Hi,

Captive portal on a WAN interface ?
Never saw that before.
It should be on a LAN type interface.

@lukas333 said in Apply Captive Portal only on 1 internet:

and need MAC restriction only on the WAN

Same thing. MAC restriction can be enforced by the captive portal MAC tab, or if you use FreeRadius.
You can also enforce MAC access by setting up static leases for DHCP server - and refuse unknown MAC's. A DHCP server runs of course on a LAN type interface.

edit : I don't have multiple WANs so I don't use and don't have expedience with load balancing.

well

first of all HLR don't exist in phone networks anymore. we are now in the age of 3g and 4g, HLR have been replaced by HSS.

second of all, unless you are a government agency, you can't have access to such data, for obvious safety reasons. you are not allowed to track the location of any user you want

third, the recommanded way to check that a phone number really belong to someone, is to send a confirmation code to the phone.
this is what banks do for verifying an user's phone, so you should be safe with it

in order to do this, you could either code your own system using a sim card reader, or use an external services for this. multiple companies are offering this services. you can type "confirmation SMS API" or "F2A API" on google to find one

@D3messiah said in Up limiter in captive protal cannot be deleted:

When trying to delete or disable the Per-user bandwidth restriction it has no effect.
....
I did not use traffic shaping

When you use the "Per-user bandwidth restriction", you actually instructed to 'ipfw' to build pipes for the connections, these pipes produces the band with restriction. I guess this is pretty close to traffic shaping ^^

When you de-activate the captive portal on an Interface, ipfw won't run any more. That ends any "bandwidth restriction" related to the captive portal.

As @free4 said : show us the

command when the portal is down.
If you don't use any traffic shaping else where, then something bad's going on.

Don't use less then 2.4.4-p3. You'll get bitten by other bugs.

@schabi said in Captive portal always bypasing:

Ah wtf, I din't see that. How did this setting even get there?

Config changes are logged - so bring along the baseball bat, and consult the log ;)

@kramtw said in Freeradius stop working:

Parse error

Hi,

As stated : needed files are missing or plain wrong.
Beforere you re install FreeRadius, do a file system check (fck).

In deed the problem was the application is also using external ressources but i didnt notice the change as soon, now I downloaded whatever resources was needed and I load it locally.

That solved my problem.

Thanks!

@ishtiaqaj as everyone said, 2.2.X is end of life, no support will be provided anymore for this version.

That includes forum support.

@bryanfoo79 said in This MAC address has been blocked:

My question is how can I modify this page to something else

Somehow you totally missed what the captive portal of pfSense can do for you.

Check this :

4b0e7831-86b8-4c28-a846-1ff8326537d6-image.png

View the 3 Captive portal pfSense (Netgate) videos.

Apply this simple rule : RTFM. It's all there.

Bassically, you should write your own html (with some PHP) file that contains some mandatory info, and other text/images/whatever you like.
You'll be needing the error page aoso. This is the same page as the main index file, added to it the red line that shows a message (the error as you saw yourself).

(Sorry for my previous post, it was a mistake)

The information about vouchers that are in expired is stored in /var/db/voucher_{$cpzone}_used_{$roll}.db. This file is a binary file, and it is not exported when performing a backup.

Is it expected? Well, i'm not netgate....but in my opinion, yes. Connected users, and inuse/expired vouchers are not configuration elements and should not be saved when performing a backup.

Active DHCP leases (for instance) are also not saved when performing a backup. Because they are not configuration elements.

Yeah that is just FAIL!! 2.2 has not been supported for years.. Update to current!! 2.4.4p2, the whole 2.3.x line is not even supported any more.

... and what about looking at the graph of the interface that the portal is using ?

@riessal i have a question : is it the first Time ever that you are using a voucher on your macbook?

I mean, did you successfully connected/authencated to the wifi using your macbook (possiblly long time ago)?

@Gertjan Yes, Im aware of that.

@mtu111 can you please share the steps with me if possible for you.

@OpenWifi said in Can a captive portal voucher be fixed on only a specific Device:

Hello guys,can i set vouchers to be only used with a specific device(MAC address) and cannot be shared by another person or device.So the voucher when activated on my iphone,then i would not be able to share it with another device maybe my laptop

Try what has been said here : One Voucher Per Device
I proposed a modification that changes the behaviour of the Concurrent user logins setting. An option for "only the first login" is present.

@free4 said in Can a captive portal voucher be fixed on only a specific Device:

Pfsense support this feature. Selecting "Disable concurrent logins" will cause tout iphone to get disconnected when your laptop will connect

I maintained that possibility which has good reasons to exists.
New : the other way around : a reuse use of a voucher or login is prohibited while an active connection using that voucher or login exists. This minimizes the risk of passing along the voucher, voluntary, or not. One could loose his voucher, another person couldn't use it (again).

@curioushuman said in pfsense captive portal HTTPS:

enabling HTTPS on my captive portal

http captive portal login, or https captive portal login is identical.
The login page doesn't show up ? Check https://docs.netgate.com/pfsense/en/latest/captiveportal/captive-portal-troubleshooting.html

But you do not want to propose home-made certificates on a captive portal. Your "pfsense1.localdomain" will not be trusted by any browser - the usual error messages will show up. Most eople will (and should) bail out when they see these messages.
You need a "real" certificate, one that is recognized by every browser. Go buy one, or use the acme package.
You need to have an existing domain name !

Hi xhivo97 same problem here!

Look also at the video https://www.youtube.com/watch?v=qb5TDpihnq4&t=1043s

@safarad said in A user portal for clients:

solution

Well, you need a proxy, and probabaly more.
Read about all the Squid's and so in teh Cache/proxy forum and Traffic monitoring forum.
This will not be a click and done solution.
(be wise, do not go into this path .... many admins are declared missing since they went on the "let's analyse what users are doing" tour. In Europe, they are probably in prison. Elsewhere : ..... probably worse)

EDIT :

I tested the Captive portal on LAN, using a Windows 7 PC, and discovered that things have changed.

When I activated the portal on LAN, after setting it up, I disconnected my LAN RJ45 cable (actually, I'm lazy, so I deactivated the network card for several seconds).
When I re activated the card, nothing happened .... that's new.

I opened my default browser, Firefox, and this is what happened :

57bc1e01-50fb-4956-bc61-d596be062638-image.png

Firefox informs me that I needed some sort of account to connect !!! Which is 100 % correct.

... so I hit the button as advised.

This showed up :

d462fe6c-c209-450f-a0dd-ef701a9be7d9-image.png

So, I maintain : Windows 7 works well.