No problem.  If it can be done with the CP, I've probably done it.  =P

u can write it to conf

I'm not sure about IP address because engineer write it to me. But the structure look like in the picture.

For NAT. If they don't use NAT. We can put only CPU on the router1.
But if they use NAT. If we put CP on Router1, 3,4, 5. How about re-authentication problem? If user already login on Router 3,4,5, Do they need to re-authenticataion on Router1?

I replied at this other post.
http://forum.pfsense.org/index.php/topic,10392.0.html

Please, keep this under the same thread so it can be tracked easily.

In a week mostly there will be an option visible from the gui(at the Traffic Shaper) to accomplish this.

Making it comaptible with radius parameters will be something that will be looked to, after some other high priority things get fixed.

But you will be happy even with the first extension too.

A workaround for now that will automatically remove the lock file after it is older than 3 minutes.
http://forum.pfsense.org/index.php/topic,8152.msg57899.html#msg57899

Cool.  Thanks for closing the loop.

nb

Still could not get it to work.  Added all of paypals ips and I was able to get some of the paypal login page to come up but not all and it would not let me log in.  When I used sputnik they had all of the paypal ip's and there were some url included in the list to pass through as well.  If anyone wants them they are:

Allow dynamic developer.paypal.com port 80 (added by PayPal Module)
Allow dynamic developer.paypal.com port 443 (added by PayPal Module)
Allow dynamic www.sandbox.paypal.com port 80 (added by PayPal Module)
Allow dynamic www.sandbox.paypal.com port 443 (added by PayPal Module)
Allow dynamic www.paypal.com port 80 (added by PayPal Module)
Allow dynamic www.paypal.com port 443 (added by PayPal Module)
Allow dynamic paypalobjects.com port 80 (added by PayPal Module)
Allow dynamic paypalobjects.com port 443 (added by PayPal Module)
Allow dynamic www.paypalobjects.com port 80 (added by PayPal Module)
Allow dynamic www.paypalobjects.com port 443 (added by PayPal Module)
Allow dynamic paypalssl.doubleclick.net port 80 (added by PayPal Module)
Allow dynamic paypalssl.doubleclick.net port 443 (added by PayPal Module)
Allow 66.211.168.97 port 80 (added by PayPal Module)
Allow 66.211.168.97 port 443 (added by PayPal Module)
Allow 66.211.168.65 port 80 (added by PayPal Module)
Allow 66.211.168.65 port 443 (added by PayPal Module)
Allow 64.4.241.16 port 80 (added by PayPal Module)
Allow 64.4.241.16 port 443 (added by PayPal Module)
Allow 64.4.241.32 port 80 (added by PayPal Module)
Allow 64.4.241.32 port 443 (added by PayPal Module)
Allow 64.4.241.33 port 80 (added by PayPal Module)
Allow 64.4.241.33 port 443 (added by PayPal Module)
Allow 64.4.241.34 port 80 (added by PayPal Module)
Allow 64.4.241.34 port 443 (added by PayPal Module)
Allow 64.4.241.35 port 80 (added by PayPal Module)
Allow 64.4.241.35 port 443 (added by PayPal Module)
Allow 64.4.241.36 port 80 (added by PayPal Module)
Allow 64.4.241.36 port 443 (added by PayPal Module)
Allow 64.4.241.37 port 80 (added by PayPal Module)
Allow 64.4.241.37 port 443 (added by PayPal Module)
Allow 64.4.241.38 port 80 (added by PayPal Module)
Allow 64.4.241.38 port 443 (added by PayPal Module)
Allow 64.4.241.39 port 80 (added by PayPal Module)
Allow 64.4.241.39 port 443 (added by PayPal Module)
Allow 216.113.188.32 port 80 (added by PayPal Module)
Allow 216.113.188.32 port 443 (added by PayPal Module)
Allow 216.113.188.33 port 80 (added by PayPal Module)
Allow 216.113.188.33 port 443 (added by PayPal Module)
Allow 216.113.188.34 port 80 (added by PayPal Module)
Allow 216.113.188.34 port 443 (added by PayPal Module)
Allow 216.113.188.35 port 80 (added by PayPal Module)
Allow 216.113.188.35 port 443 (added by PayPal Module)
Allow 216.113.188.64 port 80 (added by PayPal Module)
Allow 216.113.188.64 port 443 (added by PayPal Module)
Allow 216.113.188.65 port 80 (added by PayPal Module)
Allow 216.113.188.65 port 443 (added by PayPal Module)
Allow 216.113.188.66 port 80 (added by PayPal Module)
Allow 216.113.188.66 port 443 (added by PayPal Module)
Allow 216.113.188.67 port 80 (added by PayPal Module)
Allow 216.113.188.67 port 443 (added by PayPal Module)

@afrugone:

My configuration is:

–--Wan2------
internet /    loadbalance \ ---PFSense-----LAN-(CP)--             
              \      Failover    /
                ----Wan1------

So if I understand I can't set up CP on WAN1 or WAN2, but I can configure CP on LAN? then, will users at LAN use CP to get access to the internet?

If not posssible, what could be a solution for this?

Thanks

i have configuration like this :
                    WAN1
            /–---------------
Internet- PFsense(LB+FO) --PFsense(CP)--LAN
          ------------------/
                    WAN2
And i set up CP on LAN & WAN and it's work OK. when i set up CP on LAN, user still can browse the web. but when it's set up on LAN & WAN the user must enter username & password first then they can browse the net....  ;D ;D ;D

The last time I try, re-authentication doesn't work because radacct.AcctSessionTime column doesn't get updated. Which means every minutes the radius try to re-auth, the radius doesn't know how long the user current session. But this is last year.

What I use is to utilize radius Session-Timeout. But you need to uncomment certain line from service_captiveportal.php. Pfsense comment this line because it doesn't works before, but I tested and it work now.

Installing squid did have a lot of cool features to help with this issue.

If you setup DHCP reservations so you the IP addresses will set for each of your customers. Then you can write rules based on those IP addresses.

I figured out my own problem.  I found the code in the admin webpages that restarts the captive portal services after you change them and press the "Save" button and I just called them on my own.  Seems to work well for me!

#!/usr/local/bin/php -q         require_once("captiveportal.inc");         captiveportal_configure(); ?>

Thanks for your answer …

I've found this :
http://forum.pfsense.org/index.php/topic,7633.0.html

And It works great !!!!

thanks a lot

@+

I'm pretty sure it doesn't have a supported developer at this point (in m0n0).