Probably 3 possibilities here and I doubt if applying a firmware update does anything as it's almost guaranteed either your config has been changed, or it's completely unrelated to your firewall.

You used a weak password, didn't restrict management access, and someone on that network cracked/guessed it and changed the redirect URL or something else in your config to do that someone on the network is doing bad things to MITM your users, ARP poisoning or similar. you're redirecting to a URL that's been defaced, that tag line is common on defaced websites.

Attaching a copy of your config, and a packet capture of all traffic from an affected machine while it's accessing captive portal and getting redirected would tell more. You can email those two files to me off-forum if you don't want to make them public (cmb at pfsense dot org, include a link to this thread).

Can guide me to create RADIUS Server?

In our setup, we had to use the pfsense LAN IP as the gateway IP for the clients. Once i did that then things started working for us. We also put in the FW rules for any:any for all traffic. Its in a test lab so security of it isn't a problem for us right now.

However, we seem to be having an issue where occasionally the captive login doesn't show up initially and once we stop and start the captive service that seems to 'fix' it. What is the manual URL you are using to force the page to appear?

Thanks for the reply.  The answer was right in the program instructions and it works great.  I then got caught up in other projects so my apologizes for the delay in acknowledging your assistance.

I believe that has been fixed in 2.0.

Redirect is not working at all.

I have tried both. Accessing manually, coz i changed login page and normal "connect to WiFi and wait what happens"

Maybe i can try adding nat rule manually. Not sure how to forward to backloop interface, but i will try asking Mrs. Google, maybe she knows…..

It is usually stable, but from time to time there are localized issues as changes are made and other things are addressed.

Hoping for a release by the end of the year but the real answer is always "when it's ready".

OK, I solved the iphone trouble, I added an exception for ICMP to apple.com.
Now it works as expected.

We use a remote syslog server and log all the portal authentications to a database.  Then have a web front-end to display.  Have it broken down by subnets that represents a certain facility in our guest network.  We know how many customers are connected by location.  Works great…

I ask because I actually help run a lot of the security for a University, as well, albeit much smaller.  It looks like your current setup is based off snort.  If that's the case, is there any reason you could not use the snort module for pfSense and use that to do detection and control?

The solution we're looking at will use MS-NAP and interact with Windows clients, which is about 90% of our students, to preemptively check their security.  Though, if you have more info on your setup, I'd love to know how it all works.  So feel free to PM me, as I don't want to derail this thread any more than I have already.  But we're an 8 person operation serving about 5,000 students across 4 primary campuses, so any input is always welcome.

no, when you upload it, it's stored in the config and written out with the proper name.

There is a thread here on the forum with examples, it was just updated over the weekend.

http://forum.pfsense.org/index.php/topic,26141.0.html