Search forum for QHotspot

Hello Derelict, thanks for your reply.

Wifi-Garden it's a paid service and I want to construct my own with pfsense.

I tried a Blackhole DNS that redirects to a host with PHP scripts that do the magic redirecting to each CP, the problem is that I always receive the login page of each portal no matter if the user logged into the portal.

I read this post https://forum.pfsense.org/index.php?topic=34148.msg181641#msg181641

but in the documentation there is not much explanition on how this works
https://doc.pfsense.org/index.php/Captive_Portal_Pre-authentication_Redirect

Thanks to all for yours replies

I found out what was my BIG FAULT  :D

CP are assigned ports increasing by 2

8002, 8004,8006 and so on.

connecting to:

http://xxx.xxx.xxx.xxx:8002
http://xxx.xxx.xxx.xxx:8004, etc

Solved my problem

@krischeu:

First thing -    I will give DNS a try. Entry with DNS allow. Same error. No redirect.

Testing your DNS:
Use a PC with command line access.
Connect to you portal network.
Do not use the portal login page - if it shows up, just close it.
Open command line "cmd'.
Type

ping google.com

There will be no replies, but the domain should be resolved (google.com becomes [216.58.213.142] for me :

C:\Documents and Settings\Gertjan.BUREAU>ping -4 google.com Envoi d'une requête 'ping' sur google.com [216.58.213.142] avec 32 octets de données : .... ....

This means DNS is ok - resolving works.

@krischeu:

Second thing - When a client/customer has a "starting page" in the browser with a target https, what is your captive portal doing?

Read this : and start at here Read this again
So : you cable up, by plugging in the RJ45 plug - or you select a portal Wifi network (never ever have your device auto select Captive portal networks - selecting it needs manual interaction = you as a person entering voucher codes or user/passwords)) and the "login browser will popup. These codes may change, so automatic Wifi connection won't 'help' you here.
If it doesn't - upgrade your OS. Most OS's (Microsoft, Apple, Debian, Android's etc work fine).

@krischeu:

Third thing - pfsense book, I will talk to my boss for gold subscription.

The book talks about pfSense.
Captive portal handling is not a real pfSense thing.
It's more an unwritten RFC.
I tend to say : if your DNS is ok, Captive portal works.
(other problems are often : non-pfSEnse related : AP not setup up correctly. VLAN mess, etc)

Btw : I'm using the default Resolver (not the Forwarder) - my interface is OPT1 using IP 192.168.2.1/24. This is the gateway and DNS for all connected clients. When a client connects, it receives 192.168.2.1 as a DNS - and 192.168.2.1 as a gateway - and an IP like 192.168.2.x
When I check my ipfw tables / rules, as explained above - I have :

...--- table(CPZONE_NAME_host_ips), set(0) --- 192.168.2.1/32 0 1068615 38261875 1522157881 ....

which means that all connections send to "192.168.2.1" (the gateway and DNS for my portal) are passing.
No need to create a firewall rule for DNS traffic for my captive portal (on the interface for my portal) - it works out of the box - as long as you keep settings "out of the box".

Note : your DNS resolver should 'listen' to all interfaces - or at least to your local 'LAN/OPTx' interfaces ! Does it ? Same thing for the DHCP server.

What are your tables / rules ? ? ? ? ? ? ?

The images :
Image 1 : connection to the Portal network - called "BritHotelFumel". The "warning shiled" indicated that this network is not protected with WPA - that's ok for a captive portal network)
Image 2 : I connected to network …. Windows shows a popup (!). Click on this popup.
Image 3 : My default browser opens (remark : mine is FF with an empty page) It was NOT redirected to my portal login page. No problem, I enter http://www.google.com and bingo : my portal page shows. As you already know, typing https://www.google.com will fail.

On my iPhone all this is much simpler : I select a (my) captive portal network, the login portal shows. Period.
A Android … well .... I know more the day I have an android device. I know that my clients can work with my portal, so I guess it's ok.

1.png
1.png_thumb
2.png
2.png_thumb
3.png
3.png_thumb

Is this A problem?

dns.PNG
dns.PNG_thumb

Worked Great!

Thanks

@alexribeirodesa:

posted and found :)
https://community.spiceworks.com/topic/1952864-pfsense-bypass-rules-with-captive-portal-or-other-method

spiceworks.com ?

What about the user manual at https://doc.pfsense.org/index.php/Captive_Portal - it states cleary :

Pass-Through MAC Tab

Allows managing a list of MAC addresses which are allowed to bypass the portal.

When specified by MAC address in this way, the client's IP address may change and they will still be allowed through. However, the client will still be disconnected after the captive portal timeout period has elapsed.
Allowed IP addresses

Allows managing a list of IP addresses which can either:

Always connect from behind the portal (clients)
    Always allow clients to an IP address (external servers)

These IP addresses will bypass the portal authentication in the direction specified.

Hi,

No API, as you already figured out. If not, see for yourself Google pfSense API.
pfSense is a pretty open source project which means : you can change whatever you like.

What I don't get : what were you doing on the university that they asked you to setup a captive portal with vouchers ?
Normally someone finishing his medical study won't be asked to put in place a captive portal …. that's madness (although accessible for kids starting at 12).

Back in my days (middle of the 80's), I followed only these two directions : "software" and "hardware" and these 2 gave me access to the whole thing : from mainframes to that latest Basic one-liner. That changed ? (  ;) )

Like you won't be able to fly that plane if you never wanted to enter the cockpit (and read the manual, or, more recent, join Microsoft Flight simulator club).

Hello,

I'm on my last year on university and for my final project i'm looking forward doing a wi-fi authentication system integrated with the website portal of my university. To be able to do this i need to create vouchers automatically but the problem is that i'm not good at programing , and as I've search i might have to do some php script to get this job done. Before I look at a lot of web sites i found your post and as u said u were able to create a system for automatically voucher creation. I would like to know if you could help me with my project, can you give your system code then i'll able to adapt it for me or help me create my own program? Thanks.

Hi thanks for sharing, my problem is how do I edit this? All i want is the voucher thing not the user name and pass..

No. One device or unlimited devices.

Setting a limit would be a great feature but it does not exist.

@Heper:

I'm trying to do something like this:

https://wifi.garden/

have any other approach?

I'm trying to do something like this:

https://wifi.garden/

have any other approach?

Thanks for the advice.

i tried 2 scenarios and they both work.

SCENARIO 1
Connected nanostation No.1 to CP interface and set wireless mode as AP with WDS checked.
Then the distant nanostation No.2 I set it as station with WDS checked.
I connect a laptop LAN to nanostation No.2 LAN and I get the CP login page and I can connect and access the internet.

SCENARIO 2
Connected nanostation No.1 to CP interface and set wireless mode as AP/repeater
in WDS Pears I add the mac of the nanostation No.2
I set the frequency to channel 11
On distant nanostation No.2 I set wireless mode as AP/repeater
in WDS Pears I add the mac of the nanostation No.1
I set the frequency to channel 11

Now I can connect wirelessly or with LAN of nanostation No.2 and see the CP login page.

Thanks again for your help.

Check your kernel logs you might have a defective
NIC

@Gertjan:

You used the test facilities of Letsenscrypt.
That explains the "Fake Intermediate X1" certificate.
Generating these certificates is ok, for testing purposes. You can ask as many as you want - but they will not be trusted.

Goto Services => Acme Certificate => Account keys, edit your certificate and select for "Acme Server" this "Let's Encrypt Production acme V1 (Applies rate limits to certificate requests".

thanks to you I solved the problem, I learned a lot of things
Thank you


:-\  Link not working

Not thousands, just 30 - 50 users. Local user database.
Soft time out 1 hour - hard time out 6 hours.
3 AP"s
pfSense running on an old Dell Dimension 5150.
No fanny setup - no 'big' packages.

Never saw more then 5 % processor load - basically, it's doing nothing except when I'm playing with the GUI  ;)

That is what exaclty I did, thank you that solved the problem

@Alsnso93:

…. I just expect to have a captive portal without authentication and change the fields "login" and "password" by "name", "first name" and "address" email "and be able to display this information in the captive portal logs

This can not be realized with the proposed settings in the GUI.
You have to upload your own modified captive portal login file, which could (should ?) include some PHP scripting.
And you have to adapt some pfSense core PHP files, such as /etc/inc/captiveportal.inc, at least.