• Authentication Mysql + Freeradius3 + Pfsense 2.5.1

    1
    0 Votes
    1 Posts
    272 Views
    No one has replied
  • Vouchers and RAM disk issue

    1
    0 Votes
    1 Posts
    240 Views
    No one has replied
  • Captive Portal and multiple LDAP servers

    10
    0 Votes
    10 Posts
    1k Views
    T

    @free4 ThankU, I will continue working this out. Thx

  • Problem on the captive page login portal

    4
    0 Votes
    4 Posts
    460 Views
    GertjanG

    @guillame
    I've tested pfSense with a "Nordnet" router and a satellite connection a month ago.
    Works well, as expected, because what the 'WAN' actually is, A/VDSL RTC, PPPoE, over Wifi or satellite, it doesn't matter.

  • From Voucher CSV file to actual voucher printing

    4
    0 Votes
    4 Posts
    1k Views
    ?

    @abraham11
    I save the CSV file on the PC them open it with Excell or LibreOffice in my case.
    You end-up with a list of voucher numbers in Column A
    Then I have a second tab with a preformated print and the values of the tickets just feel the preformated print.
    Ready to print
    And them use scissor to cut them 😊
    Simple and easy

  • Single page php (using post values for logic) or multiple pages

    1
    0 Votes
    1 Posts
    304 Views
    No one has replied
  • WISPr-Bandwidth-Max speed debug

    2
    0 Votes
    2 Posts
    357 Views
    G

    nevermind, looks like a vlan issue

  • Vouchers getting Expired before remaining Time

    31
    0 Votes
    31 Posts
    3k Views
    W

    My Issue is different than @refugeesonline. We are facing random voucher expiry before remaining time. Almost 2500+ voucher active and few of them having this behavior.

    vouchers are 7 Days, 15 Days & also 30 Days. Expiry happening randomly with different rolls , one client created 1 Year voucher which I also not recommend and suggested him to use Radius authentication ( PfSense Radius ) for long terms users.

    We have fresh install of 2.5 stable system. NO RAM DISK, NO HA setup. All installations on SSD 480G. We have no issue with System reboots we did it few times and all is well.

  • RADIUS Accounting Server not Multiselect

    16
    0 Votes
    16 Posts
    2k Views
    GertjanG

    Nice !!

    I replied yesterday -see above - to a post that dates from ..... not the spammer just above but to Erik_CH and @free4 - messages from 2019......
    Woken up by some BS of Veralder who want me to look at some Swedish consultancy site - to find issue https://redmine.pfsense.org/issues/11842 - testing that solution - posting a solution for the solution ....
    To discover just now that it was actually a spammer ( ? ) that made me contribute to pfSense.

    Great.

    I need a drink.

  • Limiting the voucher code to 6 characters

    5
    0 Votes
    5 Posts
    1k Views
    ?

    Finally I found out a workaround
    I have another pfsense box with version 2.4.5 and on that one I was able to generate a short private and public key .
    So I copy paste them to the 2.5.1 box ... and bingo it works !
    Six character long voucher code 😊

  • two logins on same portal page (Voucher + No_Auth)

    4
    0 Votes
    4 Posts
    552 Views
    GertjanG

    @westr said in two logins on same portal page (Voucher + No_Auth):

    and be sent to a separate VLAN

    Somewhere on the net, a local LAN or VLAN : where ever you want.

  • 0 Votes
    4 Posts
    727 Views
    R

    Thank You @gertjan I missed one setting. It's work Now.

  • Captive portal Idle timeout and Hard timeout not working

    11
    0 Votes
    11 Posts
    1k Views
    S

    @free4
    It was working fine without any issues in previous releases
    Anyway, thanks for the information

  • 0 Votes
    2 Posts
    824 Views
    GertjanG

    Your customizing, right ?

    Use https://pfsense.yourlan.tld/system_usermanager.php as an example.

    Normally, when you use a page like "https://pfsense.yourlan.tld/system_usermanager.php" you should be logged in.
    But, as you create your won "user edit" page, you could throw away that need. Just borrow (copy) the code you need to update the user's settings - the 'saving part is happening after the line that says :

    if ($_POST['save'] && !$read_only) {

    Something like : have to look up the user ID first, and if it exists, compare the old password with what the user entered (first "old" password box) and if there is a match, update the user's password with what he entered in the "new" password second box.
    This way, you allow only known users to change their own password.

  • Empty MySQL radacct table with FreeRadius3 PFSense 2.5

    4
    0 Votes
    4 Posts
    1k Views
    G

    It's solved! I noticed that some columns were missing from the radacct table. I copied a new MySQL schema radacct table and it already works.

  • User connections miscount with captive portal + freeradius

    3
    0 Votes
    3 Posts
    549 Views
    GertjanG

    @argilla

    How do the portal user login ?
    => to log in, user have to be collected. To do this, users are redirected to the portal's web server, so a login page shows up. These credntials are posted against the portal server, who sends it to the Radius server for checking.
    When the user is authorized, a firewall rule make the users device (IP and MAC) totally transparent.
    This means it's not 'easy' for a user to get back to the login page of the portal at this moment.
    Question : does the portal user actually logged in multiple times ?

    Years ago, I detected in the "radacct" Freeradius table entries that seem be be abandone, there as a start time, but no interval updates neither a stop time.
    A newer entry for the same logged in user existed.
    This might be what you are seeing now.

    I created this :
    ac259eab-4b33-4908-89b0-d75c88395040-image.png

    <?php try { $link = new PDO('mysql:host=radius.local.net;port=3307;dbname=radius', 'radius', 'verysecretpassword'); // Check connection if($link === false) { die("ERROR: Could not connect."); } // Attempt delete query execution $sql = "DELETE FROM `radacct` WHERE `acctstoptime` IS NULL and `acctstarttime` < (NOW() - INTERVAL 610 MINUTE)"; $stmt = $link->prepare($sql); $stmt->execute(); unset($stmt); } catch (PDOException $e) { print "Error!: " . $e->getMessage() . "<br/>"; die(); } ?>

    When there are entries with an empty STOP time "acctstoptime" and a acctstarttime that more then 610 minutes in the past, that entry gets deleted.
    Now, these 'stray' entries get removed.
    I has no more issues.
    Actually, don't recall what the issue really was.
    (I should stop this cron task, see what happens)

    pfSense shows the correct number f logged in users ?

    edit :
    Can you 'debug' the radius process , like the FreeRadius3 package of pfSense ?

    You have to stop the radius process, and then launch it by hand :

    radius -X
  • Create vouchers with specific Download/Upload

    2
    0 Votes
    2 Posts
    536 Views
    F

    @moelharrak said in Create vouchers with specific Download/Upload:

    erent Bandwidth or the Download/Upload are inherent from captive portal configuration?
    and what is the best solution to create an account that can be used by many devices ( seminar for example) but also can specify the Bandwidth ?

    Hi,

    The best solution is to use a radius server (such as FreeRadius).
    FreeRadius is an authentication server. It takes some user lists as input (eg : an SQL database, a plain text file, etc...) and provide "access granted"/"access denied" messages as output.

    FreeRadius can indicate some settings to pfSense when responding "access granted" ("Access-Accept") for one user.

    Session-Timeout (a per-user hard timeout) pfSense-Max-Total-Octets (a per-user max allowed traffic) pfSense-Bandwidth-Max-Up (a per-user upload speed) and pfSense-Bandwidth-Max-Down (a per-user download speed)

    You will find more info on the documentation i guess.

  • Captive_portal in Shell

    2
    0 Votes
    2 Posts
    312 Views
    F

    @decipher2099 hi,

    It's not supported.

    You could play around with ipfw commands (the technology used by the captive portal to allow/block users) but you will face a lot of issues (such as your MACs not being displayed in the GUI, being wiped at each captive portal change, etc).

    If this feature ever existed, it would not be implemented in shell...but using an HTTP API

    Netgate had plans to implement an API for pfsense....then dropped it. More info here : https://www.netgate.com/blog/more-on-aes-ni.html

  • Segregate native and guest users via captive portal?

    5
    0 Votes
    5 Posts
    791 Views
    D

    @gertjan: That’s why I have turned off the router functionality, except for the router being able to report to the Linksys cloud servers for remote management. I have turned off DHCP on the Linksys AP and instead have turned on DHCP on the SG-1100’s OPT port. All Wi-Fi clients thus bypass the router functionality of the Velop system.

  • Log guest users traffic internal IP and destination IP

    4
    0 Votes
    4 Posts
    744 Views
    GertjanG

    @lens said in Log guest users traffic internal IP and destination IP:

    I just need to be able to prove that a certain request at a certain time was not from myself the owner.

    Another solution might be : route all the traffic from the captive portal's interface over a VPN.
    At least, use the LAN for yourself, and some OPTx interface for the captive portal.

    Btw : i'm using the captive portal for a hotel, in France. I've abandoned years ago any form of 'extra' logging. Even the MAC addresses that are recorded are fake ones, created just for our captive portal's Wifi (at least, iOS is doing so be default).
    What exists today : some IP - my WAN IP, hits some questionable IP address. Traffic content will be complete unknown as it is all TLS these days.
    Never had a message from HADOPI (except the day the night auditor decided to use our connection to download some Disney movies ...)

    These these I have the users share my single Orange VDSL "24 Mbits.sec" connection (the fibre is coming soon).

    Also : pfBlockerNG with some feeds that lists famous download peers will help you.

    The bandwidth monitoring can also show suspected 'full scale' downloads :

    3ed6ae49-68a4-44c4-94aa-f1fe1792117d-image.png

    = 4 years of stats.

    Keep in mind taht even 'Windows' uses P2P to download the winter edition of windows 10 ^^

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.