@virusbcn Instead of routers you could use vlans and managed switches.
You can have all vlans coming in to pf (cluster?) and assigning them different subnets
With one subnet assigned to each appartment its easier to log things.
Otherwise, hunting mac addresses will become a nightmare.
(unless you have an onboarding procedure where macaddresses are "let in"
(and then you have win10 changing mac addresses randomly, for "security")

So its dhcp and pflogs, probably logged to an external syslog.

@Gertjan Hello, could you give me an example php, I am not really an expert in php and html, tried in all cases and I can not get it. I look forward to your help. Thank you.

@walter_leon said in Voucher remaining time:

@Gertjan Could you publish your php code that you managed to work ??, Thanks..

What code to make work what ?

If it's he remaining voucher time, I never wrote any code for that.
I rarely use vouchers and if I use them, it's marked on the voucher : "this voucher works for x hours". I'll leave it up to the user to "calculate" the end time.
Better yet ; I probably wouldn't hand over a voucher to some one (a kid ?) who couldn't do that ....

See https://forum.netgate.com/topic/147410/custom-logout-page/5

( and stop svp posting the same question in several threads )

See https://forum.netgate.com/topic/147410/custom-logout-page/5

@Gertjan Thank you so much for the link and the explanation.

I was using the book as a reference; I always forget the troubleshooting sections on the website that are packed with useful stuff.

Thanks again !

hi dboe732 do you resolve your problem ?

@Gertjan thank you for yor answer .

? ?

edit : oh, I get it. Another error.

@susobaco SOLVED !!!! The captive portal does not redirect to the login page on IOS devices

Hello, SOLVED!!!!!! After trying all possible combinations, in the end, I found the error. It was my fault, when customizing the captive portal, I didn't write the code well or I don't know what I did. Putting the default design that brings pfsense, ios devices open the login window to connect to the wifi without any problem. Thank you all for your help and patience.

@romeomarco09
you could publish the php or the files you used for this case.

@Gertjan shodan.io is a service that scans the internet for known exposure and for vulnerabilities

i remember you are french, so I link you here a video in French on the subject https://youtu.be/SxjmOFBtsvk

Thanks dear for your kind reply. I solved my problem that I created another portal to handle the pfsense CP pages to the users and now everything is going perfect EXPECT I need to add a code to my logout page to get the close event from the pages with a warning message to the users that "if you close this page will be logged-out" then if the user confirm this warning message I will force the logout button before closing.
Your suggestion is highly appreciated :)

Captive portal works best with a MAC address.

The fact you receive the MAC from your AP means : your AP is works in router mode - it's not a real AP.

Disable the router mode, do not use the WAN port if it has one - disable it's DHCP server if it has one.
If your pfSense captive portal NIC has 192.168.69.1/24 - give it a static IP like 192.168.69.2 / 24 - gateway 192.168.69.1 - DNS 192.168.69.1

@free4 it's ok now, it on captive portal user group thats why i cannot print my vouchers hehehe, btw. tnx

@Derelict Thanks!

What is your question ?

pfSense and/or the captive portal has nothing to do with a 'modem'.

Great, I haven't even reached that problem yet, I just can't get redirect to work. Guess it was just a fluke that I got it working at the 1 site.

Thanks,

@Gertjan Thanks for your reply, I'll try to change the page, in case I can't write again.

Hi,

This :

@zak_coslat said in Slow redirect after successful authentication:

Database insertion is very quick

is important.
I'm quiet sure you can also check quickly ( read this so you know how to check ) that the device's MAC and IP are added to the two ipfw tables that are related to your captive portal instance.
ipfw is the firewall the captive portal portal is using for it's magic.

Which means : it's all open ...

Btw : the GUI firewall rules for the interface that the captive portal is using are ok, right ?

If you have the possibility to add a cert - one that is signed by a know and recognized cert authority like Letsencrypt - to your captive portal's login page you will see things speed up quiet a lot. You can use the acme package to handle all the details.
The bad news is : you will be needing a domain name like "my-site-network.tld" and have to create a cert like "portal-my-site-network.tld" and use this cert on the captive portal's setup so the portal login page will get loaded using https.
( and will you're at it, ask the entire "wild card" cert for "*.my-site-network.tld" so you can also use it for your pfsense.my-site-network.tld and nas.my-site-network.tld and printer.my-site-network.tld etc etc on your local network (for all your https capable devices )