@free4 Sorry for late reply was busy with one Project. Since I added given below code to Login and Error page no error reported so far ( almost 5 days now ) Its a labor camp having any different mobile brands like Oppo , Redmi, Apple, Samsung, HUAWEI, Honor. you just name it. I have two sites in production on 2.5-Dev since one year two only services, Load balancing & Captive Portal ( Voucher ) <input name="redirurl" type="hidden" value="$PORTAL_REDIRURL$"> <input name="zone" type="hidden" value="$PORTAL_ZONE$"> current issue on both sites I am having is related to PHP-FPM repeatedly given errors appearing in syslogs Dec 22 22:56:14 kernel pid 72021 (php-fpm), jid 0, uid 0: exited on signal 11 (core dumped) Dec 22 22:38:44 kernel pid 58075 (php-fpm), jid 0, uid 0: exited on signal 11 (core dumped) Dec 22 22:38:07 kernel pid 15969 (php-fpm), jid 0, uid 0: exited on signal 11 (core dumped)

@chicongdhv You see the clients connected in the StatusCaptive Portal page, but when you use the ipfw command (see link above) there are no connected user ? Use ipfw table all list and list what are in these tables : --- table(cpzone1_auth_up), set(0) --- --- table(cpzone1_auth_down), set(0) ---

@marwa are you using pppoe server in pfsense ?

@prophet there was a bug in the past (traffic continues to be limited if there is any value in upload / download limiters of the captive portal. Even if the checkbox for enabling speed limits is unchecked) Could you try to enable the speed limiter of the captive portal, remove any value in upload/ download then disable the speed limiter again?

We have resolved the issue we experienced with iOS14 / Big Sur CNA by switching from the DNS forwarder to DNS resolver, and enabling SSL/TLS queries and DNSSEC support. We've been meaning to do this for awhile anyway. Regarding the API: Since Android and Apple already have support for the draft spec, it would be awesome to see this come to the captive portal roadmap.

https://forum.netgate.com/topic/97205/template-roll-printer-with-options-for-2-2-6-2-3-2-3-4-2-4-0

Application that pre-fils html login fields AND click the default ok button on an arbitrary html form might exist. The first part, filling in the fields, is something every browser does these days. Nothing new here. Doing an auto login .... something tells me that's actually a security issue. Btw : never had the luxury to try or even own an 'Android' based phone. The pfSense captive portal I manage for more then 10 years, for a hotel, can't be based on some type of device using some app. It should work for every device, every time.

@Gertjan Thanks a lot it works also on my side Iwas just trying to avoid giving access to all the portal menu.

@edicastro type the command line ipfw table all list The result should indicate you the status of the two ipfw tables named xxxxx_pipe_mac These tables indicate who is connected

@free4 said in Quota Exceeded- client could relogin again: @viktor_g said in Quota Exceeded- client could relogin again: This is no supported by LDAP auth backend I guess it is? https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754417(v=ws.10)?redirectedfrom=MSDN What you mean? This articles is about RADIUS, not LDAP.

@free4 some model of Android phones such as Huawei allow you to configure your phone as a hotspot router while connected to another hotspot router with a simple click of button.

@Gertjan Thank you. I'll try to find right web-portal to ask my question than. Have asked this on StackOverflow but I am still ignored there ))

Well, the advantage of open source is : you can do what you want, so there are many ways. Something like this - it's executed every 5 minutes by a Munin client : <?php require_once("/etc/inc/util.inc"); require_once("/etc/inc/functions.inc"); require_once("/etc/inc/captiveportal.inc"); /* Read in captive portal db */ /* Determine number of logged in users for all zones */ $count_cpusers = 0; /* Is portal activated ? */ if (is_array($config['captiveportal'])) /* For every zone, do */ foreach ($config['captiveportal'] as $cpkey => $cp) /* Sanity check */ if (is_array($config['captiveportal'][$cpkey])) /* Is zone enabled ? */ if (array_key_exists('enable', $config['captiveportal'][$cpkey])) { $cpzone = $cpkey; /* Zone selected -> count users and add */ $count_cpusers += count(captiveportal_read_db()); } echo $count_cpusers; ?> and the info retrieved, the number of logged in portal users - is used to generate this. The code above is what ne would call a Munin plugin. Many others exist.

@mohkhalifa Well, I found 2 threads about Microsoft NPS posted by you in CaptivePortal category, and I am glad that you figured out how to use Microsoft NPS as radius server for pfSense authentication. It's better that you can take some time to share your experience in your own thread, It will help me and others who may got the same issue.

@free4 thank you for the info! I will look if I can find a release date. Perhaps it is worth to wait a bit with the upgrade

@mephisto Did you eventually figure it out? I'm in the same situation. Appreciated any info you can share. thanks

edit : see below - bottom - 0.15.7_17 includes this edit. See here https://forum.netgate.com/topic/139132/need-help-on-max-daily-session-attribute?_=1600411248200 pastebin.com (do not post it here) your /usr/local/pkg/freeradius.inc file. Just search sql1 {$varsqlconf2authorize} } and add there : dailycounter monthlycounter noresetcounter expire_on_login just before the line with EOD; Save, stop FreeRadius, start FreeRadius and again, keep in mind settings are thrown away if you upgrade the FreeRadius package. But re editing (if needed) is so easy .... edit : I just upgraded FreeRadius to 0.15.7_17 and this edit (patch) is now included.

@free4 I will definetely have a look at that. Thanks for all the help, i really appreciate it!

@Ahabash you are already able to do that. Using DNS logs+ captive portal logs, you can check which user accessed which website. If you are looking for the precise URL (and not just domains) : please be aware that most of websites are in HTTPS nowadays (which mean : you can't).