@gertjan said in Pfsense captive portal does not show on IPhone !!:

They don't care about de local castle from the 14 century.

heheh - I don't know when I was on business trips my favorite part was taking in the local history and stuff to do. This was mostly the local tavern ;) But still - hehehe

I spent a bit of time in Tulle on multiple occasions.. I had a couple of fav watering holes there.. One of my favorite spots was a little place tucked away on a side street, loved to sit outside and just watch the people going about their business and enjoy a few beers..

It was across from the cathedral there, and believe that was from the 14th century ;)

@gertjan thank u man, for your reply...i'll see with dev team if we can work on it beacause i´m just the infra guy and maybe i´m doing the wrong questions...🤣

Xiami devices ?

You mean Xiaomi devices ? These are based on the Android OS, right ? So, they should work. I see the connected don my captive portal.

@kelvinmurik

Correct. "mysqli" requires "mysqli" support, which is different from the older "mysql" (-connect) library.

What I understood :
Initially, everybody can obtain a free voucher, good for 12 hours.

@zuzu-0 said in Captive Portal Free Wifi with Hard Timeout & Vouchers:

no matter if you have a voucher or not

What do you mean by "voucher or not' ? People can connect without a voucher ?

The duration of a voucher can't be changed after creation.
When users switch from the "12 hours" to a "21 days", they switch vouchers, right ?

It is - in theory - possible to reset the "moment of first usage" of a voucher but this needs coding.

@zuzu-0 said in Captive Portal Free Wifi with Hard Timeout & Vouchers:

everyone who buys the Wi-Fi gets to type in the code every 12 hours

The "hard time" out will throw out any connection. Users that use vouchers that are still valid can / have to reconnect, that's correct. Probably not convenient for you, I understand.
You've tried a "hard time" out of "20 days" ?

@barrio603 said in Is letsencrypt.Org an option for https captive portal?:

would be

Your "would be" became a "must have" half a decade or so.
It's 6 years later now. The acme.sh pfSense package took care of things.

@papdee Nope, never used Traffic Shaper. you might be right but how can I verify that which config is overriding ?

@galacticfreez said in Captive portal and DNS Redirection:

I thought Apple Devices had different DNS configured and that it would avoid the captive portale to open. But it isn't the case (it seems this could help : https://developer.apple.com/news/?id=q78sq5rv)

That link shows what the future might look like. It's, at best, RFC draft today.
This solution only needs a working DHCP server, and some json/webserver support.
Initial DNS functionality becomes irrelevant, as captive portal interaction becomes possible as soon as the IP link is established.

iDevices - and all the others - work just fine with the current way of doing things.
I'm using myself the captive portal for a hotel.
It works.

@gertjan
No router, all my users on the server have the my server's ip adress .
For exemple, baracuda firewall install a program on the server whish link the sender's port with the user and send it to the Firewall.
https://campus.barracuda.com/product/cloudgenfirewall/doc/95259264/how-to-configure-ts-agent-authentication/

@gertjan Thank you👍 👍

@robinwright said in Apple devices not automatically opening CP Login:

Do use any filtering?

I'm not filtering, caching or whatever on my captive portal.
I use the captive portal so I can offer an controlled access to the Internet.
I'm not controlling content, as I think I have no right doing that. And I don't care.
If these people (adults) want to visit "the-worst-site-on-the-web.tld" than that is in their right. They want to look at all the publicity ? Perfect to me.
I offer internet "as it is", and not looking to store traffic they generated, or sites they visited.

Ok, true, I use pfBlockerNG (latest) and ones in a while I have pfBlockerNG also filter the clients on the captive portal interface. More for testing purposes, actually.
The film "Ready player one" (and Facebook themselves) gave me a good idea recently : No FB Fridays and Sundays.

[ I'm joking ]

Clients that use my captive portal and try to launch nukes from their hotel room using our Internet access, they will use a VPN - which makes any filtering on my side useless.
The good old 'http' only days are over.

@madmax1234

Yeah, there was something .... I've been using a patch for the captive portal back then.
I'm not sure it was disconnecting clients, though.
I've been using 2.4.5-p1 for months if not a year, way back then (2 years ago ?).

2.5.0 was better - 2.5.1 even better and 2.5.2 is just great : set it and forget it.

The real issue is : why do you chose to use a version that has already has ameliorations and bugs fixes for it ? true, they are all documented and discussed in the forum : 2 years ago.
I can't actually list up anymore aspects of 2.5.0 or even 2.5.1 ;)

edit : Coffee got my memory back : for 2.4.5-p1 there is are two rules that you have to apply :
Rule 1) Never change the portal settings when user are connected.
Rule 2) If you have to, go to Status > Captive Portal> ZONE and use the red button.

The same configuration on 2.4.5-RELEASE-p1 works without issue.
the issue on 2.5.x

@seekerman found somewere in the forum that this is a bug on version 2.5 fixed in development version.. ill try and let you guys know

@dwolfix wondering if you had this issue, when using radius mac authentication i get the hostname instead of the ip address in post action. if mac authentication disable y get the ipaddress and it woks fine