I have seen in other captive portals where the word "logout" is typed in browser address bar. This is much simpler  solution, but how to implement it? It needs some intercept/analysis of http request for word "logout" and then redirect to the logout URL. Maybe this could be put in captive portal code or squid proxy config or where? Also, would be useful to type "status" into address bar and get page back showing time remaining, etc.

As far as I know, the config.xml file is the place where the pass-through's are generated from to create the firewall rules and I dont think this is written to a flat file, though I could be wrong. You could try updating the config.xml and see if that works.

http://forum.pfsense.org/index.php/topic,60658.0.html

Ive since upgraded to 2.1 and it seems the config has migrated the error with it, in the end I had to edit my config and remove any reference to "vouchers", (even tho voucher support was disabled) restored the edited config, reboot and everything fine since then.

@cmb: most likely the fastcgi crashing problem in 2.0.2. We're about to release 2.0.3, you can get the pre-release here. http://forum.pfsense.org/index.php/topic,58203.0.html which will likely fix the issue. Thank you very much for the fast response.  I'll get it updated as soon as possible.

That's a bug in 2.0.2, fixed in 2.0.3. You can get 2.0.3-PRERELEASE here: http://forum.pfsense.org/index.php/topic,58203.0.html

Thanks, will try to upgrade.

ok, thanks.

Hello ! Throwing pfSense_interface_listget in Google gives you this: http://forum.pfsense.org/index.php?topic=47304.0 Tried that ?

Hi there. Stop wondering. All wifi-hotspots have mostly Microsoft Windows system-based users** You're actually stating that the Captive Portal doesn't work for you. There is good news, and bad: you're wrong  ;) ** The exception might be: Apple's main headquarters.

What about using the freeradius2 package and then using the ldap option within that package?

ou'll need to buy a SSL cert issued by a CA that is included in all the popular browsers, or the user will get a big scary warning. check out 'startssl' . free ssl certs supported by major browser vendors. The free one is only valid for 1 year, the paid certs are cheap and last longer. i'm using this with pf CP atm

Perhaps the question is very elaborate, the simple question is: is there anyway to change the Hard Timeout, ie that at any time you can add more time to "hard timeout" per user? thanks

Pass-through users are only found in the ARP table, when they're seen at all. Being passed through means they do not hit the portal at all, so there is no concept of being "logged in".