Thanks for reply, i found the problem, I am using wan port of my wireless access point, is this way the wireless client dont received DHCP address from pfsense server, i change to wireless access point lan port,
and captive portal work.

I tried to use multiwan and captive portal, but read at forums that doesnt work, i will try a way to get solve this problem.

I need load balance and failover, but in my case captive portal is the most important.

Thanks

What exactly does this incompatibility look like? Does captive portal just cease to work, or does trying to run CP and multi-WAN cause serious problems with routing, throughput, what-have-you? I foolishly neglected to notice this incompatibility and tried to run both at the same time, and I had all kinds of strange problems. I rolled back the changes to a functional setup, but I'm kind of curious what was happening.

Thanks,

Dave

@http://www.pfsense.org/index.php?option=com_content&task=view&id=40&Itemid=43:

Captive Portal

Captive portal allows you to force authentication, or redirection to a click through page for network access. This is commonly used on hot spot networks, but is also widely used in corporate networks for an additional layer of security on wireless or Internet access. For more information on captive portal technology in general, see the Wikipedia article on the topic. The following is a list of features in the pfSense Captive Portal.

* Maximum concurrent connections - Limit the number of connections to the portal itself per client IP. This feature prevents a denial of service from client PCs sending network traffic repeatedly without authenticating or clicking through the splash page.
    * Idle timeout - Disconnect clients who are idle for more than the defined number of minutes.
    * Hard timeout - Force a disconnect of all clients after the defined number of minutes.
    * Logon pop up window - Option to pop up a window with a log off button.
    * URL Redirection - after authenticating or clicking through the captive portal, users can be forcefully redirected to the defined URL.
    * MAC filtering - by default, pfSense filters using MAC addresses. If you have a subnet behind a router on a captive portal enabled interface, every machine behind the router will be authorized after one user is authorized. MAC filtering can be disabled for these scenarios.
    * Authentication options - There are three authentication options available.
          o No authentication - This means the user just clicks through your portal page without entering credentials.
          o Local user manager - A local user database can be configured and used for authentication.
          o RADIUS authentication - This is the preferred authentication method for corporate environments and ISPs. It can be used to authenticate from Microsoft Active Directory and numerous other RADIUS servers.
    * RADIUS capabilities
          o Forced re-authentication
          o Able to send Accounting updates
          o RADIUS MAC authentication allows captive portal to authenticate to a RADIUS server using the client's MAC address as the user name and password.
          o Allows configuration of redundant RADIUS servers.
    * HTTP or HTTPS - The portal page can be configured to use either HTTP or HTTPS.
    * Pass-through MAC and IP addresses - MAC and IP addresses can be white listed to bypass the portal. Any machines with NAT port forwards will need to be bypassed so the reply traffic does not hit the portal. You may wish to exclude some machines for other reasons.
    * File Manager - This allows you to upload images for use in your portal pages.

Limitations

* Can only run on one interface simultaneously.
    * "Reverse" portal, i.e. capturing traffic originating from the Internet and entering your network, is not possible.
    * Only entire IP and MAC addresses can be excluded from the portal, not individual protocols and ports.
    * Currently not compatible with multi-WAN rules. We hope this will be resolved in 2.0.

I find that on 1.3 (2.0) when you wipe all you schedule entries and reboot it frees CP and all is happy.  This is not the case w/ 1.2

Is there any plan to fix this know issue?  As both features are awesome (CP and schedules) and it is hard to pit one against the other as for their usefulness.

Oh - OK.

After being smacked down on the contribs.org forums so many times, I guess that I am just a little defensive.

Thanks again -

Library Mark

I have done this with both the internal database and with radius connecting to a freeradius server.

Most of the Attributes that can be setup in FreeRadius the current Captive Portal will simply ignore. Many of them are yet to be implemented in the Captive Portal.

Here is a method that should work.

Services -> Captive Portal -> First Tab
Look for 'Maximum concurrent connections' and set to 1. When captive portal sees a user that is already logged in it will log concurrent login in the logs under Status -> System Logs -> Portal Auth will remove the old mac address and add the new one. You should then see the new MAC address under Status -> Captive Portal.

Captive portal does not bind to the WAN interface so it should not load from the WAN IP. Tonight I helped some with a captive portal problem where the captive portal was not blocking anything. In his case captive portal was assigned to opt1 and there was a problem that was caused by a bad rule on the optional interface. In your case captive portal is assigned to the LAN so you should take a look first at the rules assigned to the LAN. If you still can't resolve the problem post a screen shot of your LAN rules. One way to find out is to disable the rule and then test captive portal.

Hope this helps.

The solution looks pretty good to me thanks for sharing.

Mark

You might want to connect to pfSense and run Diagnostics and see if you can ping www.mail.yahoo.com or mail.yahoo.com. This problem is not likely related to captive portal. It is more likely a DNS issue, a routing issue with your route on the Internet, or a client issue.

As far as additional features to captive portal I suggest you might consider sponsoring them with a bounty.

I did this on a system on Saturday.

Things to note.
1. Make sure your LAN port on the Linksys is not using a conflicting IP to the PFSense LAN.
2. Also remember to turn off the DHCP server on the Linksys so that it does send conflicting address to pfSense's DHCP server.

Then it should work great.

any ideas  :-* ?

At this times the two proxy are working. The proxy on pfsense sent all request to the
squid/dansguardian proxy on dmz…. Only if i put the squid icp port...
But my trouble now, sometimes I am filtered by dansguardian, sometimes no...
I have dansguardian log, and squid too... I think sometimes the request go to dansguardian via tcp port,
sometimes directly to squid by icp.

Someone can help me?

ีuse ipaddress  lan interface :8000 to login again 
http:\192.168.1.1:8000
enabled  logout popup on brower

hi
I'm setting my captive portal but I have some problems on freeradius server

it was 2 errors on make and make install and I try to test it and I found that it doesn't even exist on processus,

please help me

yep that is the best thing to do… well the only problem is that I still have to go to that basement :(

then I modified the /usr/local/captiveportal/index.php file with:

LogoutWin.document.write('');
    LogoutWin.document.write('') ;
    LogoutWin.document.write('<title>Logout</title>') ;
    LogoutWin.document.write(' ');
    LogoutWin.document.write('') ;
    LogoutWin.document.write(' ');
    LogoutWin.document.write('') ;
    LogoutWin.document.write('Click the button below to disconnect

');
    LogoutWin.document.write('

<form id="dologout" name="dologout" method="POST" action="{$logouturl}">');
    LogoutWin.document.write('');
    LogoutWin.document.write('');
    LogoutWin.document.write('</form>

');
    LogoutWin.document.write('');
    LogoutWin.document.write('');
    LogoutWin.document.close();

/********************/
I am sure 100%

Someone mentioned in the Untangle forums that captive portal is done with a proxy. In pfsense and m0n0 it is actually done with firewall rules.

If Untangle passed client mac addresses on to pfSense then your setup would work. But from what I saw on their forum the bridge is working that transparent.