@deniz-sahan said in pfsense colocation sharing the same mac address filter:

to summarize, how can ı edit the config.xml without reboot the system?

You could take some info from the config.xml on site A - but, as you already found out, if you store it in the config.xml on site B : the info isn't taken in account.
On site B, your script should be (partially) PHP based. You should use the PHP code that already exists, the same one that the GUI is using - to apply and store the info.
See this file http://your-pfsense//services_captiveportal_mac.php?zone=yourzone how it's done.

@Gertjan but i want to enfore one voucher at always on same device...

thanks Mr. Jimp i use the "text-transform" and solved my probelm

@gertjan

great info from you sir, thank you for that

Hi,

Your Freeradius can be situated anywhere - not only local to pfSense.

It is possible that you make your own logging page that includes all the logic (probably API access) to the facebook, google, twitter family. In this case your page would be somewhat more complex as a simple html line-up.

There is no "click here and click there" and pfSense handles user identification with Facebook or Twitter.

From what I understand reading this : https://www.netgate.com/blog/netgate-integrates-pfsense-with-google-cloud-identity.html something is coming up using Google.

@gerardonoh

@stephenw10

hi steve i think it solved i change wan connection from dhcp to pppoe the problem solved in some device

thank u

@jimp said in Client can not connect https://www.google-analytics.com:

A site like Google uses many different random addresses from a CDN for its sites. When you set an allowed hostname, the firewall resolves the host in DNS and uses the addresses it received. When the client attempts to contact the site, it will almost certainly receive a DNS response that is different than the firewall. Since the client is attempting to contact an IP address that isn't in the allowed list, it is blocked.

Thank you so much.

@derelict said in I cannot used google analytics for captive portal:

That sounds like it is post-auth so there is no need to pass the traffic to google analytics. The portal is already bypassed in that case.
I dont think so. I had added domain www.google-analytics.com to Allowed Hostnames. This is domain Google's endpoint for track GA. But sometime client in private network cannot connect to https://www.google-analytics.com.
The same thing happens with the case domain ww.google.com.
I think google used many ip for www.google-analytics.com and Allowed Hostnames can not update mapping ip with domain.

Looks like that functionality was lost on the conversion to the user manager. It distinguishes by service but doesn't let you customize per zone.

I added https://redmine.pfsense.org/issues/8998 with some ideas on fixes for the next patch release.

problem solved using this solution

link text

@jimp
I need voucher to be 5-6 characters ideally and 7 chars at most.
I copied those from some post about reducing the length of the voucher from a post floating on this forum.

@rdugaue said in External wifi router and Captive Portal. (possible?):

@derelict Yes, if I had spare lan port to do this I would have long ago. The sg-1000 has 1 wan/1 lan.

So get a managed switch and use VLANs to separate your inside network segments or get a router with enough ports for your use case.

this issue continues since the previous version. previously reported.
https://redmine.pfsense.org/issues/8514
https://forum.netgate.com/topic/132264/unable-to-login-loop/6

@gertjan

I know is possible but how the connection is done that's what I wanted to know. I currently have Ubuntu Server running MySQL how to connect it to the pfsense freeradius server is my problem.

Thanks

Hi, see, for example, what has been said here External wifi router and Captive Portal. (possible?).

If you have some time ( a small hour), take at look at the official videos mentioned in that thread. All issues I've seen for the last ten (10 ! ) years are treated.

As far as I know, there are no problems using any recent browser right now.

See for yourself pfSense Hangout Captive Portal - May 2017 - start at around 51 minutes, 20 seconds.
See the entire video - it's worth it, every second ;)

Hi,

Check :

0_1537005240365_86fe0274-6e78-47fd-8806-10511b965624-image.png

The device (PC) is still connected to the network. But all traffic will hit the firewall, and no pass rules present any more.
A login page will appear if that device (PC) throws out a http://www.google.com using a browser.
It's perfectly normal that that device (PC) can ping the IP of pfSense and DNS works, otherwise the captive portal would never show up.

Btw : the "private public key " is just a way to generate the Voucher codes so that people can't fabric their own codes, nothing more.
What also would make showing up the captive portal : shut down the network connection like pulling out the cable or shutting down the wifi. Wait a couple of seconds, and activate again. The OS-magic will make a hidden test-http request for you, and the portal login page shows up again.