portal users are non-trusted users.
Cameras, normally should be made accessible for trusted users.

Try this : declare every camera as a host in one of these :

ed7ad9c0-9cb4-4c65-bc6b-dfc9b835370c-image.png

so no portal access rule (and counters) are used to access the cameras ?
(I'm not sure but easy to try out )

@ajmaltms

Fast answer for the common mortals :
Noop.
You've 3 or 4 choices, like the first (and only) user, the last logged in user (and the previous gets ditched) - every user that is using the code, and ... some other option.

AFAIK, Freeradius could handle such a situation.

@dimsum said in How can I get a user sent/received size:

idea

Like this ?