I'm able to change the PHP part of the captive portal, to make little changes and, most often, test different possibilities.

Writing something up that I'm not going to use myself (means : less testing) is not a good plan.

Btw : I already have a full time job - and I do not have spare pfSense systems to 'play with'.

You should try here.

It has to be created first.

See the "Bounties" section of the forum.

@ciidfrance said in Wrong captive portal login page redirection:

And add https://www.google.com url redirection after login but no redirection appear after login

pfSense 2.5.0 - right ??

Strange, as I'm using :

39524145-18fd-4bc4-aabc-b01a48a406e1-image.png

for years now.

It works ™

Btw : you uploaded your own "captive portal login page" ?
If so, what happens when you use the default, build in page ?

edit : oops.
I'm not using the build in User manager, but FreeRadius to identify users.
Using the local user manager, I'm not seeing "You are connected".
But "Succes".

Because (the logs tells a lot : Status > System Logs > System > GUI Service) I'm using a iPhone, and when connected to a Wifi network, it (the iPhone OS) throws out a test request over http (not https) to : http://captive.apple.com/hotspot-detect.htm

192.168.2.102 - - [10/Mar/2021:09:06:55 +0100] "POST /index.php?zone=cpzone1 HTTP/2.0" 302 0 "https://portal.local.net:8003/index.php?zone=cpzone1&redirurl=http%3A%2F%2Fcaptive.apple.com%2Fhotspot-detect.html" "Mozilla/5.0 (iPhone; CPU iPhone OS 14_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148"

I'll inspect this situation somewhat later on.

It does remind me of an identical issue that happens a year (or so ,) ago.
You'll find references - and a possible solution for it - in the forum.

edit :

The message

You are connected.

Is shown when, according the code :

/* If client try to access captive portal page while already connected, but no custom logout page does exist and logout popup is disabled */

edit 2 :

At this line :
https://github.com/pfsense/pfsense/blob/0d8a927099acaa50479c2616265541bdeb6c27a9/src/usr/local/captiveportal/index.php#L110

Line 110 :
Paste this :

if (!empty($cpcfg['redirurl'])) { /* 2021-03-11 https://forum.netgate.com/topic/161673/wrong-captive-portal-login-page-redirection/10 According the GUI : "After authentication Redirection URL - Set a forced redirection URL. Clients will be redirected to this URL instead of the one they initially tried to access after they've authenticated. */ log_error("Zone: {$cpzone} - Captive portal : redirurl = {$orig_request}"); $redirurl = $cpcfg['redirurl']; }

It's a workaround.

The test is taken just a couple of lines above.
It's the third one that assigns the $redirurl in the GUI.
But if your browser was using a 'test http request' to detect the portal, it's this one that takes precedence : the second test - and that one nearly always 'wins'.
At least, for the Apple family, it does.
Sorry, can get my hand s on a samsung

@jangchu-dorji said in Fatal error: Uncaught Error: Class 'mysqli' not found:

What could be probable error

You said it yourself :

Class 'mysqli' not found

This = /var/etc/captiveportal_jan.htm is a working copy of your own uploaded captive portal page.
It is asking (wants to include include) PHP MySQL support - client or server, and it wasn't found.

From what I remember, you've been patching your pfSense way back in the past. And or added other FreeBSD packages like MySQL client or server support.
Upgrading normally undoes that patching.
That brings a dilemma :
Yo have to redo the patching, but this time the files that need to be modified are different, their content did change over time.

Or remove the uploaded captive portal page, and use another one, like the default page.

Where did you get your patch from ?
Ones you start to patch, you need to maintain it yourself so it works with future pfSense version.

@youzersef said in captive portal url:

The problem for https that i need ssl certificat. "LetsEncypt" for exampel need renew every 3 months and i can not do

The acme package will renew the cert for you - you have nothing to do.

@youzersef said in captive portal url:

and also i can not leave the port 80

And you're right. And you don't have to open nothing. There are far better ways.
You'll be needing a domain name. That will not be free. Something like 5 $ a year ?
But, take the time to chose the right registrar. One that is supported by acme : see here for all the details.

@youzersef said in captive portal url:

Or i need payment ssl but the ....

In that case you need a domain name first.
And you have to buy the cert every year or so == always more expensive.

@youzersef said in captive portal url:

the most of customers do not want pay regularly.

That's different, but I guess these people are not what I would call customers.
The easy way : don't work for these people.
most of customers do not want pay regularly.

@gertjan
Thank you for kind suggestion it had hlep me so much.For now i have intsalled fresh pfsense and upgraded.After that we worked.

Thank you Gertan

Hello @Gertjan
Yes, you're right. Thank you for your support.

@gertjan

Yeah! you're right and thank you!

@serlogo53
After more then 6 years, pfSense still doesn't have a API or 'cli' access to all it's settings.
pfSense is web based.

It can be done, of course, as the GUI is after all just good old plain PHP.

If you are using and can work with FreeRadius : https://wiki.freeradius.org/guide/mac-auth#plain-mac-auth

But ..... check out /usr/local/etc/raddb/sites-enabled/default, line 24 :

##### AUTHORIZE FOR PLAIN MAC-AUTH IS DISABLED #####

which means you have to modify the FreeRadius pfSense packet source files yourself .....

Update on this.

I already found the "ipfw.ko" kernel module. It's not loaded that is why Captive Portal Per User Limit is Not Working.
I tried loading it manually from the terminal. And guess what, my box went down. I had no choice but to fresh install then restore backup config.

Its restored now. Also the Per User Bandwidth Limit is now working.

@gertjan said in Need some clarifications for Concurrent User Logins:

@1ntr0v3rt3ch said in Need some clarifications for Concurrent User Logins:

If User A turn off his/her wifi, how many minutes does it take to completely logout?

Whatever comes first :

b2bff013-8ba0-43c6-a26d-b24a9d7cb556-image.png

thank you for this settings sir!

@free4 Thanks for the response. The reason I ask is that even having the members in the right group, no one could authenticate until I disabled "Local Privileges Option". Maybe it's not a big deal since it is working.

Maybe "Local Privileges" refers to local pfSense box login?

@free4 Thanks! That's helpful. But that leads to other questions. :)

If the pfSense default CP login is felixhaeberle design, I would still like to edit more than what is allowed in the pfSense GUI. For example, I would like to text similar to "User ID and Password are case sensitive". I also do not want any logo displayed and don't need the space reserved for the logo.

This is for a home guest network landing page. I need to keep it really simple. Thanks!

@viktor_g There was issue with HDD and I've replaced it with SSD and now everything works fine. Vouchers backup is working properly.

@ibabul89 yes custom build with Supermicro server

@monaco said in background graphic is not displayed:

Furthermore, I have created my own login website and put it via winscp into the directory /var/etc.

Why do you think you need winscp (sftp) ?
Why should you need to place manually files here /var/etc ?

You should use this :

c0963839-ab75-450b-8015-5ac7b872ecdf-image.png

to upload files like style sheets and images etc.

<p><a href="http://www.a.tld/" class="linkExternal"><img src="captiveportal-nvxx-logo.png" class="centerImage" alt="An Alt text></a></p>

captiveportal-nvxx-logo.png is the file name of an image used in my 'html' login page.

The web server used to show this login page is chrooted into /usr/local/captiveportal/
In this directory, pfSEnse creates, when I upload a file, a symbolic link to the place where the real uploaded file exists, as they are not stored in /usr/local/captiveportal/ :

rwxr-xr-x 1 root wheel 43 Jun 3 2020 captiveportal-2style.css -> /var/db/cpelements/captiveportal-2style.css -rw-r--r-- 1 root wheel 82730 Jan 31 2020 captiveportal-default-logo.png lrwxr-xr-x 1 root wheel 45 Jul 4 2017 captiveportal-nvx-logo.png -> /var/db/cpelements/captiveportal-nvx-logo.png lrwxr-xr-x 1 root wheel 46 Jun 3 2020 captiveportal-nvxx-logo.png -> /var/db/cpelements/captiveportal-nvxx-logo.png -rw-r--r-- 1 root wheel 5686 Dec 10 2019 favicon.ico -rw-r--r-- 1 root wheel 9718 Nov 20 08:54 index.php

Know you think you know that uploaded files are stored in /var/db/cpelements/
Which is also wrong ^^
They are stored in the main /conf/config/xml file.
And, when needed, extracted into /var/db/cpelements/ They are overwritten every time you change portal settings.

Will be in the next FreeRADIUS pkg update (0.15.7_28)

@moelharrak Been doing this for quite a while now. pFsense Captive portal with freeradius authentication and MySQL as backend database. What I did was modified our PMS System (Hotel software that we created) to insert into the radius schema the needed information so that guest can authenticate to when connecting to the wifi. In this case I decided to use the Room number as the username and the last name of the guest as the password.

@free4 Sorry my friend.
I have that scenario of a university network, I have my captive portal configured with Radius authentication on my Windos Server 2012 server, but I need my captive portal to go out through the Wireless Lan Controller and go to all the connected Aps. That is my question and I wanted to know what solutions I can have regarding this. I thank you in advance for your help.