@coach Remove the cisco 4221 router. Just use switches. See that the the portal works. See that it uses IPv4 and MAC addresses to function. Just for my own curiosity : Really, a router on a captive portal network ? Where did you get that idea from ? Not the pfSense manual.

@moelharrak said in use FQDN instead of IP: is there a way to use a FQDN instead of an IP address ? It's even advisable to use FQDN instead of a bare 'IPv4'. The "http" access is just for the kick start of the captive portal: a real captive portal should be setup up to a https based portal, and use a trusted certificate so you can (have to !) use FQDN Do not use a self generated certificated for obvious reasons. Do this : install the acme.sh package, understand what it does, what 'Letsencrypt' (certificates or "https") is all about. What registrats are supported. get (rent !) a domain name with one of them. keep it simple : ask a wild card certificate for your domain. Like *.whatever.tld - so now you can use a the FQDN "pfense.whatever.tld" to access your pfSense, [image: 1625468260902-4326294f-5a70-43c7-9230-8f72cec8e469-image.png] and the FQDN "portal.pfense.whatever.tld" for your portal Inform your unbound resolver about the host override "portal.pfense.whatever.tld" : [image: 1625468111247-c0da646a-d8e7-4094-bd34-ec3b6d210c43-image.png] where 192.168.2.1 is your captive portal interface IP. Now, select the https access on your portal : [image: 1625468203096-21d77874-ffdd-4297-99d5-56bdf16f891b-image.png] Done. edit : see also the official Youtube > Netgate offical captive portal video's. Or use one of these. This one is recent and looks ok to me.

Experimented with & on an Intel box. ie: ipfw table CaptivePortalZoneName_pipe_mac add any,04:33:C2:64:65:E1/&ff:ff:ff:00:00:00 3002 ipfw table CaptivePortalZoneName_pipe_mac add 04:33:C2:64:65:E1/&ff:ff:ff:00:00:00,any 3003 Running these from cmd line within pfSense seemed to soft brick it, but runs from serial shell. It populates in the ipfw table with the /24 syntax, which tells ipfw has some idea of what's up but maybe something wrong with their hashing? --- table(CaptivePortalZoneName_pipe_mac), set(0) --- 04:33:c2:00:00:00/24 any 3003 0 0 0 any 04:33:c2:00:00:00/24 3002 0 0 0 Restarting the Captive Portal service does not flush the ipfw table, but I don't have a foolproof way to prove the table is "loaded and active" vs this functionality not working as documented by freeBSD? Router reset flushes manual entries, and in the couple minutes of ctrl+f I couldn't find the path in captiveportal.inc for the SQL db. I'm open to any suggestions. Have several good restore points and comfortable in the serial terminal, so I don't mind temporarily bricking something for testing purposes.

Thanks @jimp Adding an "Allowed IP Address" of 239.255.255.250 for SSDP (Roku Discovery, DLNA Media, Sonos, UPnP + More) to the captive portal did the trick. Thanks a bunch I've also added 224.0.0.251 for mDNS / Multicast DNS (Chromecast Discovery + Bonjour + More) Works like a charm now :)

You mean this file /var/db/captiveportalxxxxxxxx.db ? This is SQLite3 file - it says so itself : [image: 1624635152269-e2f234dd-8c71-464e-9d6d-33c449cfd7b0-image.png] As pfSense, you need this to interact with it. Good news ; pfSense has the sqlite3 PHP extension loaded. Friendly warning : the simple fact you had to this (IMHO : simple to find out yourself) means that you should not 'mess' with it. Removing a 'record' in that database is can be done with these button button : [image: 1624635290823-aa81f840-6474-4ec2-9c35-c79fa76a83d4-image.png] The other info stored in it (per record) is : allow_time INTEGER, pipeno INTEGER, ip TEXT, mac TEXT, username TEXT, sessionid TEXT, bpassword TEXT, session_timeout INTEGER, idle_timeout INTEGER, session_terminate_time INTEGER, interim_interval INTEGER, traffic_quota INTEGER, bw_up INTEGER, bw_down INTEGER, authmethod TEXT, context TEXT Changing these values isn't useful, the underlying captive portal "ipfw" firewall rule won't get changed.

i solved this problem thanks.

@thisislivin said in Block MAC Headers from known hacked devices: Pfsense newbie. As we are all learning every day, So I guess we all are. But you can shift from "think you know" to "know you know" just by looking at something like this : https://www.youtube.com/watch?v=XaGXPObx2Gs&list=PLowKtXNTBypH19whXTVoG3oKSuOcw_XeW It starts with a wire, 8 conductors .... easy. By the end, you know what 'networks" are, what and IP address is, and a MAC address.

SupporteATECH asked : [image: 1623317547688-c6dfb0bc-f2f7-4683-badd-17470fa3c326-image.png] Older version had old bugs. This issue, "You are connected" doesn't exist any more. I just tried it myself : This is my captive portal zone name : [image: 1623317635684-bd467ce7-b111-4982-9613-966fde1eadf8-image.png] So this is the SQL3 database file that contains all the users that are connected : [image: 1623317701894-81ecd1fb-4825-4062-bf6b-9871f40f41cc-image.png] This file is wiped and created on restart. If this option is set : [image: 1623317772846-8a7dd18b-32b1-44bd-a6d7-55c145b52dd9-image.png] then the file is not reset. Upon reboot, the file is read, and for all captive portal users that were connected upon reboot - listed in this file, 'ipfw' firewall rules and tables are re created. See the ipfw rules for yourself. It works for me I'm using 2.5.1 CE.

@sanctify said in 1 User Per Voucher Code: @gertjan how do you upload or install this patch on the Pfsense that's these "1 User Per Voucher Code"? That question was valid in 2016, that's 5 years ago. These days, you select : [image: 1623131400246-1a3997c6-e867-4d97-b29f-6a38cc9bd176-image.png]

@free4 ThankU, I will continue working this out. Thx

@guillame I've tested pfSense with a "Nordnet" router and a satellite connection a month ago. Works well, as expected, because what the 'WAN' actually is, A/VDSL RTC, PPPoE, over Wifi or satellite, it doesn't matter.

@abraham11 I save the CSV file on the PC them open it with Excell or LibreOffice in my case. You end-up with a list of voucher numbers in Column A Then I have a second tab with a preformated print and the values of the tickets just feel the preformated print. Ready to print And them use scissor to cut them Simple and easy

nevermind, looks like a vlan issue

My Issue is different than @refugeesonline. We are facing random voucher expiry before remaining time. Almost 2500+ voucher active and few of them having this behavior. vouchers are 7 Days, 15 Days & also 30 Days. Expiry happening randomly with different rolls , one client created 1 Year voucher which I also not recommend and suggested him to use Radius authentication ( PfSense Radius ) for long terms users. We have fresh install of 2.5 stable system. NO RAM DISK, NO HA setup. All installations on SSD 480G. We have no issue with System reboots we did it few times and all is well.

Nice !! I replied yesterday -see above - to a post that dates from ..... not the spammer just above but to Erik_CH and @free4 - messages from 2019...... Woken up by some BS of Veralder who want me to look at some Swedish consultancy site - to find issue https://redmine.pfsense.org/issues/11842 - testing that solution - posting a solution for the solution .... To discover just now that it was actually a spammer ( ? ) that made me contribute to pfSense. Great. I need a drink.

Finally I found out a workaround I have another pfsense box with version 2.4.5 and on that one I was able to generate a short private and public key . So I copy paste them to the 2.5.1 box ... and bingo it works ! Six character long voucher code