Looks like they only allow the site to be accessed by the domainname. If you add the IP to the allowed IP Adresses you can access the site by the domainname. This is not a captive portal issue, it also happens without using the captive portal. It's just the way this site is setup. Use the domainname to access the site through the captive portal.

Ok downloaded RC2 and did a clean install.  I installed the squid package and got the squid -z error still.  I ran the command in the shell and fixed that.  But it still will not run.  Here is system log

Aug 2 16:20:56 syslogd: kernel boot file is /boot/kernel/kernel
Aug 2 16:21:05 squid[5511]: Squid Parent: child process 5514 exited due to signal 15
Aug 2 16:21:06 Squid_Alarm[6268]: Squid has exited. Reconfiguring filter.
Aug 2 16:21:06 Squid_Alarm[6270]: Attempting restart…
Aug 2 16:21:06 squid[6273]: Squid Parent: child process 6276 started
Aug 2 16:21:09 Squid_Alarm[6286]: Reconfiguring filter…
Aug 2 16:21:12 php: : SQUID is installed but not started. Not installing redirect rules.
Aug 2 16:21:12 php: : SQUID is installed but not started. Not installing redirect rules.
Aug 2 16:21:14 squid[6473]: Squid Parent: child process 6475 started
Aug 2 16:22:42 dhclient: New IP Address (le0): 192.168.3.156
Aug 2 16:22:42 dhclient: New Subnet Mask (le0): 255.255.255.0
Aug 2 16:22:43 dhclient: New Broadcast Address (le0): 192.168.3.255
Aug 2 16:22:43 dhclient: New Routers (le0): 192.168.3.3
Aug 2 16:22:43 dhclient: /sbin/route add default 192.168.3.3
Aug 2 16:22:47 php: : Informational: DHClient spawned /etc/rc.newwanip and the new ip is wan - 192.168.3.156.
Aug 2 16:22:48 php: : Creating rrd update script
Aug 2 16:22:48 php: : Creating rrd graph index
Aug 2 16:22:50 php: : SQUID is installed but not started. Not installing redirect rules.
Aug 2 16:22:50 php: : SQUID is installed but not started. Not installing redirect rules.
Aug 2 16:23:43 squid[7449]: Squid Parent: child process 7454 started
Aug 2 16:23:44 (squid): The dnsserver helpers are crashing too rapidly, need help!
Aug 2 16:23:44 kernel: pid 7454 (squid), uid 62: exited on signal 6

Thanks
Jason

Could I also suggest that maybe when the squid package is installed it makes a tab on the logs page so you can view the squid logs.

@angelcabello:

I am searching how to include this changes in the distribution.

Submit your changes as diff against the latest head version of the modified files. Just add them here as attachment and we'll review and consider including them.

I tried to push it up via firmware upgrade to save some time, but no go.  I will wipe the box & reload. This time I will enable the other two nics in bios prior to the install

Hi,

yes, gateway, and dns are pointing to the firewall.

The captive portal is still one of the most actively developed parts of m0n0wall. Maybe you should suggest such a change at the m0n0list as we due to that are syncing pfSense's cp against the m0n0 code frequently without changing too much.

Sorry for my mistake, when squid is configured in transparent mode captive portal work very well but proxy server is running as “if();” . It’s any chance to run squid in transparent mode with captive portal ?

it's me again :-)

things go better, i can now authenticate my users with NAS-Port-Type and NAS-Identifier attributes.

but there is one more problem : it seems that called-station-id and calling-station-id are not sent by pfsense, users are always refused if i try to authenticate with called-station-id="pfsense wan IP" and calling-station-id is empty in the radacct table.

what gives ?

Thanks, we are aware of the bug.  No need to confirm further.  What we need is for people to test a recent shapshost from pfsense.com/~sullrich

Maybe I didn't explain correctly the problem. I have enabled every minute reauthentication in the captive portal page. It happens that when I shutdown the radius server (simulating a failure of the server) people who are logged on can continue surfing the web while people that are not logged cannot logon. The problem is that people should be logged off automatically when the radius server isn't available preventing them from surfing the web without their activity beeing accounted. Maybe it could be solved if, when enabling "reauthenticate every minute" captive portal disconnects clients not only when it receives an ACCES-REJECT from the radius but also when the radius doesn't answer the ACCES-REQUEST by the router.

Thanks

@namezero:

Looks like m0n0wall's beta 1.23b1 has improvement on that issue:

hanges in captive portal (jdegraeve)

* fixed a bug in the way we handle authentication mechanisms (potentially allowing double logins and faulty locking)
    * add support for different MAC address formatting styles
    * add support for per-user bandwidth limitation (using well-known WISPr RADIUS attributes)
http://m0n0.ch/wall/beta.php

So if you're really stuck, you might want to take a look at m0n0wall for the mean time.

We have already backported this code to HEAD but it will not appear in 1.0.  I agree with namezero, if this is such a big issue then please run m0n0wall.

You have to use the dns-forwarder of the pfsense for the wireless clients. Otherwise it can't redirect to the captive portal page. Set up your LAN DNS server at system>general and assign the wireless clients the pfsense wlan IP (done by default). Also uncheck "block private IP ranges" at interfaces>wan.

Got it.  I've sent it to the m0n0wall Captive portal author.

Thanks!  It can definately be taxing at times.  And the amount of grey hairs on my head seem to be multiplying *4 very rapidly :P

You have the portal set to be enabled on the opt1 interface?    Did you add a rule to allow that subnet out of the firewall?  By default it won't allow traffic on that interface to pass.  You need to add an allow rule under Firewall -> Rules -> opt1

Have you tried removing the 2wire device and testing with just a wired connection either directly into the pfsense box or through just a hub or switch?  I had nothing but bad luck with those 2wire devices 3-4 years ago when I tested them as DSL CPE.

Something else to try, can you go to http://192.168.1.1:8000 ? (assuming that the opt1 address is 192.168.1.1)

I just set this up to test and it works fine for me (minus the 2wire device).  I'll wager you just need a pass rule for that subnet on that interface.