Reduce DHCP lease time.

But keep in mind that the pool should be bigger as the potential number of devices requesting an IP.
If not, you'll be stressing your DHCP server and your users.

A Captive portal should run on it's own interface - so a 10.0/16 (65 K addresses) is two clicks away.

https://forum.pfsense.org/index.php?topic=146046.msg795216#msg795216

@synker:

Hi ,

where I can change the default "Nas-Port-Type = Ethernet" with "Nas-Port-Type = Wireless-802.11" ?

Thanks in advance

Nobody?

I know, me too.
See, for example, here https://forum.pfsense.org/index.php?topic=146850.msg798133#msg798133 so you can see what happens and ask questions that can be answered.

It's all about learning how it works so you can set it up correctly.

I agree, it's not easy, but everybody on earth is authenticating using a Radius server, so I guess it can be done, by me, and you.

:o
No-one ever wrote those scripts !

But, I discovered recently that the package FreeRadius3, proposed by pfSense, could handle the Google Authentication.

This means, no coding what so ever.

Take note : setting up a FreeRadius includes some serious learning. Google, as shown, can help you.

@MrNoisy:

I have inherited a pfSense system and need some help getting the guest network running

Make a config backup first (takes 30 sec).
Re install …. (takes several minutes).
Eventually : import config (but : this means that you import all these settings "that you don't know about")

@MrNoisy:

We have the Captive Portal enabled and running on the Guest Wifi (has its own interface)
I can connect to the Guest Wifi, I get an IP, I can ping the pfsense box ip on the guest wifi side

@MrNoisy:

I can log in to the pfsense box if I types its guest ip in

Well .. normal on a no trusted network, also called Guest netwok, visitors shouldn't be able to acces the pfSense web GUI …..
A fire wall rule is missing on the Guest network Interface  ;).

@MrNoisy:

But, if I try to go to ip:8002 I get a blank white page with no logon options

How do you know that you should use port 8002 ??
Using the pfSense captive portal for 10 yeras no, never used a port number.

@MrNoisy:

If I try to go to a web address I get page cannot be displayed

Well, normal, right ?!
When authenticated, it will work ^^

@MrNoisy:

I cant ping 8.8.8.8

As before : that's ok - normal - if no rule is present to permit that, it will work after the authentication phase.

(but : DNS should work before authentication …. if not captive portal breaks  ;))

@MrNoisy:

DNS forwarder is enabled

Don't. This is the moment where most start to post here that captive portal doesn't work.
Use the default resolver first.
Because : first help lines from here apply : https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting (people use stuff like the forwarder without really know what they are doing == now what DNS is all bout and then critical stuff like a captive portal "breaks").

Like what do client use a an DNS ? Was it DHCP assigned ? (some nut cases have their DNS set static => they will be out of business fast)
The Guest portal IP from pfSense ? Another IP like 8.8.8.8 ? (and in that case, a firewall rule should be put into the GUI for that interface - allow TCP/UDP dest. port 53 IP 8.8.8.8)

yes, it is configured
the broblem is solved,

accBand.png
accBand.png_thumb

Thank you  :)
I have read you post an the Bug is Fix.  ::)
We are still testing everythin … any we need it for a little more peopla than 20 ;)
Do not get me wrong we love the pfsense.  :-*

The bit about getting internet access without validating through the portal page is apparently a known bug in 2.4.3:  https://forum.pfsense.org/index.php?topic=146046.msg795216#msg795216

Got that point,
But why CP is working fine means redirecting and not working on VLAN 50 (only showing redirected IP address)

2nd

where should be CP page store for VLAN 50 ?

Oi, você está postando no fórum Norte Americano, faça sua postagem aqui:
https://forum.pfsense.org/index.php?board=12.0  ;)

@alexssi:

No matter what URL I type, I always come across the captive portal page.

This is normal of course.
Any "http" access - when not authenticated - will be redirected to the captive portal login page : /usr/local/captiveportal/index.php - this is how the captive portal works.
But the "captiveportal-." are an exception.

Do you use http login or https login ?
Show us the correspond nginx setup files in /var/etc/ (not the names, what's in it).

These are mine :

[2.4.3-RELEASE][admin@pfsense.brit-hotel-fumel.net]/var/etc: ls -al nginx-*-CaptivePortal*.conf -rw-r--r--  1 root  wheel  2596 Apr 10 11:17 nginx-cpzone1-CaptivePortal-SSL.conf -rw-r--r--  1 root  wheel  2107 Apr 10 11:17 nginx-cpzone1-CaptivePortal.conf

What is your captive portal IP (IP of the NIC used by pfSense)
What is the hostname of pfSense and domain (System => General Setup) ?

in Services> FreeRADIUS> Users - "Number of Simultaneous Connections" you can limit how many log in per user account

@joeboypascual:

…
I want that the portal will appear automatically once connected in wifi or lan

And that's how it works.

If not, use Captive Portal Troubleshooting and you'll be fine.

OK, I was able to reproduce that now. I opened a ticket: https://redmine.pfsense.org/issues/8441

Sorry, no luck. Rather a general outcry that nothing was working that forced me to turn it off…
I think some of the kids services (push notices I suspect) kept the connection open and used up all their quotas while they were at school, so when they came home they found their quota used up and there was a lot of angry phone calls to dad while I was at work...

I now see there's an allowed IP section, so maybe I can let some things go through there, but I will have a hard time figuring out the IP addressess of things like Snapchat and whatever they decide to use.
No, I think I need a firm logout button for this to be accepted at home...

For now, I'm stuck with firewall rules and scedules, paired with a VPN connection so I can close and open things from my mobile if needed.

Does the TV need access to internet? Otherwise just block everything from that TV to everywhere else.

@fmohcine26:

… connect the TV by wifi and only by wifi

Unplug the wired ethernet.

Derelict nailed it…

Max-All-Session in radcheck
Set to interim accounting in captive portal

The message that you are receiving is that radius3
Does not understand Max-Forever-Session