An other PFSense user's having this trouble https://redmine.pfsense.org/issues/3226 and I solved my problem with this fix. This is due to Radius Protocol Option, which was reset to no authentication during the upgrade. I select the protocol that I use with my 2K8 and now the system work ! :)

Perhaps something like this: http://wiki.freeradius.org/modules/Rlm_smsotp pfsense CaptivePortal which is using freeradius as backend.

Thanks everyone for the help. It appears it was two issues. One was I did not allow my DNS server out and the other is I had fastforwarding turned on. Thanks again!

Hi, this is the wiki for the pfsense freeradius2 package and the documentation how to do self registration with freeradius + CP + MySQL. Perhaps it could help you. https://doc.pfsense.org/index.php/FreeRADIUS_2.x_package#CaptivePortal_Self-Registration:FreeRADIUS.2B_MySQL Out of the box it will not work with pfsense CP nor with freeradius2 package. The "problem" is the self registration and password change.

Hi jjeff1, when you go to DIAGNOSTICS –> CaptivePortal you can see the users which are connected. You see the start time when the first successfull authentication was made by the user and you can see a column which shows you the last activity of this user. If a user turn off its computer the this MAC address is still authenticated on CP. It will first disconnect after idle or hard timeout. I recognized some problems with idle/hard timeout on my CP. It does not work and I can see users still authenticated even if their last activity was days ago. So you could check this first to make sure if you really have 750 concurrent connections or if it consists old ones. (Restarting CP will kick all connected/authenticated users). If a user enters a wrong password can be seen on DIAGNOSTICS --> System Logs --> Portal auth. There you can see all successfull and wrong authentication attempts. I would suggest you some other things or possibilities: Give every teacher its own username/password to find out what teacher gives out its credentials. Further disable "allow concurrent connection". This will make sure that only the last recent user will be authenticated so only one connection per username/password is possible. The teacher will contact you if he will be kicked always because a student connects with its iphone. Another possibility could be to use vouchers. Create vouchers for 1 week and disable "allow concurrent connections" on CP. Every teacher will get his own voucher so if one teacher gives out his voucher to students then only on concurrent connection is possible and you can find out what teacher hands out his credentials. The third possibility could be to install freeradius2 package on pfsense and connect CP with freeradius2. Then create username/password and if you don't want to give every teacher his own credentials then freeradius2 offers you the possibility to set a number of concurrent connections for this username. So if you have 20 teachers then set this numer to 20 and you will make sure that not more than 20 students can use these credentials concurrently. This will unfortunately not tell you the teacher who gives the credentials out. Hint: If you are using the simultaneous connections option of freeradius2 then you need to disable the option on CP of course. Another possibility to stop iphones and so on could be to use squid and block the user agent of these devices. Every browser uses its own user agent string. So if you are using IE and your computers and firefox then just allow these user agents or check out what user agent the safari browser on iphone users and then block this user agent. This could be an custom setting on squid to block Internet Explorer 8: ##### Create the ACL which blocks user agent of Internet Explorer 8 with ACL name "block_internet_explorer" acl block_internet_explorer browser MSIE 8.; ## deny web access for the ACL "block_internet_explorer" # http_access deny block_internet_explorer;

No. Lusca is based on squid2. Squid3-dev use latest 3.3.8 stable version.

Wow, danke. That is certainly correct, NOT a pfsense Bug. :) Really much thanks to share the information for the package programming. Nice weekend. CAT

Hi, I do not have a solution but I would be also interested in one. This redirect could happen if for example a request could not be resolved within 5s or 10s. I am interested in this, too, when doing maintenance on an upstream router so that the users know that what is going on. Thanks!

Hi, I've been trying use captive portal with radius auth using Windows server 2008r2 existing NPS, this NPS been use for my wireless with radius auth too, but it seem with this PfSense (with same config), i couldn't make it work. really appreciate it if anyone could help. Cheers!

Humm. Right. I looked it up in the manual (the PHP source ). @Gertjan: Edit the file - remove everything between <captiveportal>and</captiveportal> didn't work for me neither. Had the same message as you. This time I tried it out myself before replying …: This works: all was reset when importing this: <captiveportal></captiveportal>

When you submit via javscipt it doesn't send the submit value so you have to add it as a hidden value. Here is the code:

@jarves: How do I direct users to the captive portal? I have windows dhcp server which serves ip and also a cisco router which acts as dhcp. What would be the changes on the windows dhcp and cisco dhcp side? Despite the two DHCP servers on your network, the thing that makes the CP work is the gateway. Tell your DHCP server (one of your choice) to send the IP of your pfsense machine as the gatweay to your dhcp clients.

"per AP" is "per Interface" is "per zone", right ? I used this code (in a Munin plugin) to count all users on all zones, I guess it will be easy to adapt it a little bit for your needs: #!/usr/local/bin/php -q require_once("/etc/inc/util.inc"); require_once("/etc/inc/functions.inc"); require_once("/etc/inc/captiveportal.inc"); /* read in captive portal db */ /* determine number of logged in users */ $count_cpusers = 0; /* Is portal activated ? */ if (is_array($config['captiveportal'])) { /* For every zone, do */ foreach ($config['captiveportal'] as $cpkey => $cp) { $cpzone = $cpkey; /* zone selected -> count users and add */ $count_cpusers += count(captiveportal_read_db()); } } echo $count_cpusers; ?>

Good thing to here ! Btw: did your never thought about making your network more - simple -.