solved : i have to not use cap letters

and why can i access other zones' captives portals just by changing this this is too weird

EDIT nevermind i solved it… i addes multiple rules in the captive portal but i guess something went wrong... can anyone help me allow all those ports without causing any problem ? i suspect that the ipfw rules must have a limit or they are used elsewhere ...

can i use any other method to allow those ports before the authentication ? like with a table where there are all the ports and like one or two rules that wont cause any other problem ?

appreciate the help and thanks in advance

here are the rules i tried https://fr.scribd.com/document/379814591/Captiveportal-Rules

PS : the rules worked perfectly but caused many other problems

53 UDP (keep-state and out)
138 UDP (in out and keep-state)
137 UDP(in out keep-state)
389 UDP TCP (same)
88 TCP (same)
445 TCP (same)
139 TCP (same)
135 TCP (same)

and from 49152 to 65535 TCP (same for everyone one of them)

for what i'm trying to do : allow ports for the windows authentication through captive portal to the active directory

EDIT 2 : trying again same problem, the redirection ends up on one captive portal for all interfaces, it's like something gets messed up. when i get rid of those rules, everything works normally, so how can i allow without having to face such problems ?

EDIT 3 : Solved : https://www.freebsd.org/cgi/man.cgi?ipfw(8)

Solved, i should have used the other form : $cprules .= captiveportal_create_ipfw_rule

Hi,

Gave it some thoughts, but I think you already found the solution : add (white list) these 230 IP's.

Yep, that's a new 'feature' I guess.

For now, "do not calibrate  the system while it's running"  ;)

https://forum.pfsense.org/index.php?topic=147413.0

k, I just subscribed to Gold. The current information about Voucher Sync is out of date.
I think there should be at least something that suggests you to enable HASync here: https://portal.pfsense.org/docs/book/captiveportal/vouchers.html#synchronizing-vouchers

Asfar as I understand the current version of that section is that it would be enough to use the settings mentioned.

@drduckun:

I'm using wifi controller and firewall connecting to radius server. Everytime user connect to wifi, it will request user input ID&Pass. But this network system don't have captive portal and use authenticate with voucher.

What Wi-Fi controller are you using out of interest.

The captive portal is not a redirecting thing.

By default, close to  nothing get through the interface and when authenticated, the rules on the GUI interface are used.
No redirecting comes into play here … or I'm not understanding how you use the captive portal.

Btw, I believe this is more a wifi-radio connection issue - just cable up a device, not a phone of course, to see if the problem still exists.

Have a look at Zebra, used to use the industrial ones years ago.

https://www.zebra.com/gb/en/products/printers/desktop.html

The patch : moving a line : https://redmine.pfsense.org/projects/pfsense/repository/revisions/29a272f7361689c87dd7ad9fc1c903e843a1c593/diff/src/etc/inc/captiveportal.inc
Not rocket science.
Some text-editing skills are needed though.

Reduce DHCP lease time.

But keep in mind that the pool should be bigger as the potential number of devices requesting an IP.
If not, you'll be stressing your DHCP server and your users.

A Captive portal should run on it's own interface - so a 10.0/16 (65 K addresses) is two clicks away.

https://forum.pfsense.org/index.php?topic=146046.msg795216#msg795216

@synker:

Hi ,

where I can change the default "Nas-Port-Type = Ethernet" with "Nas-Port-Type = Wireless-802.11" ?

Thanks in advance

Nobody?

I know, me too.
See, for example, here https://forum.pfsense.org/index.php?topic=146850.msg798133#msg798133 so you can see what happens and ask questions that can be answered.

It's all about learning how it works so you can set it up correctly.

I agree, it's not easy, but everybody on earth is authenticating using a Radius server, so I guess it can be done, by me, and you.

:o
No-one ever wrote those scripts !

But, I discovered recently that the package FreeRadius3, proposed by pfSense, could handle the Google Authentication.

This means, no coding what so ever.

Take note : setting up a FreeRadius includes some serious learning. Google, as shown, can help you.

@MrNoisy:

I have inherited a pfSense system and need some help getting the guest network running

Make a config backup first (takes 30 sec).
Re install …. (takes several minutes).
Eventually : import config (but : this means that you import all these settings "that you don't know about")

@MrNoisy:

We have the Captive Portal enabled and running on the Guest Wifi (has its own interface)
I can connect to the Guest Wifi, I get an IP, I can ping the pfsense box ip on the guest wifi side

@MrNoisy:

I can log in to the pfsense box if I types its guest ip in

Well .. normal on a no trusted network, also called Guest netwok, visitors shouldn't be able to acces the pfSense web GUI …..
A fire wall rule is missing on the Guest network Interface  ;).

@MrNoisy:

But, if I try to go to ip:8002 I get a blank white page with no logon options

How do you know that you should use port 8002 ??
Using the pfSense captive portal for 10 yeras no, never used a port number.

@MrNoisy:

If I try to go to a web address I get page cannot be displayed

Well, normal, right ?!
When authenticated, it will work ^^

@MrNoisy:

I cant ping 8.8.8.8

As before : that's ok - normal - if no rule is present to permit that, it will work after the authentication phase.

(but : DNS should work before authentication …. if not captive portal breaks  ;))

@MrNoisy:

DNS forwarder is enabled

Don't. This is the moment where most start to post here that captive portal doesn't work.
Use the default resolver first.
Because : first help lines from here apply : https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting (people use stuff like the forwarder without really know what they are doing == now what DNS is all bout and then critical stuff like a captive portal "breaks").

Like what do client use a an DNS ? Was it DHCP assigned ? (some nut cases have their DNS set static => they will be out of business fast)
The Guest portal IP from pfSense ? Another IP like 8.8.8.8 ? (and in that case, a firewall rule should be put into the GUI for that interface - allow TCP/UDP dest. port 53 IP 8.8.8.8)