@m4tzen said in Captive Portal - Used Voucher could be reused:

-> Does this mean ... after the "reboot" of the Router/Device, the enduser need to login again equal if the enduser device have an applied and enabled voucher code?

Yes.
After the reboot of pfSense there are no logged in users - the ipfw firewall (rule) states are nor saved, users have to re login.
I advice you to try it out - see for yourself.

@m4tzen said in Captive Portal - Used Voucher could be reused:

-> we are new on this Software ... s we dont have any experience about how much update's are deployed in a year. BUT we will upgrade/update all the time to the latest version ...

A couple of times a year.

@m4tzen said in Captive Portal - Used Voucher could be reused:

Some more question to the IDLE TimeOut ...

The captive portal was been designed to give temporary "non trusted clients" Internet access.
Your typical railway station, hotel, camping, restaurant, ** or to some extend even your own house that you rent to strangers.
The clients just come by, stay some time, do their thing (typically : updating their FB page) and then leave the premises for good.
A idle timeout, and hard time out, is needed so the ipfw tables don't get cluttered up.
Idle time out happens if the device left for the day (or was shut down for the day) : his owner should re login - and this is possible as long as the voucher remains valid.

** I forget : some are running pfSense Captive portal on aero-ports. Tens of thousands of captive portal connections all the time.
These huge system will die in minutes if an idle time out isn't set.

If, for example, 8.8.8.8 is the DNS server used by the clients, and 8.8.8.8 is added to the "Allowed IP addresses" tab, then you can resolve DNS requests from your client PC's (test that using nslookup for example).

You can also 'see' that the IP's are pass-through : go to console or SSL access, enter option 8 - and enter :

ipfw table all list

You will see the IP's white listed in a table.

But, normally, you shouldn't alter any DNS settings, and keep the DNS Resolver running on pfSense.
This way the captive portal will work "within 3 clicks" (test this ! and only then move from this position by understanding each step before taking it ☺ )

@magokbas Thanks, it worked!

Yep.
At this moment, using the current version, you should stop editing the portals settings when you have put it online.
This shouldn't be a big deal I guess, ones the settings are fine you're done with it anyway.

https://github.com/pfsense/pfsense/pull/3640#discussion_r199824018

Augustin-FL 8 hours ago • For the main CP zone : Because currently when settings are saved, captiveportal rules are re-appplied unconditionally to the network interface, meaning all ipfw rules are unconditionally flushed. **This is a big problem when editing captive portal settings while some users are connected : When saving the settings, users go technically disconnected and are redirected to the login page (because ipfw rules are flushed), but they are still considered as connected and are unable to log-in again(because they are still present in the sqlite database).** I solved this issue by flushing SQLite DB when rules are re-generated, and i also added a warning "Some users are connected, they will get disconnected. Do you want to continue ?" on the GUI. For the RADIUS database : because this database is now obsolete, captiveportal don't use it anymore.)

Hi,

The cookie solution isn't a perfect solution at all.
Did you thread the entire https://forum.netgate.com/topic/69307/captive-portal-manual-logout-page-address ?
Do so and you find out why.

Don't worry, that error was repaired. That's why new versions come / came out.

So, you have a choice : upgrade if you don't want to repair the captive portal_disconnect_client () function yourself ^^ (btw : easy PHP code - you could even look into github to see what was edited when and why so the error was cleared).

@asbonet said in Import Multiple Users Accounts CP + FreeRADIUS:

I have been able to add users now and authenticate them though mysql using the radcheck table but i can not figure out how to get the attributes such as Max-Daily-Session := 3600 to be linked with the Accounts that i add any help on where i need to be adding this attribute and how to link it with the user.

Thanks
  :) :)

How did you import multiple users into pfSense? is there anyway to do that without sql?

Why would you think that your wireless routers should send traffic to pfsense in the cloud? WTF is your IPs suppose to show us? 1 is for sure rfc1918 the 10.x and the other might be 172.x other is public I take it with 146.x

It is much easier if you just attach your drawings to your post vs links to other sites - that may or may not be blocked dependng on the viewers connection.

@21hertz said in Windows 10 (?) users cant login:

What I can confirm though, is that pfSense still has some sort of bug with “Allowed Hosts”. Sometimes it takes a couple of minutes and sometimes it doesn’t work at all, when you have entered a value / domain.
It seems like the list of domains that you enter in “Allowed Hosts” isn’t applied to the rules as it should. Feels intermittent. This was a actual reported bug in an earlier release (don’t remember which version).

The "allowed hosts" is easy to "debug".
Add your host, ad then look at the generated ipfw rules (this page is very useful : https://www.netgate.com/docs/pfsense/captiveportal/captive-portal-troubleshooting.html - it has told many, many portal admins that they shouldn't break their DNS before operating a captive portal - or, using more common words : Captive portal will not work better as our DNS).

Btw : In case you didn't know : if you use the Allowed host to let portal visitors visit public Internet sites before authentication, be careful : even the most dull WordPress index page includes tells your browser to search for additional info at Google, FB, and else where. These places - hosts, are of course not allowed, so the principle site seams broken, or even the Allowed host entry doesn't seem to work.

** Don't add a host without checking first with nslookup, dig or your favorite DNS tool.

I don't use vouchers, neither selling access time.
I just need to guarantee an Internet access for my clients.

@gertjan said in Free wifi Acccess on first 15minutes Captive Portal:

tw : I didn’t test drive this - I just read what is explained on the settings page of the captive portal.

@gertjan That url is broken.

I am using pfsense with unifi (ubnt) wireless APs, and they already introduce Facebook authentication. So there is an alternative to make it work without pfsense support.

I would personally prefer to be able to configure it in pfsense, where I already have most of the networking configuration.

Gertjan,

Thanks for your reply. Fun fact; I've managed to do the same thing yesterday and got it working.
Good to see that I've done it right. I'll make sure to check the links your provided!

Thanks again dude.

Cheers,
Lex

Ok... Without some details nothing for anyone to help you with.

Were you just wanting people to know, or did you actually want some help with your issue?

Here from that info this is best can offer
https://www.netgate.com/docs/pfsense/captiveportal/captive-portal.html

@becasist2 said in Voucher tickets fails sometimes after updating:

The devices with the MAC included in those lists can connect without a Ticket, the devices without the MAC in this lists have to put the ticket code in the Portal Captive Index page, am I wrong?

Noop, you're right - it works like that.

Thank you very much for your help Jimp

Hi,

@tjthomas101 said in How to create a captive portal without username/password:

Unless anyone has a better idea, I’m still all ears.

Consulting the Chillispot support site ?
(but the solution looks ok to me)

@p3n6 said in Reduce length Voucher:

@Gertjan
Is this being done in pfsense

Yes.
Use the console access, or better, enable SSH access, access SSH (Putty is your friend here) and use option 8.

or do i need to run a command?

Yes.
You asked for non-standard possibilities. You'll be needing a keyboard.

Can you provide a screen shot?

Never used vouchers myself.