Hi,

No API, as you already figured out. If not, see for yourself Google pfSense API.
pfSense is a pretty open source project which means : you can change whatever you like.

What I don't get : what were you doing on the university that they asked you to setup a captive portal with vouchers ?
Normally someone finishing his medical study won't be asked to put in place a captive portal …. that's madness (although accessible for kids starting at 12).

Back in my days (middle of the 80's), I followed only these two directions : "software" and "hardware" and these 2 gave me access to the whole thing : from mainframes to that latest Basic one-liner. That changed ? (  ;) )

Like you won't be able to fly that plane if you never wanted to enter the cockpit (and read the manual, or, more recent, join Microsoft Flight simulator club).

Hello,

I'm on my last year on university and for my final project i'm looking forward doing a wi-fi authentication system integrated with the website portal of my university. To be able to do this i need to create vouchers automatically but the problem is that i'm not good at programing , and as I've search i might have to do some php script to get this job done. Before I look at a lot of web sites i found your post and as u said u were able to create a system for automatically voucher creation. I would like to know if you could help me with my project, can you give your system code then i'll able to adapt it for me or help me create my own program? Thanks.

Hi thanks for sharing, my problem is how do I edit this? All i want is the voucher thing not the user name and pass..

No. One device or unlimited devices.

Setting a limit would be a great feature but it does not exist.

@Heper:

I'm trying to do something like this:

https://wifi.garden/

have any other approach?

I'm trying to do something like this:

https://wifi.garden/

have any other approach?

Thanks for the advice.

i tried 2 scenarios and they both work.

SCENARIO 1
Connected nanostation No.1 to CP interface and set wireless mode as AP with WDS checked.
Then the distant nanostation No.2 I set it as station with WDS checked.
I connect a laptop LAN to nanostation No.2 LAN and I get the CP login page and I can connect and access the internet.

SCENARIO 2
Connected nanostation No.1 to CP interface and set wireless mode as AP/repeater
in WDS Pears I add the mac of the nanostation No.2
I set the frequency to channel 11
On distant nanostation No.2 I set wireless mode as AP/repeater
in WDS Pears I add the mac of the nanostation No.1
I set the frequency to channel 11

Now I can connect wirelessly or with LAN of nanostation No.2 and see the CP login page.

Thanks again for your help.

Check your kernel logs you might have a defective
NIC

@Gertjan:

You used the test facilities of Letsenscrypt.
That explains the "Fake Intermediate X1" certificate.
Generating these certificates is ok, for testing purposes. You can ask as many as you want - but they will not be trusted.

Goto Services => Acme Certificate => Account keys, edit your certificate and select for "Acme Server" this "Let's Encrypt Production acme V1 (Applies rate limits to certificate requests".

thanks to you I solved the problem, I learned a lot of things
Thank you


:-\  Link not working

Not thousands, just 30 - 50 users. Local user database.
Soft time out 1 hour - hard time out 6 hours.
3 AP"s
pfSense running on an old Dell Dimension 5150.
No fanny setup - no 'big' packages.

Never saw more then 5 % processor load - basically, it's doing nothing except when I'm playing with the GUI  ;)

That is what exaclty I did, thank you that solved the problem

@Alsnso93:

…. I just expect to have a captive portal without authentication and change the fields "login" and "password" by "name", "first name" and "address" email "and be able to display this information in the captive portal logs

This can not be realized with the proposed settings in the GUI.
You have to upload your own modified captive portal login file, which could (should ?) include some PHP scripting.
And you have to adapt some pfSense core PHP files, such as /etc/inc/captiveportal.inc, at least.

yep mostly cos I didn't know what that command meant… Thanks it's fixed now

Hi,

Authentication conditions are on an or basis - not and.
I mean : one of the conditions is used, not both.
Added to that, if a user could enter credentials and a voucher, only the credentials (user name and password) are used - not the voucher code.

Btw, I didn't actually test to prove my 'right' or 'wrong', I took my conclusions from the code.

I tested this :
replace :

if (platform_booting()) { echo "Starting captive portal({$cpcfg['zone']})... "; /* remove old information */ unlink_if_exists("{$g['vardb_path']}/captiveportal{$cpzone}.db"); } else { captiveportal_syslog("Reconfiguring captive portal({$cpcfg['zone']})."); } /* init ipfw rules */

for this :```

if (platform_booting()) { echo "Starting captive portal({$cpcfg['zone']})... "; /* remove old information */ unlink_if_exists("{$g['vardb_path']}/captiveportal{$cpzone}.db"); } else { captiveportal_syslog("Reconfiguring captive portal({$cpcfg['zone']})."); /* remove users from the database */ $unsetindexes = array(); $cpdb = captiveportal_read_db(); $unsetindexes = array_column($cpdb,5); if (!empty($unsetindexes)) { captiveportal_remove_entries($unsetindexes); } captiveportal_syslog("Reconfiguring : database emptied ({$cpcfg['zone']})."); } /* init ipfw rules */ What happens is that when **booting**, de database file is just deleted - that's ok, the system is booting, so no ipfw rules, neither logged in user are present anyway. If not, when enabling or reconfiguring, the database file is emptied. True, a simple

unlink_if_exists("{$g['vardb_path']}/captiveportal{$cpzone}.db");

does the job also. All this : if (platform_booting()) { echo "Starting captive portal({$cpcfg['zone']})... "; /* remove old information */ unlink_if_exists("{$g['vardb_path']}/captiveportal{$cpzone}.db"); } else { captiveportal_syslog("Reconfiguring captive portal({$cpcfg['zone']})."); } /* init ipfw rules */ ...... could be replace by a mere (no more if statement) : echo "Starting captive portal({$cpcfg['zone']})... "; /* remove old information */ unlink_if_exists("{$g['vardb_path']}/captiveportal{$cpzone}.db"); /* init ipfw rules */ ..... captiveportal_init_rules(true); that follows just after these lines finishes the job. Remember : every time you (re) configure the Captive Portal instance, all user on that instance** get thrown out. This is definitely not a good thing when you are running a very busy captive portal. ** Looking through the code, only the reconfigured instance is concerned. Other instances are not touched,  I have tested this with a second captive portal instance.

Look in forum for pfsense+cp+freeradius some guy has built exactly what you are looking for

https://forum.pfsense.org/index.php?topic=108493.0

Like to propose an even more simpler solution as https://forum.pfsense.org/index.php?topic=144430.msg786296#msg786296 - what jhonpoz said.

Do what he said, but do not use LAN, use a dedicated interface, like OPT1 - that's where a captive portal really belongs (like trusted devices belong on LAN, non trusted on other interfaces)
Activate OPT1 - assign it a pass-all rule for TCPv4 (because are no default rules on OPTx interface) - and of you go.

If that doesn't work, then "some" settings you made are conflicting.

https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting tells you what happens.

Execute

ipfw table all list

half a minute before hard time out,
and one again after time out.
The user's devices IP and MAC are removed from the tables after time out.
(and I guess the related states are reset)
The device will not be able to "pass through" pfSense anymore. A re-authentication is needed.
At least, this is what I see what happens (been trying for the last nearly 10 years now).

DHCP should be set much longer as 6 minutes. If your free IP pool gets empty, you could play (= lower) with the DHCP lease time. If not, leave to default.
Anyway, as you can see when executing

ipfw table all list

the DHCP protocol always passes.