@jimp Hi, Thanks for the reply, my eyes are playing tricks with me I did not see that. Restart a local captive portal instance: Select "Restart Local Service" and enter captiveportal zonename replacing zonename with the zone to restart.

@gertjan I ran pfsense-upgrade -y and it is working now. Thank you.

brilliant, thank you. I saw the example but couldn't find an example with the variable. Not having experience of this Im grateful for the help. I didn't realise it was literally simply put"$PORTAL_MESSAGE$" in the HTML! I thought it was going to be a php line or some javascript. That was the last thing I needed, captive portal going live...

@nickologic said in Intermittent connectivity when accessing allowed hostnames: Everything loads correctly when connected to the non-captive interface. Isn't there some known bug with captive portal - believe there is a patch.. I believe this https://redmine.pfsense.org/issues/12834

@gertjan i also added a comment about the "Dot" Problem in the Bug Report. So i think all should be fine for now. THX Gertjan for your help!

Interestingly I did all my testing with a Windows 10 and Windows 11 laptop until I was happy with my captive portal. I tested at each stage: set up captive portal with defaults, no authentication. set up voucher roll and voucher authentication. add SSL certificate (I already use an ACME letsencrypt with pfsense so I added another URL to the SAN for the captive portal) set up radius customise the logon HTML and the "error" HTML I was happy that this all worked - only the "edge browser" seems to have an oddity with captive portal (force redirect sorted that and I was going to force redirect to my "company landing page" anyway, chrome and firefox have no issue sending its captive portal check plus redirecting back. Now to test with other devices: *Ipad worked fine. *Android did not. Android was convinced that it was connected - it attempted a www.gstatic.com/generate_204 which apparently (according to the device) succeeded pre authentication! There was no traffic flow though (good). However I could not get the captive portal page to trigger on an android device, it was convinced that it needed to "sign in" but then would simply say that it was connected. I spent quite a lot of time looking at firewall logs, device logs and trying to fathom why the android device was convinced it had a connectivity allowed and I was never shown the captive portal page, I checked everything from DNS (I use pfsense forwarder and there is only one "exception" which is a "disclaimer landing page" simple URL on a local webserver). In the end I found that if I "disconnected all users" then this would work. After digging it seems that if I make a change to the pfsense portal settings I need to disconnect all users for my android device to see the captive portal. Most odd. Android device is version 12. I have no idea what this will do to the people who have vouchers when I disconnect (radius auth will be irrelevant of course, they can re-sign in.

@pieter_sa said in Captive Portal breaks policy routing for bypassed MAC addresses after upgrade to 22.05 [fixed]: @bitrot You marked this as fixed, so others, like me, will also go through the entire journey of registering for pfsense+ and updating all the way up to 22.05 just to see the same old Captive Portal issues. No. I found an issue with Captive Portal in 22.05, made a post about it, troubleshot it, and created a bug report about it. Once a patch was available I linked it and marked the issue as fixed. The other issue you've mentioned is Regression #13290: dummynet. This is a cosmetic issue only that does not affect functionality and is also already fixed. If you have some other "same old Captive Portal issues" I again suggest you be much, much more specific and also open a separate thread and maybe create a bug report that deals with your specific problems instead of hijacking another thread that is about a different issue that has already been fixed.

That makes sense. I guess the client has software which is trying to talk to the gateway.

Thank you guys, all your inputs are highly appreciated.

@backlash619 said in 22.05 issues: broke my captive portal, authentication servers don't work anymore, If you're using the pfSEnse "freeradius3 0.15.7_33"package as an auth server, give it some more tries. And detail your config. 22.05 + pfSEnse "freeradius3 0.15.7_33" works for me It's being used by the most comprehensive type of clients : tourists in a hotel.

@refugeesonline said in Used voucher db with strange content: Anyone having the same or similar problems? Or any idea? The thing is, if I recall the entire forum (and I can't / don't, although I'm posting here since a decade or so), you are the first I see posting about a voucher usage on a big scale. And its not one set up, but multiple setups 190. My advise is : start logging. Not using the GUI, as the GUI probably offer 'close to none' possibilities here. I would add lines lines like : log_error("This is a log line in file abcd.php"); This line will get shown in the System main log like this : [image: 1657800863438-94c4c696-f55f-406c-b376-f67b639b7351-image.png] change abcd for the file name you placed your log line. You can / should add variables. I don't have much experience with vouchers, I just played with them, by creating some 30 minutes vouchers and use them, and see how they time out of the preset time. That is, I know, that if a voucher is used for the first time, and it's 'valid', the voucher code will get entered in the 'used voucher' database (probably the SQLITE3 PHP database file that is kept for every portal). The captive portal uses a 'mini cron' process : 53161 - Is 0:00.00 /usr/local/bin/minicron 60 /var/run/cp_prunedb_cpzone1.pid /etc/rc.prunecaptiveportal cpzone1 that runs every 60 seconds, the function captiveportal_prune_old() in /etc/inc/captiveportal.inc gets called. That's where the magic is happening. The good news is : nothing magic is going on. See for yourself. Its plain vanilla PHP - PHP was removed from the rocket science list in 1999. @refugeesonline said in Used voucher db with strange content: 26.000 used vouchers Vouchers are created, and you can print them out. They are not known to the captive portal authentication system at this moment. They are generated, and you print them. If 26000 vouchers are shown as used, then they had to be typed in by some one one by one. Vouchers are active the moment they get entered. The voucher code identifies the duration of the "roll" it belongs. The voucher stays valid while ("enter date/time" + "roll duration") < "current time". Here is the test : https://github.com/pfsense/pfsense/blob/9490042fdaafa481bcf131f3805dcc9022d973f1/src/etc/inc/captiveportal.inc#L654 Sorry not being able to help you more.

@full-malito What is your pfSense version ? What your are your captive portal firewall rules ? What happens when you put in place the rule you've found when you installed pfSense ?

@joaobruno said in Shorten Voucher: vouchers of up to 6 digits The same questions was asked, way back in time, on this forum. My "find", at the top of the screen, is somewhat broken (I'm using a small phone right now), I advise you to find and look for yourself what can be done to make the voucher code smaller.

@full-malito Hi, VLAN, or not, the captive portal doesn't care. For the captive portal, it's just another LAN type interface. @full-malito said in Captive portal not working on VLAN?: (just enabling DHCP server and NAT), You use the DHCP server on every LAN interface, even when you don't need it ;) ON a portal type interface, where you don't know if people have set up a correct static IP setup (changes are close to zero), you need a DHCP server. You'll be needing a working DNS server, the default unbound setup will do just fine. Why you talk about NAT ?? NAT rules and related firewall rules are needed for your local services that you need to make accessible for devices somewhere on the Internet. NAT has nothing to do with a captive portal. I know, this one : Captive Portal on pfSense 2.3/2.4 is old. But it's still very useful to make a working portal in < 5 minutes. First, go vanilla. It works. Then : add your VLANs. If thats breaks, you'll know where to look ;)

@tianakex Hi may I know if this patch also works on pfsense 2.6?

@jimp said in CP Voucher Sync: I don't see us directing any resources toward changing that, but if someone were to propose and develop a solution as a pull request that wasn't too disruptive we could consider it. Totally get where you're coming from and understand that. I'll consider that as a possibility as it would be a nice bit of work. As I have one or two students with there final thesis linig up, perhaps we can throw a bit of work into this. Thanks for the idea :)

@nogbadthebad Submitted, Thanks a lot.

@raymondchauke said in Auto connect IPhone to Captive Portal: Watch the video