I dont know if its possible with the actual system of vouchers, because if u change the  key al the roll mess up.

The easy way (but not full automatic) its generate a lot of rolls of what u need and put the csv in the system of sales, and comment line to line when a voucher its sold.

Hi,

I do this with a small Routerboard and a Monowall in VM, just Captive Portal without Authentication and as landing Page: PAY YOUR BILL OR …........

RB450G, one firewall mangle rule: chain prerouting, source address (ip of the not paying guy), action: mark routing, new routing mark "payurbill", one ip-route (new route, 0.0.0.0/0,  mono-VM as gateway, routing mark="payurbill" --> voila

I use m0n0 as it only uses 64 MB RAM in VM, 50% RAM free, no noticeable cpu requirements, should work with PFSENSE too, but 128 MB RAM.
Or try the 2.0 BETA (!) with multiple captive portals, only one other interface or VLAN (Not tried the VLAN thing) for another captive portal (I do not know if you can have differenet landing pages for different CP'S on different Interfaces though...)

If you dont like VM, a alix board (150$) with 3 lan interfaces, even the smaller one with 433 MHz Geode and 128 MB RAM is sufficiant for >10 Mbit/s throughput with either PFSENSE or m0n0. Uses around 5 W of power, very small footprint, rackmounts available....

Can you provide screenshots of your Captive Portal settings, your OPT4 firewall rules and the Traffic Shaper setup.

What do you have selected on the CP config under "Authentication"? If it's set to "No Authentication" then people can click through. It should be set for the local user manager, I think.

Hi. 
So having issues.  Not as easy as I was hoping…

Configured Virtual pfSense.
Left WAN rules open for testing.
Installed Radius

On Virtual pfSense with Radius installed.
Added Client:
Client IP: (My WAN on Home_pfSense)
Shortname: MHDHOME
Shared password: abc123
Desc: Test

3.
On pfSense Firewall at Datacenter
Add port forwarding to port TCP 1812 to pfSense Virtual WAN port 10.20.30.210 from external IP
Add port forwarding to port TCP 80 (HTTP) to pfSense Virtual WAN port 10.20.30.210 from external IP
Successfully connected to port 80 via public IP confirming access.

4.
On Home_pfSense.
Assigned OPT1 10.20.10.1/24
Enabled DHCP and set dns to 10.20.10.1
Enabled Captive Portal on OPT1
Selected radius
Primary RADIUS server: entered public IP assigned to virtual pfSense for ports 1812 and 80.
Entered shared password: abc123
Created custom pages.

When logging on I am redirected to portal page.  After entering username and password for user I get:

http://10.20.10.1:8000/

500 - Internal Server Error

When I look at the logs for radius:

Tue Jan  4 05:01:08 2011 : Info: Using deprecated naslist file.  Support for this will go away soon.
Tue Jan  4 05:01:08 2011 : Info: Using deprecated naslist file.  Support for this will go away soon.
Tue Jan  4 05:01:08 2011 : Error: There appears to be another RADIUS server running on the authentication port 1812
Tue Jan  4 05:01:08 2011 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Tue Jan  4 04:57:23 2011 : Info: Ready to process requests.
Tue Jan  4 07:48:29 2011 : Info: Using deprecated naslist file.  Support for this will go away soon.
Tue Jan  4 07:48:29 2011 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Tue Jan  4 07:48:29 2011 : Info: Ready to process requests.
Tue Jan  4 07:49:32 2011 : Info: Using deprecated naslist file.  Support for this will go away soon.
Tue Jan  4 07:49:32 2011 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Tue Jan  4 07:49:32 2011 : Info: Ready to process requests.
Tue Jan  4 07:58:16 2011 : Info: Using deprecated naslist file.  Support for this will go away soon.
Tue Jan  4 07:58:16 2011 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Tue Jan  4 07:58:16 2011 : Info: Ready to process requests.

Thanks.  I am going to try it…

I belive you are looking only at 1.2.3 code!

any idea please

Hi,

Have you managed to fix the problem?

Found the following which appears to do exactly what I want but I am not sure how to implement it.

http://freeradius.org/radiusd/man/rlm_counter.html

Have you tried just unchecked the enable box, and then checking it again?

That should force the fields to be enabled, though I don't see how they would be locked in the disabled mode either. Like Ermal, I haven't been able to replicate that.

Hello Jim,

I look forward to the updated book. I will touch base with Jos in a few days to get the new version.

We are running a customized version of pfSense 1.2.3 so it will be a while before we can upgrade to 2.0.  So we will need to settle for the above for now.  The only draw back I see is that src LAN_NET gets replaced with any in all rules.  I still have not been able to unscramble exactly why this allows the captive portal LAN subnets to work. There is some interaction between pf and ipfw that I am not quite getting… However, the bottom line is that for whatever reason changing that one line in filters.inc causes subnets to work with captive portal.

Thanks for help and advise here and in other postings.

take care.

--luis

Thanks for the prompt Replies guys.  I appreciate it!

What is that option for on the captive portal settings page if it wasn't intended to be used?

When you tested it, did you manually go directly to the captive portal page or did you get redirected there when trying to access something else?  When you go there manually, it redirects to itself when you log in.