you'll need a layer 3 switch to achieve this with trunk ports facing the AP's and FW.

There is no possible way a firewall can tell two clients apart if they are sharing the same MAC address.
You have a layer 2 problem, so you need to fix it at layer 2. That's a job for your AP/switches, not a firewall.

I've been looking in to how to resolve this issue. Here's what I did:

Set the portal page to anything you like, but make sure it includes:

require_once("globals.inc");
$request_uri = urldecode(str_replace("/index.php?redirurl=", "",  $_SERVER["REQUEST_URI"]));
$portal_redirurl = urldecode("$PORTAL_REDIRURL$");
if(!stristr(urldecode("$PORTAL_REDIRURL$"), $request_uri)) {
Header("Location: $PORTAL_REDIRURL$");
exit;
}

Set your pre-auth url to point to your external web server

Web server loads its page (for me a data capture page), and posts to a database and echo's header location to authenticate.php

Authenticate.php is essentially the default captive portal code, but I modified $PORTAL_??$ variables to be hard coded. This is then posted directly to the firewall (192.168.1.1:8002/index.php?zone=[zonename]), and the user is then forwarded to the $PORTAL_REDIRURL$

The user is authenticated and able to browse

I hope this helps!

I'm done with this. I don't know why but both zone on same port had the same id in config.xml. I tried to manually edit it. Didn't work. I had to delete all zones and create them agin. Now IDs are OK.

Bye :)

13 Mbytes  >:(

Put it on a diet.

(maar het zou moeten werken indien je alle regels respecteert -> zie ingebouwede pagina als voorbeeld).

@gerllys:

….
In short,
All authentication done on LAN 2 Squid does not recognize authentication.
What should I do to solve it?

Remove squid, test again.

You may refer to this thread: https://forum.pfsense.org/index.php?topic=57260.0 used that since 2015 and still working on pfsense 2.4.x . It uses FreeRadius+Mysql+PHP. Hope this helps.

Cheers!

@Anas.sh:

I've configured captive portal and the login page but when I tried to browse the internet via chrome, nothing happen.
Even the login page doesn't appear, I've tried internet explorer and it's worked.
Flush the cache of your browser (Chrome).
Test with another browser (Firefox is also free).
Test using another PC using Chrome.
Test using another device which had not Chrome installed - install Chrome.

@Anas.sh:

it seems that the problem caused by ssl or https because I didn't activate it in my captive portal.

If your did not activate the "https" authentication then the proiblem is not caused by "https".
=> rephrase please ….

@Anas.sh:

I don't have https server or certificates?

If you do not use "https" then this is not an issue.

Hi,

I entered the MAC of my smartphone on the MAC tab, and set a 250 Kbit/sec up and down.
Connected the phone to the captive portal, and did a speed test, using the app with the same name.
248 Kbit / sec uo - 245 kBit / sec down.

Btw : I'm using 2.4.1. packages : ACME / NUT / Avahi

Thanks ,

For kind help..

regards

Hello,
Where can we download this program?

Thanks.

Well …
As usual : ten of thousands have a working situation.
You haven't

A fact : You and I have the same software.
Only the settings are different.
Our settings are ok - because it "works".
Yours ..... well ..... this is what we have :
One word.
"Problem".

Should I detail my settings ?
Or you ?
Chose wisely  ;)

So, I ended up resetting to Factory Defaults. This allowed me to do the exact same setup and it worked. I had all of my configurations saved in a document. It is odd how it just stopped redirecting to the authentication page.

@mdes:

Oct 18 13:41:50 gw logportalauth[75440]: Zone: BUILD_F3 - ACCEPT: unauthenticated, 21:41:ad:ac:4f:11, 192.168.34.19

Good news.
YOU are the chief of your firewall.
I you have any doubt, ask the firewall yourself directly.
"Skip the GUI - list what is in the firewall" : https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting
Check the tables :the IP and MAC are listed ? (thus : they pass…)

Hi,
it seems I found the right configuration for pfSense ver. 2.4.x by adding the following lines:

$cprules .= "# Rules to allow DNS queries to external servers from unauthenticated users\n";
$cprules .= captiveportal_create_ipfw_rule("add", $rulenum,
"allow udp from any to any 53 out");
$cprules .= captiveportal_create_ipfw_rule("add", $rulenum,
"allow tcp from any to any 53 out");
$cprules .= captiveportal_create_ipfw_rule("add", $rulenum,
"allow udp from any to any 53 in keep-state");
$cprules .= captiveportal_create_ipfw_rule("add", $rulenum,
"allow tcp from any to any 53 in keep-state");

above the section that starts with:

$cprules .= "# redirect non-authenticated clients to captive portal\n";
$cprules .= captiveportal_create_ipfw_rule("add", $rulenum,
"fwd 127.0.0.1,{$listenporthttp} tcp from any to any dst-port 80 in");

Remember that the basic prerequisite is to enable the redirecting of all dns requests to pfsense as shown in https://doc.pfsense.org/index.php/Redirecting_all_DNS_Requests_to_pfSense