@tapabrata Did you ever get a solution to this?

Hello, Thanks I'll try, I'll let you know

@jorge-igor said in Captive Portal x NXFILTER x PFSENSE: NXFILTER Easy answer : do not do that. Portal users should be connected directly to the pfSense captive portal interface (passing trough cables, Wifi, switches etc) That is : the client's IP and MAC should be known to the pfSense portal.

@unreal516 said in CP and DHCPD Issue 2.6.0: I have tried rebooting the CP service The captive portal isn't a 'service'. A web server, a copy of nginx, is started and listens on port 'localhost' (127.0.0.1) using port 800x and 800x+ (if you are also using https). Because you want the DHCP server to work for your clients (static IP setup for not network aware clients) won't work ;) you have set up a DHCP server for your captive portal network. Normally, your "vmx1" should be your LAN. The captive portal interface should be ... vmx2, some "OPT1" second LAN type interface. As I advice you strongly to put your trusted devices on a LAN and the not trusted devices on another, OPTx network, dedicated for portal users, who are nontrusted by default. Otherwise : if you trust them, why bother : put an AP on your LAN network, give them your SSID password and you're done. Btw "vmx1" means : you are using a VM ? My advise : great ! But first make the portal work on a bare bone, and when it all works out very well, go add another layer of complexity. "dhcp.c:4164: Failed to send 300 byte long packet over vmx1 interface." means : there is an issue with the vmx1 interface itself. Not some firewall issue. Btw: the captive portal "ipfw" firewall rules, used by the captive portal, pass all DHCP (and DNS) traffic by default. You don't need to add "DHCP" type firewall rules on your vmx1 "pf" firewall rule tab. Also, firewall rules, pf and ipfw, filter incoming traffic. That is : traffic oming INTO the interface. Your error shows an issue with outgoing traffic, traffic generated by the dhcd (with a "d") server deamon. Your "dhcp" : is this an error from the dhcp client, typically running on the WAN interface ? Also : can't remember any more, wasn't there an issue (bug) 2.6.0. with "captive portal only accepts TCP" (and not UDP and ICMP) ? This would explain DHCP == UDP issues. What are your patches ? Using the pfSense System patches packages is not optional anymore ;)

@michmoor Thanks, i didnt check if they got an IP. I will have to do more testing. With their MACs in the pass list, is it known that they do work? All the other devices were fine. Not using VLAN. Thank you!!

@davvidde to answer your specific original question: pkg upgrade php74-pfSense-module However, I was in the same situation you were. This is on a Netgate 3100 on which 22.01 was installed from USB image, then an upgrade was attempted from the GUI to 22.05 on 2022-01-04. Standard old-fashioned install, not a ZFS boot environment. The upgrade appeared to complete but upon reboot/login a "programming error" was reported, same as yours. Thanks to @Gertjan 's advice on this this thread, I found the extant state to be: [22.05-RELEASE][admin@pfsense]/root: ls -altr /usr/local/lib/php/20190902/ total 3456 -rw-r--r-- 1 root wheel 50164 Jan 12 2022 simplexml.so -rw-r--r-- 1 root wheel 37144 Jan 12 2022 filter.so -rw-r--r-- 1 root wheel 26772 Jan 12 2022 pcntl.so -rw-r--r-- 1 root wheel 9924 Jan 12 2022 sysvshm.so -rw-r--r-- 1 root wheel 79736 Jan 12 2022 session.so -rw-r--r-- 1 root wheel 7740 Jan 12 2022 sysvsem.so -rw-r--r-- 1 root wheel 41884 Jan 12 2022 sqlite3.so -rw-r--r-- 1 root wheel 25112 Jan 12 2022 xmlreader.so -rw-r--r-- 1 root wheel 34848 Jan 12 2022 xmlwriter.so -rw-r--r-- 1 root wheel 9408 Jan 12 2022 ctype.so -rw-r--r-- 1 root wheel 502668 Jan 12 2022 opcache.so -rw-r--r-- 1 root wheel 100124 Jan 12 2022 pfSense.so -rw-r--r-- 1 root wheel 39176 Jan 12 2022 json.so -rw-r--r-- 1 root wheel 73404 Jan 12 2022 ldap.so -rw-r--r-- 1 root wheel 12008 Jan 12 2022 sysvmsg.so -rw-r--r-- 1 root wheel 78296 Jan 12 2022 sockets.so -rw-r--r-- 1 root wheel 25168 Jan 12 2022 readline.so -rw-r--r-- 1 root wheel 22712 Jan 12 2022 pdo_sqlite.so -rw-r--r-- 1 root wheel 10324 Jan 12 2022 gettext.so -rw-r--r-- 1 root wheel 17080 Jan 12 2022 bz2.so -rw-r--r-- 1 root wheel 383852 Jan 12 2022 intl.so -rw-r--r-- 1 root wheel 8760 Jan 12 2022 shmop.so -rw-r--r-- 1 root wheel 25104 Jan 12 2022 posix.so drwxr-xr-x 4 root wheel 512 Feb 7 2022 .. -rw-r--r-- 1 root wheel 41392 Jun 1 2022 xml.so -rw-r--r-- 1 root wheel 37772 Jun 1 2022 zlib.so -rw-r--r-- 1 root wheel 34052 Jun 1 2022 mcrypt.so -rw-r--r-- 1 root wheel 16508 Jun 1 2022 tokenizer.so -rw-r--r-- 1 root wheel 158024 Jun 1 2022 dom.so -rw-r--r-- 1 root wheel 159584 Jun 1 2022 openssl.so -rw-r--r-- 1 root wheel 1004320 Jun 1 2022 mbstring.so -rw-r--r-- 1 root wheel 91544 Jun 1 2022 pdo.so -rw-r--r-- 1 root wheel 42736 Jun 1 2022 radius.so -rw-r--r-- 1 root wheel 30140 Jun 1 2022 bcmath.so -rw-r--r-- 1 root wheel 88780 Jun 1 2022 curl.so -rw-r--r-- 1 root wheel 26052 Jun 1 2022 rrd.so drwxr-xr-x 2 root wheel 1024 Jan 4 07:45 . So some of the .so's were upgraded and some not. Looking further: [22.05-RELEASE][admin@pfsense]/root: pkg which /usr/local/lib/php/20190902/pfSense.so /usr/local/lib/php/20190902/pfSense.so was installed by package php74-pfSense-module-0.76 [22.05-RELEASE][admin@pfsense]/root: pkg search pfSense-module php74-pfSense-module-0.81 Library for getting useful info [22.05-RELEASE][admin@pfsense]/root: pkg upgrade php74-pfSense-module Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. Checking integrity... done (0 conflicting) The following 1 package(s) will be affected (of 0 checked): Installed packages to be UPGRADED: php74-pfSense-module: 0.76 -> 0.81 [pfSense] Number of packages to be upgraded: 1 Proceed with this action? [y/N]: y [1/1] Upgrading php74-pfSense-module from 0.76 to 0.81... [1/1] Extracting php74-pfSense-module-0.81: 100% [22.05-RELEASE][admin@pfsense]/root: ls -altr /usr/local/lib/php/20190902/ total 3460 -rw-r--r-- 1 root wheel 50164 Jan 12 2022 simplexml.so -rw-r--r-- 1 root wheel 37144 Jan 12 2022 filter.so -rw-r--r-- 1 root wheel 26772 Jan 12 2022 pcntl.so -rw-r--r-- 1 root wheel 9924 Jan 12 2022 sysvshm.so -rw-r--r-- 1 root wheel 79736 Jan 12 2022 session.so -rw-r--r-- 1 root wheel 7740 Jan 12 2022 sysvsem.so -rw-r--r-- 1 root wheel 41884 Jan 12 2022 sqlite3.so -rw-r--r-- 1 root wheel 25112 Jan 12 2022 xmlreader.so -rw-r--r-- 1 root wheel 34848 Jan 12 2022 xmlwriter.so -rw-r--r-- 1 root wheel 9408 Jan 12 2022 ctype.so -rw-r--r-- 1 root wheel 502668 Jan 12 2022 opcache.so -rw-r--r-- 1 root wheel 39176 Jan 12 2022 json.so -rw-r--r-- 1 root wheel 73404 Jan 12 2022 ldap.so -rw-r--r-- 1 root wheel 12008 Jan 12 2022 sysvmsg.so -rw-r--r-- 1 root wheel 78296 Jan 12 2022 sockets.so -rw-r--r-- 1 root wheel 25168 Jan 12 2022 readline.so -rw-r--r-- 1 root wheel 22712 Jan 12 2022 pdo_sqlite.so -rw-r--r-- 1 root wheel 10324 Jan 12 2022 gettext.so -rw-r--r-- 1 root wheel 17080 Jan 12 2022 bz2.so -rw-r--r-- 1 root wheel 383852 Jan 12 2022 intl.so -rw-r--r-- 1 root wheel 8760 Jan 12 2022 shmop.so -rw-r--r-- 1 root wheel 25104 Jan 12 2022 posix.so drwxr-xr-x 4 root wheel 512 Feb 7 2022 .. -rw-r--r-- 1 root wheel 41392 Jun 1 2022 xml.so -rw-r--r-- 1 root wheel 37772 Jun 1 2022 zlib.so -rw-r--r-- 1 root wheel 34052 Jun 1 2022 mcrypt.so -rw-r--r-- 1 root wheel 16508 Jun 1 2022 tokenizer.so -rw-r--r-- 1 root wheel 158024 Jun 1 2022 dom.so -rw-r--r-- 1 root wheel 159584 Jun 1 2022 openssl.so -rw-r--r-- 1 root wheel 1004320 Jun 1 2022 mbstring.so -rw-r--r-- 1 root wheel 91544 Jun 1 2022 pdo.so -rw-r--r-- 1 root wheel 42736 Jun 1 2022 radius.so -rw-r--r-- 1 root wheel 30140 Jun 1 2022 bcmath.so -rw-r--r-- 1 root wheel 88780 Jun 1 2022 curl.so -rw-r--r-- 1 root wheel 26052 Jun 1 2022 rrd.so -rw-r--r-- 1 root wheel 102804 Jun 1 2022 pfSense.so drwxr-xr-x 2 root wheel 1024 Jan 5 14:44 . So that fixed the specific module. Looking further: [22.05-RELEASE][admin@pfsense]/root: pkg which /usr/local/lib/php/20190902/json.so /usr/local/lib/php/20190902/json.so was installed by package php74-json-7.4.26 [22.05-RELEASE][admin@pfsense]/root: pkg search php74-json php74-json-7.4.28 The json shared extension for php So I figured that several packages were not upgraded on the system upgrade. Going for broke: [22.05-RELEASE][admin@pfsense]/root: pkg upgrade Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. Checking for upgrades (46 candidates): 100% Processing candidates (46 candidates): 100% Checking integrity... done (0 conflicting) The following 47 package(s) will be affected (of 0 checked): New packages to be INSTALLED: php74-libbe: 0.1.4 [pfSense] Installed packages to be UPGRADED: arpwatch: 3.1 -> 3.2 [pfSense] bash: 5.1.12 -> 5.1.16 [pfSense] bind-tools: 9.16.23 -> 9.16.26 [pfSense] clamav: 0.104.1,1 -> 0.104.2,1 [pfSense] db5: 5.3.28_7 -> 5.3.28_8 [pfSense] dnsmasq: 2.86,1 -> 2.86_3,1 [pfSense] dpinger: 3.0 -> 3.2 [pfSense] filterdns: 2.0_5 -> 2.0_6 [pfSense] hostapd: 2.9_4 -> 2.10 [pfSense] iperf3: 3.10.1_1 -> 3.11 [pfSense] links: 2.20.2_1,1 -> 2.25,1 [pfSense] mpd5: 5.9_6 -> 5.9_7 [pfSense] mtr-nox11: 0.94_1 -> 0.95 [pfSense] nginx: 1.20.2_1,2 -> 1.20.2_9,2 [pfSense] nss: 3.73 -> 3.76 [pfSense] ntp: 4.2.8p15_3 -> 4.2.8p15_5 [pfSense] openvpn: 2.5.4_1 -> 2.6.0_8 [pfSense] pfSense: 22.01 -> 22.05 [pfSense] pfSense-u-boot-env: 20211006 -> 20220429 [pfSense] php74-bz2: 7.4.26 -> 7.4.28 [pfSense] php74-ctype: 7.4.26 -> 7.4.28 [pfSense] php74-filter: 7.4.26 -> 7.4.28 [pfSense] php74-gettext: 7.4.26 -> 7.4.28 [pfSense] php74-intl: 7.4.26 -> 7.4.28 [pfSense] php74-json: 7.4.26 -> 7.4.28 [pfSense] php74-ldap: 7.4.26 -> 7.4.28 [pfSense] php74-opcache: 7.4.26 -> 7.4.28 [pfSense] php74-pcntl: 7.4.26 -> 7.4.28 [pfSense] php74-pdo_sqlite: 7.4.26 -> 7.4.28 [pfSense] php74-posix: 7.4.26 -> 7.4.28 [pfSense] php74-readline: 7.4.26 -> 7.4.28 [pfSense] php74-session: 7.4.26 -> 7.4.28 [pfSense] php74-shmop: 7.4.26 -> 7.4.28 [pfSense] php74-simplexml: 7.4.26 -> 7.4.28 [pfSense] php74-sockets: 7.4.26 -> 7.4.28 [pfSense] php74-sqlite3: 7.4.26 -> 7.4.28 [pfSense] php74-sysvmsg: 7.4.26 -> 7.4.28 [pfSense] php74-sysvsem: 7.4.26 -> 7.4.28 [pfSense] php74-sysvshm: 7.4.26 -> 7.4.28 [pfSense] php74-xmlreader: 7.4.26 -> 7.4.28 [pfSense] php74-xmlwriter: 7.4.26 -> 7.4.28 [pfSense] py38-libzfs: 1.1.2021100100 -> 1.1.2022021400 [pfSense] smartmontools: 7.2_3 -> 7.3 [pfSense] squid: 4.15 -> 5.4.1 [pfSense] suricata: 6.0.4 -> 6.0.4_3 [pfSense] zeek: 4.0.4 -> 4.0.5 [pfSense] Number of packages to be installed: 1 Number of packages to be upgraded: 46 The process will require 5 MiB more space. Proceed with this action? [y/N]: y ... That ran OK, upon which: [22.05-RELEASE][admin@pfsense]/root: ls -altr /usr/local/lib/php/20190902/ total 3500 drwxr-xr-x 4 root wheel 512 Feb 7 2022 .. -rw-r--r-- 1 root wheel 41392 Jun 1 2022 xml.so -rw-r--r-- 1 root wheel 37772 Jun 1 2022 zlib.so -rw-r--r-- 1 root wheel 34052 Jun 1 2022 mcrypt.so -rw-r--r-- 1 root wheel 16508 Jun 1 2022 tokenizer.so -rw-r--r-- 1 root wheel 158024 Jun 1 2022 dom.so -rw-r--r-- 1 root wheel 48780 Jun 1 2022 simplexml.so -rw-r--r-- 1 root wheel 159584 Jun 1 2022 openssl.so -rw-r--r-- 1 root wheel 1004320 Jun 1 2022 mbstring.so -rw-r--r-- 1 root wheel 91544 Jun 1 2022 pdo.so -rw-r--r-- 1 root wheel 37288 Jun 1 2022 filter.so -rw-r--r-- 1 root wheel 42736 Jun 1 2022 radius.so -rw-r--r-- 1 root wheel 30140 Jun 1 2022 bcmath.so -rw-r--r-- 1 root wheel 27268 Jun 1 2022 pcntl.so -rw-r--r-- 1 root wheel 10004 Jun 1 2022 sysvshm.so -rw-r--r-- 1 root wheel 78348 Jun 1 2022 session.so -rw-r--r-- 1 root wheel 7724 Jun 1 2022 sysvsem.so -rw-r--r-- 1 root wheel 42076 Jun 1 2022 sqlite3.so -rw-r--r-- 1 root wheel 25464 Jun 1 2022 xmlreader.so -rw-r--r-- 1 root wheel 34688 Jun 1 2022 xmlwriter.so -rw-r--r-- 1 root wheel 9532 Jun 1 2022 ctype.so -rw-r--r-- 1 root wheel 498832 Jun 1 2022 opcache.so -rw-r--r-- 1 root wheel 74556 Jun 1 2022 ldap.so -rw-r--r-- 1 root wheel 12200 Jun 1 2022 sysvmsg.so -rw-r--r-- 1 root wheel 25328 Jun 1 2022 readline.so -rw-r--r-- 1 root wheel 78344 Jun 1 2022 sockets.so -rw-r--r-- 1 root wheel 23188 Jun 1 2022 pdo_sqlite.so -rw-r--r-- 1 root wheel 10388 Jun 1 2022 gettext.so -rw-r--r-- 1 root wheel 17416 Jun 1 2022 bz2.so -rw-r--r-- 1 root wheel 8808 Jun 1 2022 shmop.so -rw-r--r-- 1 root wheel 26512 Jun 1 2022 posix.so -rw-r--r-- 1 root wheel 88780 Jun 1 2022 curl.so -rw-r--r-- 1 root wheel 26052 Jun 1 2022 rrd.so -rw-r--r-- 1 root wheel 33428 Jun 1 2022 libbe.so -rw-r--r-- 1 root wheel 102804 Jun 1 2022 pfSense.so -rw-r--r-- 1 root wheel 38456 Jun 1 2022 json.so -rw-r--r-- 1 root wheel 385828 Jun 1 2022 intl.so drwxr-xr-x 2 root wheel 1024 Jan 5 14:47 . A reboot was successful with no error upon login. n.b. @jimp , it appears this thread was accurately in the Installation and Upgrades category originally, if that matters (the captive portal error message appears to be incidental to a failed php74-pfSense-module upgrade). No captive portals are in use on this device. It would be useful if the upgrade procedure verified successful state transition before or after its reboot.

Thanks for the tips I will make some testing based on your advises. If anybody else whant to share experience on that we will benefit from it. Regards Pierre

@giyahban Read also https://forum.netgate.com/topic/174489/22-05-cp-clients-have-connectivity-issues-after-x-amount-of-time/44 ( the entire thread ). The issue was : every portal users should have its own "pair of pipes". This isn't the case on 22.05, they wind up all sharing the same first pipe. When he first user gets logged out, the pipe is destroyed, the pipe every other user is also using : oops situation guranteed. Solution is in the thread. Btw : I get it : install 22.05 and now the portal is somewhat broken (depending your needs). You need to 'patch' yourself some files to make it work again ....

@michmoor Oddly enough your idea about /16 being the big chunk is right! I added /24 subnets seperately and apparently its working fine! It was strange but thanks for your insight it helps a lot

@gertjan Thanks for explanation, so its by design. Its not bad, was just wondering about the different behaviour compared to the other widgets. Regards

@yaseen-naseer Not stupid, as you need to do it. Doing nothing means your portal is pretty broken. This means : https://redmine.pfsense.org/projects/pfsense/repository/1/revisions/225f86af947822e6bd6f816f6b8fa926c34fe857/diff/src/etc/inc/captiveportal.inc is very special secret indication that : You have to edit the pfSense /etc/inc/captiveportal.inc source file. First, remove the red line - or, better, place // at the beginning of each line. Next : don't type (never use the keyboard, that always goes wrong) but copy past the green lines. The not-green and not red lines - thus black lines - are there so you can find the right place in the file. If you've never done so before : this is your first attempt to actually program something : you've been writing some PHP. Because you and I are humans, I advise to execute this command first : [image: 1670414325134-c9c15ee8-c512-4e76-b823-7848925d51bc-image.png] It will take a copy of the original file /etc/inc/captiveportal.inc and place it in /etc/inc/captiveportal.inc.backup So, when thing go bad, for example, you didn't remember how to operate the keyboard, you can always go back to the situation before. From what I've been reading and writing, issue 12834 had a patch in the pfSense system patcher package. See here : https://forum.netgate.com/topic/170762/captive-portal-on-specific-vlan-prevents-routing-to-other-networks-since-22-01/4?_=1670414478625 If that's not the case : manual editing is needed. ( or making your own patch file and use that. That's not a "beginners" task ) Don't worry, you can do it. This exists : Editing Files on the Firewall/edit-file.html - but I never used it (to hard ;). I use the console - or better : SSH access. Ones in, go for option 8. There is an editor called 'ee' (Google will tell how it works, no rockets science here, promised). Tip : ask Google if it can show line numbers. Now you edit the file.

@ahmetakkaya not an error message but I created a panel for accounting, it's annoying to see it here I don't want to use 2.6.0 Because I created Limiters in Traffic Shaper didn't work

@gtt1229 said in Username Only Captive Portal: I am trying to setup Captive Portal to just take a username. Why do you want to take a name ? a) so the user can type in sjkdfhsqjfhskjhfsjkqsqjdfhsdqfjh and then you trow that name away, and have all user login using a generic name, common among all users ? b) or do you want that name to match with an existing using, so "sjkdfhsqjfhskjhfsjkqsqjdfhsdqfjh" has to exist ? No need to patch the system, you can (have to) create your own 'html login page'. The concept is shown here : [image: 1669807071625-c111e717-d4e1-4e32-a1b8-ae4cf432ee7c-image.png] To see the full html page, have the login page shown in your browser, and tell your browser to show the 'source' (and that is html of course, as that is what the browser received). You could hide the real user name, and the real password. Just show a welcome message. The hidden (not shown on the screen) user name and password will be used for all users to login. This user password pair has to be defined in the pfSense User manager. You'll have to set this : [image: 1669807262434-5142ad4c-5e25-47a1-ac45-f48eefc92da0-image.png] otherwise an existing logged in user will get thrown of if some else is logging in. Or, go for the [image: 1669807390585-088455cb-6256-46ae-9380-17ac82d3e200-image.png] option. You can add a html field that asks for a name, phone number, or why not, ask for a credit card number **, as the entered text gets ditched anyway. ** I advise you to use https to show the portal login page, if not, you'll get hurt.

@axel-1 said in Redirect URL: if there was another method other than the captive portal to achieve this result. Redirect to a locally hosted (on pfSense) web page that states : Please close this windows / app. You are now connected. Use any app, like mail client, SSH, VPN, Web browser at you wish.

OMG!!! [image: 1668783209280-9793b76c-8d7a-4038-9b81-ef684434d901-grafik.png] My guess the "outline" is the enabled option...so i didnt check it... Now it looks like [image: 1668783285597-b86daf5a-bd6f-422c-933e-d1075f30010e-grafik.png] Thanks for swapping the brick from my head... Regards

@cpa said in Command to regenerate /tmp/rules.debug: and why there is no MAC in the rules.debug)  "/tmp/rules.debug" yourself. This file exists as read only, and can be changed by the system at any time. It would work, of course, as most part of the GUI is written in PHP, but : You have to know how pfSense works - and there is no way to short circuit that. Adding a MAC to the MAC list of the captive portal isn't rocket science, as you can borrow all the PHP scripts that already exist. How to 'flush' the new MAC to the config and applied it to the firewall : you'll find out fast enough, as code writing always starts with a lot of reading (about how the system works). pfSense doesn't have an API or something like that.