Opt1 shouldn't be bridged with the LAN nic.
Opt1 shoul dhave its own DHCP server.

If using an AP, it should be in real 'AP mode' - shut down natting, firewall, dhcp. It should behave like a switch.

@rhy7s:

@Heitor:

Periko,

I´m running squid (transparent) w/ squidGuard and CP w/ Radius too, everything works fine.

Att.
Heitor Lessa
Blog -> http://tinodiaadia.wordpress.com

This happened w/ I was using 1.2.2 Version.. but when I upgrade to 1.2.3-RELEASE works fine.

But.. I use CP + RADIUS w/ proxy transparent, following this tutorial -> http://files.pfsense.org/tutorials/cp_config/radius_win2k3.htm

Att.
Heitor Lessa
Blog -> http://tinodiaadia.wordpress.com
That's cool, you haven't noticed any delays like http://forum.pfsense.org/index.php/topic,11105.0.html?

@Glennbones:

Hi All

I have a very strange problem with captive portal.

I had a running Pfsense with captive portal and radius autenticate to an windows 2003 server, and no problem what so ever, then yesterday the captive portal stop working and not presenting the log on page.

I went to the pfsense webconfigurator and see if something was wrong, nothing seemed wrong, but then i disabled captive portal but then the webconfigurator part froze, i went to an SSH login and tryet to restart the webconfigurator but no luck, then i rebooted the pfsense and then i could configure it again, i tryet to enable captive portal again, and it went ok, but again the logon page didnt display, i went to webconfigurator again and disabled the captive portal and again the webconfigurator part froze op, again i logged in with ssh and tryet to restart the webconfigurator same problem, it will not restart the webconfigurator i again restarted the pfsense firewall.

This problem is still the same, i can't get it to display the logon page, and if i do and people try to logon they do not get redirected thru, as the pfsense frezze up, and only thing to do now is reboot the server and disable the captive portal and then people can get on the internet, but i need the captive portal so i can control the login for the users.

I have heard that there should be problem with squid and captive portal and i am using squid to block several internet pages and see what users are going in on, and it is setup as transparent proxy, but i dont know if this are part of that problem.

But strange that a running captive portal suddently stop working and dont display the logon page, and i can't restart the webconfigurator and do anything in the webconfigurator if i touch the captive portal part, if i enable that, i hope some here can help.

If need additional info please let me know in maybe could addresse my problem.

When WebGUI frozen, have you ever tried to kill lighttpd process via SSH and start again?

Looking for anything on System logs or log message on system by SSH and post it again, pls.

Att.
Heitor Lessa
Blog -> http://tinodiaadia.wordpress.com

I believe that isn´t possible… but I hope that one moderator or another person have a response about it.

Att.
Heitor Lessa
Blog -> http://tinodiaadia.wordpress.com

Nomadix handles this in an interesting way. Their gateway does arp spoofing for every address it hears a arp request for or broadcast for. Wonder if this can be done with ebtables as well at the gateway. OR a rewrite of proxyarp.

well that´s a way of doing it ofcourse, it´s cinda complicated setup just because it doesent support secure auth.

Besides i dont think captive portal supports authentication check against 2 active directorys(if it´s not in the first then it checks the second one), or does it?

I´d really wouldent mind swapping out the astaro but it seem hard to do atm :/

/F

@denis31:

Same problem here.
Captive Portal doesn't work on OPT* interfaces (unless I call http://<pfsenseip>:8000 )
It only works on LAN interface.</pfsenseip>

See http://doc.pfsense.org/index.php/Captive_Portal_and_VLANs

You have to put in an Allowed IP entry for that host.

Embedded does automount r/w when doing stuff like uploading a CP file.
Other than that, mounting a CD for read & WRITE is sub optimal.

You can do that with the captive portal. You don't have to use authentication, though it may require clicking a button to pass through.

It can redirect the client's first page request anywhere you want.

This thread is a dupe, see here: http://forum.pfsense.org/index.php/topic,20101.0.html

In summary: the link from /usr/local/captiveportal to /var/db/cpelements is missing.  I tried to re-create it, but was met with a read-only filesystem error, probably because I'm running live-cd.  I hope the devs have a suggestion.

Mike

@fvaz:

ok…

I Find and fix the problem..

I would like to change to....

Go to etc\inc there are the file captiveportal.inc...

Edit the file, go to line 423 and put the rule

"

redirect non-authenticated clients to captive portal

add 19904 set 1 fwd 127.0.0.1,8001 tcp from any to any 443 in

let the responses from the captive portal web server back out

add 19905 set 1 pass tcp from any 443 to any out
"

Works, if you have https on the captive portal,

put port 8000 if you have http on the login portal

Hope... Help...

(lost many days to find this issue )

no work

I was attempting to do this as well.  Neither 1.2.3 nor 2.0-BETA1 can do this.  Hopefully a future addition?  :)

@rhy7s:

Just wondering, is there any reason why the captive portal can't use the firewall's aliases in the pass-through options?

I don't use WLAN.
GUEST is FastEthernet-RJ45 to my neighbors computer.

@estatecafe

We are discussing 1.2.3-Release here at the moment.

And in terms of user accounts, i am using FreeRADIUS + phpMyPrepaid and point my CP radius settings to my RADIUS.

Since Voucher dont exist on 1.2.3-Release.  Maybe you can closely coordinate with 2.0 Developers for CP.

Regards,

forgot to mention, if you are trying to access any other port besides 443/80/81/8080 (the standard http ports) it will NOT work. you mentioned telnet, if you try to access email through outlook on a network that has a cp outlook wont work you have to open a browser first and then go through the cp stuff before getting on the net.