Please contact privately persons for this sugestions.

Hi Sir,

Finally the captive works on vlan2. I create vlan1 then i move lan to vlan1. Thanks for the help

There isn't an OSPF daemon for pfSense at the moment, and the BGP package is currently geared toward WAN routing and not internal (but it might work, I'm not very familiar with BGP).

The easiest thing to do would be as I said, add a manual route for your lan-side subnet pointed at the pfSense WAN IP.

Why don't set the routers to an AP mode and use pfSense as the gateway and have it do the DHCP for all the wireless?  And though I'm not sure what you're doing for DHCP, if you've already got that part working then just set the the wired connections to the pass-through IPs and leave the wireless stuck facing the captive portal?

I mean, of course multiple users are going to get through out after one person has auth'd as pfSense is just seeing one device that has auth'd.  That's why you'd use APs not routers.

Our solution to something like this involved routing the wireless through a separate, communications isolated, vLAN routed by the Core Switch and using WAPs pointed at the gateway (pfSense).

If anyone can tell me the software used to create the walkthroughs on the website I'll actually go ahead and create a full walkthrough.

Currently I have pfSense running with RADIUS.  The RADIUS is checked against AD using an auth server that is not a domain controller but a domain member.  This is so it'll work so long as any DC remains functional (5 total).  The auth is done in Server 2008 (maybe moving to 2008 R2 soon). 
Captive Portal is using https.  Wireshark verifies that we can't pick up any sensitive information from logging in.
Filesharing is blocked using a combo of the traffic shaping along with OpenDNS.
In the event of legal issues, logs include username, IP assigned, MAC, times, and all the essentials, stored in a RAID 5.

The setup we're using now is pretty much tailor-made for large-scale wireless deployments, especially at educational institutions.

As I said, I'll create a walk-through if I can get clarification on how to go about doing it best.

ok everything i need is in captiveportal.inc

Thanks for the clarification, ermal. I suspected as much but it's nice to know for sure.

Well this seem not to be very stable, I'll start a new thread..

I think you can use radius. It'll help you anyway.

What i was looking for is to dynamically switch the user from not having a working network at all except for connectivity to just the captive portal to having full network use and internet use once they pay and i accept them.

There isn't much to the question. I'm running 1.2.2. I create firewall rules allowing ports through the firewall to IPs in the private network. These rules don't work unless those IPs are in the bypass list for the captive portal. I would like the rules to work without bypassing the captive portal. I will try the RC in future but would prioritise that task if this issue is no longer evident.

It should be fairly easy to replace the main router with a pfsense box running CP. I would recommend a recent 1.2.3 snapshot, as there have been many CP improvements since 1.2.2. Personally, I'd go with an Alix running nano on a good CF card for reliability and low power use.

on the cp page:
If you provide a URL here, clients will be redirected to that URL instead of the one they initially tried to access after they've authenticated.
so no, however you can make it so that they can access that page without having to login, this is under allowed ip addresses:
Note:
Adding allowed IP addresses will allow IP access to/from these addresses through the captive portal without being taken to the portal page. This can be used for a web server serving images for the portal page or a DNS server on another network, for example. By specifying from addresses, it may be used to always allow pass-through access from a client behind the captive portal.

Reinstall pf after backing up the config file. I had this happen where pf would not do self signed certs so i reinstalled and it fixed it, then i uploaded my config file and all settings were back.