@davvidde to answer your specific original question:

pkg upgrade php74-pfSense-module

However, I was in the same situation you were. This is on a Netgate 3100 on which 22.01 was installed from USB image, then an upgrade was attempted from the GUI to 22.05 on 2022-01-04. Standard old-fashioned install, not a ZFS boot environment.

The upgrade appeared to complete but upon reboot/login a "programming error" was reported, same as yours.

Thanks to @Gertjan 's advice on this this thread, I found the extant state to be:

[22.05-RELEASE][admin@pfsense]/root: ls -altr /usr/local/lib/php/20190902/ total 3456 -rw-r--r-- 1 root wheel 50164 Jan 12 2022 simplexml.so -rw-r--r-- 1 root wheel 37144 Jan 12 2022 filter.so -rw-r--r-- 1 root wheel 26772 Jan 12 2022 pcntl.so -rw-r--r-- 1 root wheel 9924 Jan 12 2022 sysvshm.so -rw-r--r-- 1 root wheel 79736 Jan 12 2022 session.so -rw-r--r-- 1 root wheel 7740 Jan 12 2022 sysvsem.so -rw-r--r-- 1 root wheel 41884 Jan 12 2022 sqlite3.so -rw-r--r-- 1 root wheel 25112 Jan 12 2022 xmlreader.so -rw-r--r-- 1 root wheel 34848 Jan 12 2022 xmlwriter.so -rw-r--r-- 1 root wheel 9408 Jan 12 2022 ctype.so -rw-r--r-- 1 root wheel 502668 Jan 12 2022 opcache.so -rw-r--r-- 1 root wheel 100124 Jan 12 2022 pfSense.so -rw-r--r-- 1 root wheel 39176 Jan 12 2022 json.so -rw-r--r-- 1 root wheel 73404 Jan 12 2022 ldap.so -rw-r--r-- 1 root wheel 12008 Jan 12 2022 sysvmsg.so -rw-r--r-- 1 root wheel 78296 Jan 12 2022 sockets.so -rw-r--r-- 1 root wheel 25168 Jan 12 2022 readline.so -rw-r--r-- 1 root wheel 22712 Jan 12 2022 pdo_sqlite.so -rw-r--r-- 1 root wheel 10324 Jan 12 2022 gettext.so -rw-r--r-- 1 root wheel 17080 Jan 12 2022 bz2.so -rw-r--r-- 1 root wheel 383852 Jan 12 2022 intl.so -rw-r--r-- 1 root wheel 8760 Jan 12 2022 shmop.so -rw-r--r-- 1 root wheel 25104 Jan 12 2022 posix.so drwxr-xr-x 4 root wheel 512 Feb 7 2022 .. -rw-r--r-- 1 root wheel 41392 Jun 1 2022 xml.so -rw-r--r-- 1 root wheel 37772 Jun 1 2022 zlib.so -rw-r--r-- 1 root wheel 34052 Jun 1 2022 mcrypt.so -rw-r--r-- 1 root wheel 16508 Jun 1 2022 tokenizer.so -rw-r--r-- 1 root wheel 158024 Jun 1 2022 dom.so -rw-r--r-- 1 root wheel 159584 Jun 1 2022 openssl.so -rw-r--r-- 1 root wheel 1004320 Jun 1 2022 mbstring.so -rw-r--r-- 1 root wheel 91544 Jun 1 2022 pdo.so -rw-r--r-- 1 root wheel 42736 Jun 1 2022 radius.so -rw-r--r-- 1 root wheel 30140 Jun 1 2022 bcmath.so -rw-r--r-- 1 root wheel 88780 Jun 1 2022 curl.so -rw-r--r-- 1 root wheel 26052 Jun 1 2022 rrd.so drwxr-xr-x 2 root wheel 1024 Jan 4 07:45 .

So some of the .so's were upgraded and some not. Looking further:

[22.05-RELEASE][admin@pfsense]/root: pkg which /usr/local/lib/php/20190902/pfSense.so /usr/local/lib/php/20190902/pfSense.so was installed by package php74-pfSense-module-0.76 [22.05-RELEASE][admin@pfsense]/root: pkg search pfSense-module php74-pfSense-module-0.81 Library for getting useful info [22.05-RELEASE][admin@pfsense]/root: pkg upgrade php74-pfSense-module Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. Checking integrity... done (0 conflicting) The following 1 package(s) will be affected (of 0 checked): Installed packages to be UPGRADED: php74-pfSense-module: 0.76 -> 0.81 [pfSense] Number of packages to be upgraded: 1 Proceed with this action? [y/N]: y [1/1] Upgrading php74-pfSense-module from 0.76 to 0.81... [1/1] Extracting php74-pfSense-module-0.81: 100% [22.05-RELEASE][admin@pfsense]/root: ls -altr /usr/local/lib/php/20190902/ total 3460 -rw-r--r-- 1 root wheel 50164 Jan 12 2022 simplexml.so -rw-r--r-- 1 root wheel 37144 Jan 12 2022 filter.so -rw-r--r-- 1 root wheel 26772 Jan 12 2022 pcntl.so -rw-r--r-- 1 root wheel 9924 Jan 12 2022 sysvshm.so -rw-r--r-- 1 root wheel 79736 Jan 12 2022 session.so -rw-r--r-- 1 root wheel 7740 Jan 12 2022 sysvsem.so -rw-r--r-- 1 root wheel 41884 Jan 12 2022 sqlite3.so -rw-r--r-- 1 root wheel 25112 Jan 12 2022 xmlreader.so -rw-r--r-- 1 root wheel 34848 Jan 12 2022 xmlwriter.so -rw-r--r-- 1 root wheel 9408 Jan 12 2022 ctype.so -rw-r--r-- 1 root wheel 502668 Jan 12 2022 opcache.so -rw-r--r-- 1 root wheel 39176 Jan 12 2022 json.so -rw-r--r-- 1 root wheel 73404 Jan 12 2022 ldap.so -rw-r--r-- 1 root wheel 12008 Jan 12 2022 sysvmsg.so -rw-r--r-- 1 root wheel 78296 Jan 12 2022 sockets.so -rw-r--r-- 1 root wheel 25168 Jan 12 2022 readline.so -rw-r--r-- 1 root wheel 22712 Jan 12 2022 pdo_sqlite.so -rw-r--r-- 1 root wheel 10324 Jan 12 2022 gettext.so -rw-r--r-- 1 root wheel 17080 Jan 12 2022 bz2.so -rw-r--r-- 1 root wheel 383852 Jan 12 2022 intl.so -rw-r--r-- 1 root wheel 8760 Jan 12 2022 shmop.so -rw-r--r-- 1 root wheel 25104 Jan 12 2022 posix.so drwxr-xr-x 4 root wheel 512 Feb 7 2022 .. -rw-r--r-- 1 root wheel 41392 Jun 1 2022 xml.so -rw-r--r-- 1 root wheel 37772 Jun 1 2022 zlib.so -rw-r--r-- 1 root wheel 34052 Jun 1 2022 mcrypt.so -rw-r--r-- 1 root wheel 16508 Jun 1 2022 tokenizer.so -rw-r--r-- 1 root wheel 158024 Jun 1 2022 dom.so -rw-r--r-- 1 root wheel 159584 Jun 1 2022 openssl.so -rw-r--r-- 1 root wheel 1004320 Jun 1 2022 mbstring.so -rw-r--r-- 1 root wheel 91544 Jun 1 2022 pdo.so -rw-r--r-- 1 root wheel 42736 Jun 1 2022 radius.so -rw-r--r-- 1 root wheel 30140 Jun 1 2022 bcmath.so -rw-r--r-- 1 root wheel 88780 Jun 1 2022 curl.so -rw-r--r-- 1 root wheel 26052 Jun 1 2022 rrd.so -rw-r--r-- 1 root wheel 102804 Jun 1 2022 pfSense.so drwxr-xr-x 2 root wheel 1024 Jan 5 14:44 .

So that fixed the specific module. Looking further:

[22.05-RELEASE][admin@pfsense]/root: pkg which /usr/local/lib/php/20190902/json.so /usr/local/lib/php/20190902/json.so was installed by package php74-json-7.4.26 [22.05-RELEASE][admin@pfsense]/root: pkg search php74-json php74-json-7.4.28 The json shared extension for php

So I figured that several packages were not upgraded on the system upgrade.

Going for broke:

[22.05-RELEASE][admin@pfsense]/root: pkg upgrade Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. Checking for upgrades (46 candidates): 100% Processing candidates (46 candidates): 100% Checking integrity... done (0 conflicting) The following 47 package(s) will be affected (of 0 checked): New packages to be INSTALLED: php74-libbe: 0.1.4 [pfSense] Installed packages to be UPGRADED: arpwatch: 3.1 -> 3.2 [pfSense] bash: 5.1.12 -> 5.1.16 [pfSense] bind-tools: 9.16.23 -> 9.16.26 [pfSense] clamav: 0.104.1,1 -> 0.104.2,1 [pfSense] db5: 5.3.28_7 -> 5.3.28_8 [pfSense] dnsmasq: 2.86,1 -> 2.86_3,1 [pfSense] dpinger: 3.0 -> 3.2 [pfSense] filterdns: 2.0_5 -> 2.0_6 [pfSense] hostapd: 2.9_4 -> 2.10 [pfSense] iperf3: 3.10.1_1 -> 3.11 [pfSense] links: 2.20.2_1,1 -> 2.25,1 [pfSense] mpd5: 5.9_6 -> 5.9_7 [pfSense] mtr-nox11: 0.94_1 -> 0.95 [pfSense] nginx: 1.20.2_1,2 -> 1.20.2_9,2 [pfSense] nss: 3.73 -> 3.76 [pfSense] ntp: 4.2.8p15_3 -> 4.2.8p15_5 [pfSense] openvpn: 2.5.4_1 -> 2.6.0_8 [pfSense] pfSense: 22.01 -> 22.05 [pfSense] pfSense-u-boot-env: 20211006 -> 20220429 [pfSense] php74-bz2: 7.4.26 -> 7.4.28 [pfSense] php74-ctype: 7.4.26 -> 7.4.28 [pfSense] php74-filter: 7.4.26 -> 7.4.28 [pfSense] php74-gettext: 7.4.26 -> 7.4.28 [pfSense] php74-intl: 7.4.26 -> 7.4.28 [pfSense] php74-json: 7.4.26 -> 7.4.28 [pfSense] php74-ldap: 7.4.26 -> 7.4.28 [pfSense] php74-opcache: 7.4.26 -> 7.4.28 [pfSense] php74-pcntl: 7.4.26 -> 7.4.28 [pfSense] php74-pdo_sqlite: 7.4.26 -> 7.4.28 [pfSense] php74-posix: 7.4.26 -> 7.4.28 [pfSense] php74-readline: 7.4.26 -> 7.4.28 [pfSense] php74-session: 7.4.26 -> 7.4.28 [pfSense] php74-shmop: 7.4.26 -> 7.4.28 [pfSense] php74-simplexml: 7.4.26 -> 7.4.28 [pfSense] php74-sockets: 7.4.26 -> 7.4.28 [pfSense] php74-sqlite3: 7.4.26 -> 7.4.28 [pfSense] php74-sysvmsg: 7.4.26 -> 7.4.28 [pfSense] php74-sysvsem: 7.4.26 -> 7.4.28 [pfSense] php74-sysvshm: 7.4.26 -> 7.4.28 [pfSense] php74-xmlreader: 7.4.26 -> 7.4.28 [pfSense] php74-xmlwriter: 7.4.26 -> 7.4.28 [pfSense] py38-libzfs: 1.1.2021100100 -> 1.1.2022021400 [pfSense] smartmontools: 7.2_3 -> 7.3 [pfSense] squid: 4.15 -> 5.4.1 [pfSense] suricata: 6.0.4 -> 6.0.4_3 [pfSense] zeek: 4.0.4 -> 4.0.5 [pfSense] Number of packages to be installed: 1 Number of packages to be upgraded: 46 The process will require 5 MiB more space. Proceed with this action? [y/N]: y ...

That ran OK, upon which:

[22.05-RELEASE][admin@pfsense]/root: ls -altr /usr/local/lib/php/20190902/ total 3500 drwxr-xr-x 4 root wheel 512 Feb 7 2022 .. -rw-r--r-- 1 root wheel 41392 Jun 1 2022 xml.so -rw-r--r-- 1 root wheel 37772 Jun 1 2022 zlib.so -rw-r--r-- 1 root wheel 34052 Jun 1 2022 mcrypt.so -rw-r--r-- 1 root wheel 16508 Jun 1 2022 tokenizer.so -rw-r--r-- 1 root wheel 158024 Jun 1 2022 dom.so -rw-r--r-- 1 root wheel 48780 Jun 1 2022 simplexml.so -rw-r--r-- 1 root wheel 159584 Jun 1 2022 openssl.so -rw-r--r-- 1 root wheel 1004320 Jun 1 2022 mbstring.so -rw-r--r-- 1 root wheel 91544 Jun 1 2022 pdo.so -rw-r--r-- 1 root wheel 37288 Jun 1 2022 filter.so -rw-r--r-- 1 root wheel 42736 Jun 1 2022 radius.so -rw-r--r-- 1 root wheel 30140 Jun 1 2022 bcmath.so -rw-r--r-- 1 root wheel 27268 Jun 1 2022 pcntl.so -rw-r--r-- 1 root wheel 10004 Jun 1 2022 sysvshm.so -rw-r--r-- 1 root wheel 78348 Jun 1 2022 session.so -rw-r--r-- 1 root wheel 7724 Jun 1 2022 sysvsem.so -rw-r--r-- 1 root wheel 42076 Jun 1 2022 sqlite3.so -rw-r--r-- 1 root wheel 25464 Jun 1 2022 xmlreader.so -rw-r--r-- 1 root wheel 34688 Jun 1 2022 xmlwriter.so -rw-r--r-- 1 root wheel 9532 Jun 1 2022 ctype.so -rw-r--r-- 1 root wheel 498832 Jun 1 2022 opcache.so -rw-r--r-- 1 root wheel 74556 Jun 1 2022 ldap.so -rw-r--r-- 1 root wheel 12200 Jun 1 2022 sysvmsg.so -rw-r--r-- 1 root wheel 25328 Jun 1 2022 readline.so -rw-r--r-- 1 root wheel 78344 Jun 1 2022 sockets.so -rw-r--r-- 1 root wheel 23188 Jun 1 2022 pdo_sqlite.so -rw-r--r-- 1 root wheel 10388 Jun 1 2022 gettext.so -rw-r--r-- 1 root wheel 17416 Jun 1 2022 bz2.so -rw-r--r-- 1 root wheel 8808 Jun 1 2022 shmop.so -rw-r--r-- 1 root wheel 26512 Jun 1 2022 posix.so -rw-r--r-- 1 root wheel 88780 Jun 1 2022 curl.so -rw-r--r-- 1 root wheel 26052 Jun 1 2022 rrd.so -rw-r--r-- 1 root wheel 33428 Jun 1 2022 libbe.so -rw-r--r-- 1 root wheel 102804 Jun 1 2022 pfSense.so -rw-r--r-- 1 root wheel 38456 Jun 1 2022 json.so -rw-r--r-- 1 root wheel 385828 Jun 1 2022 intl.so drwxr-xr-x 2 root wheel 1024 Jan 5 14:47 .

A reboot was successful with no error upon login.

n.b. @jimp , it appears this thread was accurately in the Installation and Upgrades category originally, if that matters (the captive portal error message appears to be incidental to a failed php74-pfSense-module upgrade). No captive portals are in use on this device.

It would be useful if the upgrade procedure verified successful state transition before or after its reboot.

Thanks for the tips
I will make some testing based on your advises.
If anybody else whant to share experience on that we will benefit from it.
Regards
Pierre

@giyahban

Read also https://forum.netgate.com/topic/174489/22-05-cp-clients-have-connectivity-issues-after-x-amount-of-time/44 ( the entire thread ).

The issue was : every portal users should have its own "pair of pipes". This isn't the case on 22.05, they wind up all sharing the same first pipe. When he first user gets logged out, the pipe is destroyed, the pipe every other user is also using : oops situation guranteed.
Solution is in the thread.

Btw : I get it : install 22.05 and now the portal is somewhat broken (depending your needs). You need to 'patch' yourself some files to make it work again ....

@michmoor
Oddly enough your idea about /16 being the big chunk is right!
I added /24 subnets seperately and apparently its working fine!
It was strange but thanks for your insight it helps a lot

@gertjan
Thanks for explanation, so its by design.
Its not bad, was just wondering about the different behaviour compared to the other widgets.

Regards

@yaseen-naseer

Not stupid, as you need to do it.
Doing nothing means your portal is pretty broken.

This means :
https://redmine.pfsense.org/projects/pfsense/repository/1/revisions/225f86af947822e6bd6f816f6b8fa926c34fe857/diff/src/etc/inc/captiveportal.inc
is very special secret indication that :
You have to edit the pfSense /etc/inc/captiveportal.inc source file.
First, remove the red line - or, better, place // at the beginning of each line.
Next : don't type (never use the keyboard, that always goes wrong) but copy past the green lines.
The not-green and not red lines - thus black lines - are there so you can find the right place in the file.
If you've never done so before : this is your first attempt to actually program something : you've been writing some PHP.

Because you and I are humans, I advise to execute this command first :

c9c15ee8-c512-4e76-b823-7848925d51bc-image.png

It will take a copy of the original file /etc/inc/captiveportal.inc and place it in /etc/inc/captiveportal.inc.backup
So, when thing go bad, for example, you didn't remember how to operate the keyboard, you can always go back to the situation before.

From what I've been reading and writing, issue 12834 had a patch in the pfSense system patcher package.
See here : https://forum.netgate.com/topic/170762/captive-portal-on-specific-vlan-prevents-routing-to-other-networks-since-22-01/4?_=1670414478625
If that's not the case : manual editing is needed.
( or making your own patch file and use that. That's not a "beginners" task )

Don't worry, you can do it.

This exists : Editing Files on the Firewall/edit-file.html - but I never used it (to hard ;).
I use the console - or better : SSH access. Ones in, go for option 8.
There is an editor called 'ee' (Google will tell how it works, no rockets science here, promised).
Tip : ask Google if it can show line numbers.
Now you edit the file.

@ahmetakkaya

not an error message

but I created a panel for accounting, it's annoying to see it here

I don't want to use 2.6.0

Because I created Limiters in Traffic Shaper didn't work

@gtt1229 said in Username Only Captive Portal:

I am trying to setup Captive Portal to just take a username.

Why do you want to take a name ?
a) so the user can type in sjkdfhsqjfhskjhfsjkqsqjdfhsdqfjh and then you trow that name away, and have all user login using a generic name, common among all users ?
b) or do you want that name to match with an existing using, so "sjkdfhsqjfhskjhfsjkqsqjdfhsdqfjh" has to exist ?

No need to patch the system, you can (have to) create your own 'html login page'.
The concept is shown here :

c111e717-d4e1-4e32-a1b8-ae4cf432ee7c-image.png

To see the full html page, have the login page shown in your browser, and tell your browser to show the 'source' (and that is html of course, as that is what the browser received).

You could hide the real user name, and the real password. Just show a welcome message.
The hidden (not shown on the screen) user name and password will be used for all users to login. This user password pair has to be defined in the pfSense User manager.

You'll have to set this :

5142ad4c-5e25-47a1-ac45-f48eefc92da0-image.png

otherwise an existing logged in user will get thrown of if some else is logging in.

Or, go for the

088455cb-6256-46ae-9380-17ac82d3e200-image.png

option. You can add a html field that asks for a name, phone number, or why not, ask for a credit card number **, as the entered text gets ditched anyway.

** I advise you to use https to show the portal login page, if not, you'll get hurt.

@axel-1 said in Redirect URL:

if there was another method other than the captive portal to achieve this result.

Redirect to a locally hosted (on pfSense) web page that states :

Please close this windows / app.
You are now connected.
Use any app, like mail client, SSH, VPN, Web browser at you wish.

OMG!!!

9793b76c-8d7a-4038-9b81-ef684434d901-grafik.png

My guess the "outline" is the enabled option...so i didnt check it... 😵

Now it looks like

b86daf5a-bd6f-422c-933e-d1075f30010e-grafik.png

Thanks for swapping the brick from my head... 😊

Regards

@cpa said in Command to regenerate /tmp/rules.debug:

and why there is no MAC in the rules.debug)

![f366120c-a5d9-4364-8aca-eb282b157c45-image.png](/assets/uploads/files/1668610461740-f366120c-a5d9-4364-8aca-eb282b157c45-image.png

and you're right : nothing in the /tmp/rules.debug

But when I read Troubleshooting Captive Portal you'll find ways to see pf firewall rules :

pfSsh.php playback pfanchordrill

shows me :

..... cpzoneid_2_passthrumac rules/nat contents: cpzoneid_2_passthrumac/001122334455 rules/nat contents: ether pass in quick from 00:11:22:33:44:55 l3 all tag cpzoneid_2_auth dnpipe 2008 ether pass out quick to 00:11:22:33:44:55 l3 all tag cpzoneid_2_auth dnpipe 2009

@cpa said in Command to regenerate /tmp/rules.debug:

So what I plan to do is to change the config.xml by ansible, regenerate the /tmp/rules.debug-File and reapply this file to the packetfilter.

Easy answer : ok to look for solution but forget about using (modifying) "/tmp/rules.debug" yourself.
This file exists as read only, and can be changed by the system at any time.

It would work, of course, as most part of the GUI is written in PHP, but : You have to know how pfSense works - and there is no way to short circuit that.
Adding a MAC to the MAC list of the captive portal isn't rocket science, as you can borrow all the PHP scripts that already exist.
How to 'flush' the new MAC to the config and applied it to the firewall : you'll find out fast enough, as code writing always starts with a lot of reading (about how the system works).
pfSense doesn't have an API or something like that.

@qssysadmin

How does your question relate to the captive portal ?
( you posted in the captive portal section of the forum )

A reboot is always mandatory as you changed the kernel version (a kernel can't be reloaded in place).

@qssysadmin said in Pfsense 2.6 Captive Portal does not allow vpn connection established:

ping for example to 8.8.8.8 is blocked

Not an issue.
8.8.8.8 replies to DNS requests. No need to ping it.

@qssysadmin said in Pfsense 2.6 Captive Portal does not allow vpn connection established:

I put a firewall Rule on the LAN Interface which allows all traffic from internal to external

The default LAN firewall rue permits everything. No extra rules needed.

@ahmetakkaya

You want to use the portal access from 'somewhere' on the Internet ?
I never saw a setup like that.

The captive portal is designed to give a devices on a local network acess to the Internet, and other selected resources.
Devices that are already on the Internet don't need access t the Internet, they already have it.

If you want to access local resources from the outside, use a VPN.

I want to bring up this subject again.

CoA, Change of Authorization, basically consists in a UDP packet which a RADIUS server can send to a NAS (like the pfSense captive portal) to change reply attributes or disconnect a user.

This is particularly helpful in implementing authorization flows in which the user gets a basic connection first and then is upgraded to different limitations (eg: more bandwidth, more traffic, more connection time, etc).
It also helps to manage radius sessions for multiple NAS from a central point.

I have been able to implement something with Coova-Chilli, which supports CoA and I think it would be great for PfSense to support this as Chilli does so I opened a feature request: https://redmine.pfsense.org/issues/13625.

CoA RFC https://www.ietf.org/rfc/rfc3576.txt.

Peace.

@level4 said in 22.05 - CP clients have connectivity issues after x amount of time:

That "} else" ..
shouldn't be a "} else {"
with a "}" below the "$auth_result =" line ?

You can place

$auth_result = captiveportal_authenticate_user($user, $passwd, $clientmac, $clientip, $pipeno, $context);

between { .... }, true. Like :

....... } else { $auth_result = captiveportal_authenticate_user($user, $passwd, $clientmac, $clientip, $pipeno, $context); }

Or

....... } else { $auth_result = captiveportal_authenticate_user($user, $passwd, $clientmac, $clientip, $pipeno, $context); }

But as this is just one line, so no need.

@heper said in Import from a list (MAC addresses) possible:

have mac-randomization enabled by default...

yup that could be problematic for sure ;)

@gertjan said in Captive portale issue: not redirecting to the authentification page and no internet access when enabled:

Look also at the official Netgate captive portal videos.

Strange.
I've used these https://www.youtube.com/c/NetgateOfficial/videos and that works very well for me.
For more then a decade now.

Tel me what your doing differently, then I'll tell you not to do that, and it will work for you also ;)