This probably is best adressed at the m0n0 mailinglist. The CP is just a port of their code. Please verify this behaviour with a recent m0n0 before posting there.

@jeroen234:

user must have access to port 8000  (this is where the portal lives)

Yes, anything prior to recent snapshots needs a rule on the interface to permit traffic to port 8000.  Recent snapshots automatically install the needed rules behind the scenes.

Thanks for the clarification.

Maybe I should look into radius servers instead of pfsense. Maybe it is possible to get a radius server to pull parts of its database from a central server while using a local database at the same time…

Christian

After reading thru the thread before posting by post I had noticed that and have set it up accordingly. The DHCP server that assigns IP addresses on that interface assigns the interface as the primary DNS server.

Still NO go.  ;-(

If this works note that you will have to change it this way whenever you touch the captive portal settings and hit save.

You need to have flash installed. It's a flash tutorial movie.

It has worked for me up until now, just make sure that you don't use vi to edit the user file, for some reason it doesn't like the way it writes it.  Radius must also restart after each change to the user file to read in the new changes before the new users will be able to authenticate.

Oh, I must have accidentally left that section out.  :-[

Got it and worked. Thanks a lot.

normally when you access website the page is going to cp portal for authenicate. you can see conneting pang in under bar
(1) opening page http://192.168.1.254:8000/zzzzzzzzzzzzzzzzzzzz something like this
and the page to authen username and password. but some pc in my network can't to be process (1)
but some pc can not to be in process(1) has been opening page http://websitetogo and have error

The page cannot be displayed

i don't know what happen in my network
1 lan 192.168.1.254/24
1wan 192.168.0.254/24

No NAT

Hi,

That zip file seems to be corrupted.
New dl location is: http://www.leinonen.org/pfsense.html

Br,

Ville

hmm, I set up a fresh config like this with 1.0.1 and it worked fine.  Do all NAT entries stop working or is it something more specific?  What version of pfsense?  Normal behavior of the captive portal is to block outgoing access until credentials can be verified.  All hosts, unless specified in the passthrough, will not be able to reach the WAN until said credentials are provided and verified.  Do you get redirected to the portal page at all?

After you enable the captive portal log in and type

pfctl -s nat|grep -v 127.0.0.1

as well as

ipfw list

and post the results.

@mibo:

@ Hank

if you can change CP to use a login box like htaccess and use Internet Explorer it can be work.

IE with the default settings try to logon on local networks with the credentials of the active Domain User.
I don't know if the CP Page is recognized as a local Site?

Hi mibo

Sorry for the long absense.

Can you elaborate 'login box like htaccess' a bit?  I'm a newbie so I don't have much knowledge with these issues.  But I'd like to try this as a possible solution.  You mention specifically IE, does it ork with other browsers too, like Firefox and Opera..?

Looking forward to try this out

regards

Hanks

My (rather expensive) solution… add another wrap board with m0n0wall use pfsense as gateway only and run captive portal on the m0n0 box...
Wouldve used m0n0 as all-in-one except they dont support cards that use the ath driver...

However with both wrap boards in place... it works great!!! :)

host on an external server and allow access to that servers ip to cp users without authentication…

Also check the names of the files... u could try taking the '-' out although i dont see why that should cause any problems... and check for .jpg as opposed to .JPG that caused a problem for me once...

Great - thank's for the hint! My problem was, that I had a DC acting as a DNS and forwarding all unanswered queries to the POPs DNS (and not to pfsense) …

to answer my own question…I think...unless there is something wrong with this method that I am unaware of...

I decided to see what Mr. Ullrich meant by reuse the cert so I went in there and found that there is a way to create them. 
There is a link in the word create in the middle of the webGUI SSL certificate/key section.
as long as you fill out every field in there you will get a matching combo.

sslexplorer even has a built in java vpn client. It's pretty cool. Just forward the configured port to the ssl exporer and configure your users/apps there. I tested this at our office. works great.

@jeroen234:

rad you post 4 times still don't get it what you want

i have a transparend squid proxy running on pfsense and the portal

users get the portal first
afther login the reqest is diverted from port 80 to squid port 3128

Thank you, I got possible to use the HTTP (80).

Installation of package was not possible so that PFSense applied it in local address, and an answer became slow

However, HTTPS (443) and FTP (21) seem to be impossible by this method.

Is there a method according to anything?