@nogbadthebad Submitted, Thanks a lot.

@raymondchauke said in Auto connect IPhone to Captive Portal: Watch the video

Hello Gert-Jan, Thank You. i'm going to use the portal :)

@sparktcs said in Block Wi-Fi sharing through mobile Hotspot !: Dear members, We are seeking valuable solution from PFsense members on how to restrict/block users that are connected to the devices using another hotspot. Like for example :- We have wireless solution with voucher guest control (Captive Portal) and issuing limited period single user vouchers to users. Now, we came to know that,users are misusing the issued vouchers by sharing their connection to other customer through his mobile hotspot facility. As far as our concerned, this is major loophole and needs to be restrict/block at the earliest. I hope the the issue above is clear and awaiting for somebody to help us to solve the issue as much as earlier. Really appreciated any one prompt response. Sorry for the late answer. A "Netgate TAC Word Class black card VIP" member access won't give you an answer. As this issue can not be solved - period. It's not a pfSense problem. Its a router after a router problem. pfSense being the first router - and the device sharing the connection being the second. Now go to Youtube, enter the search phrase "what is a IPv4 router - how does it work ?", look some videos, came back here and say " ..... wtf, this is an real issue, and can't be solved ". Example, Your ISP gives you a connection, with some IP like a.b.c.d./32 You slide in the RJ45 Ethernet cable in your PC, set up your NIC so it has a.b.c.d mask 255.255.255.255 - you add a DNS, add a gateway, the ISP gave you one, and know, your are connected !!! You'll say : one I, one IP ? What about all my other xx devices @home ? Well, initially, you had to open xx number of connections to your ISP. Easy. But routers were defined. And 'local RFC1918 networks. It works like this : on the local LAN, all devices can talk to each other as one big family. Resources that are not on your LAN, like youtube.com (sorry : 216.358.209.238) do not "match" the local network (192.168.1.0/24) so the request is send to the local gateway : your router. The router takes the incoming LAN IP (like 192.168.1.10 port 443, MAC aa.bb.cc.dd.ee.ff) as the "source" and initiates a TCP/IP session behalf of you on the WAN side, to "216.358.209.238 port 443". Answers coming back from the TCP session are converted back to 192.168.1.10, using the original requester port (not 443 per se). Keep in mind that the 216.358.209.238 (youtube) never even sees the WAN MAC of the router (let alone le LAN PC MAC). The beauty is : 216.358.209.238 will only see requests coming from your WAN IP, 216.358.209.238 can not see that these requests came from 192.1638.1.10 - or 192.168.1.253, or 192.168.1.58 etc. That info is on the routers WAN interface. Internal states in the router keeps track of the "what TCP session belongs to what device on LAN". And, no, you can "see" this state table on the WAN side. That would be a security risk. So, no, on the captive portal (just a LAN) you see "one" connected user == one IP, one MAC, and you can suspect that that single "user" using one voucher is actually generating the traffic of many users behind this "user" - as this user is a router. Because all traffic is https these days (http is dead) you can't see a thing. Don't feel alone here. The NSA/CIA/KGB/FBI can't see (decrypt) neither here : welcome to the club : you can't 'crack' https (TLS). So, as @nogbadthebad said in Block Wi-Fi sharing through mobile Hotspot !: It's an issue with the users. said, it's a "user" thing. When you suspect a user abuses his voucher contract, throw him of the portal. But be careful, you can suspect, never be really sure. Btw : in a near future, when when IPv4 finally dies and IP traffic is all IPv6, there are possibilities as a single IPv6/128 can't be sub routed anymore. Btw2: there were some tests with the TTL field in the TCP header, as every router hop decreases this field by one, but this wasn't really conclusive. If I'm not mistaken, this was discussed in this forum, a decade or so ago.

@stephenkwabena I placed a feature request. I do hope that it will be available soon.

Hello @ahsunh, I'm pretty sure with 2 and 3. I'm not sure what you mean by no.1, I'll have to look it up. But my dcpinger is working

should be fairly simple with some php or javascript bs something like: https://github.com/knuch/js-lang-redirect or https://stackoverflow.com/questions/66438076/redirect-user-based-on-their-language-preference-in-js or https://stackoverflow.com/questions/18098528/detecting-browser-language-in-php-and-redirect or https://stackoverflow.com/questions/41995878/php-language-redirect-automatically you could also not redirect but use a case statement to include the different languages as required.

@ahsunh Thank you for the reply Sir. I already solve the problem. Thanks again. God bless!

@aspiringnetworkadmin You should probably start your own thread instead of hijacking @beavermml's thread.

@pierrelyon Sir may I ask what version of pfsense are you using? I also have the same issue. I mean I have ADDS LDAP on my server and bind it on my pfsense. Then implement Captive portal user authentication with ADDS LDAP but it won't work. I am using pfsense 2.6.0. If you are using v2.6.0, may I know Sir what did you do to make it work? TIA!

oh my logic was poor - all the users sessions will have that same 'unique' ID. Not sure it matters though.

@dansgul Hi Sir sorry to interrupt. We have the same problem Sir and I already apply 'Fix Captive Portal handling of non-TCP traffic after login' the Reboot my pfsense but still don't work. This is my case Sir. "I really need help with my issue. I have a Active Directory LDAP and I bind it on my pfsense(Working good) then I configure my Captive Portal on my pfsense. My problem is after I login my user credentials(LDAP AD) I can't access internet. BUT if I disable my Captive Portal my internet is working good and I can browse any sites. P.S. My DNS and DCHP is on my window server."