Hi

Sorry for late, been busy at work,

yes, I have changed all parameters (including keys) to get voucher id as short as possible with all numbers and just few letters.

its not a big problem, because i.e. in a roll of 5000 vouchers I have maybe 10 faulty - I am just removing them before printing, but now I cant find them so I am risking providing users with faulty voucher.

I will wait for update and problem will be solved.

Thanks any way.

Hi,

Here : pfSense Forum » pfSense English Support » Captive Portal » Voucher Length

That has not been corrected yet but is no worse than in 2.3.4_1. And it impacts OpenVPN, not Captive Portal. It is not a RADIUS thing, but an OpenVPN thing. I have not tested it but I would guess that LDAP would be the same.

Uploaded files get renamed. In your html prefix all the filenames with "captiveportal-", eg where you call mypicture.jpg change that to captiveportal-mypicture.jpg

All right, I found out that radius mode of captive portal was on start/stop instead of Interim.
Fixed.

@thanhit89:

What would I do?

Explain this more clearly :
@thanhit89:

I'm running 2.3.3-RELEASE version. I build two zones A & B in Captive Portal. In Zone A, I have three interfaces X, Y, X. In interface X, i have three Access Points: AP1, AP2, AP3. Now, I want AP1 & AP2 run in Captive Portal mode but AP3 is not.

Upgrade;
Explain " three interfaces X, Y, X", I count 2.
"AP run in Captive portal mode" ?? Are you aware of the fact that the AP's should run in basic AP mode (no router functions, etc).

Upgrading to 2.4.0.RC solved the problem. Captive portal now recognizing the MAC bypass list.

@khan:

Captive Portal Self Registration Using Free radius & Mysql Tested with 2.0.2-RELEASE (i386) built on Fri Dec 7 16:30:14 EST 2012 in vmware 8.

Caution : this procedure was perfect for me. Please use at your own risk & make backup.

You need few thing to do this

php-mysql support in pfsense. Default is disabled. follow this post to do it

http://forum.pfsense.org/index.php/topic,47150.0.html

your command should be

pkg_info -r http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/All/php52-mysql-5.2.13_3.tbz

and

pkg_add -rfi http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/All/php52-mysql-5.2.13_3.tbz

tips: according to his (sash99) post some package dependencies should occur. But I did not found 1. what I did..

in command added package with

pkg_add -rfi http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/All/php52-mysql-5.2.13_3.tbz

in command

/etc/rc.php_ini_setup

installed freeradius2 package from system/package rebooted pfsense in command

touch /etc/php_dynamodules/php52-mysql

rebooted pfsense.

Step 2
Config pfsense freeradius according to this doc
http://doc.pfsense.org/index.php/FreeRADIUS_2.x_package
and for sql  support
http://forum.pfsense.org/index.php/topic,43675.msg235475.html#msg235475
add extra table using reg_users.sql.txt file sql command or u can rename this to reg_users.sql and import via phpmyadmin

I hav added database file  also.

step 3

now rename every file & remove “.txt” from file name ie

captiveportal-cp_reg_suc.php.txt to captiveportal-cp_reg_suc.php
captiveportal-bootstrap.min.css.txt to captiveportal-bootstrap.min.css

and so …

now edit
captiveportal-cp_reg_suc.php in line 104 insert your sql server ipaddress & password.

Upload evry file in captive file manager except
cp_portal.php
cp_error.php

in captive portal main page
enable captive portal in Lan
check Disable concurrent logins
in Authentication section
check RADIUS Authentication
in ipaddress box –----------- 127.0.0.1
port box ----------- 1812
sharedsecret box -----------your shared secret
in Accounting check send RADIUS accounting packets
in port ----------- 1813
Accounting updates ----- check strat stop
In RADIUS NAS IP attribute select your lan.

insert cp_portal.php in “Portal page contents”
cp_error.php in “Authentication error page contents”.
Save. And you are ready to go.

Important
1. you should change php file content according to your need.

2. be aware about adding php-mysql package you may not be lucky as i was. if anything goes wrong follow "sash99" post carefully.

3. in my captive portal page i have some security like a client with a mac address can only register one account.

please let me know your experiences.

Hi  please provide with explanation and provide any link if you have create any document because i am new learner pfsense .

Hi,

What about pfSense => Services => Captive Portal => [zone] => Configuration => Enable Pass-through MAC automatic additions ?

It's better to auto purge non-authenticated clients, use at least one (big) time out value - don't leave them empty.

Hi,

Look up all posts related to "FreeRadius". It's a package  for pfSEnse and can probably do what you want.

@jalegre:

@heper:

don't know what you are trying todo, but you can just upload new html 'templates' through the GUI …

Hello heper,

the problem I have is that, on my pfSense server I've configured almost 10 captive portal zones. So beyond number 8, captive portal service didn't start. After reading nginx config files I saw that 2 of them were listening on the same port, I've tried to change it manually but the server doesn't consider this kind of modifications.

This is why I've opened this topic

Regards

this sounds like a bug. if it is, please report it on redmine.pfsense.org & explain the error & fix

@TheHitchhiker:

PfSense WAN(192.168.1.14) connected to Router(192.168.1.1) which has DHCP enabled. So far, everything is fine on this interface.
PfSense LAN(192.168.2.254) with DHCP enabled, …....

stop stop.
First : check out your LAN network.
Hook up a PC. A PC you just received - a brand new one, these always work.
It should receive an IP - because dhcp was asking for it. Like a DNS a gateway.

If that works, perfect.
(but do explain me why not using  192.168.2.1 as an pfSense IP - why 192.168.2.254 ? - you took care off the dhcp pool )
(What about pfsense 192.168.2.1/24 AP = 192.168.2.2 (static) and pool 192.168.2.3-192.168.2.254 ?)

Continue :
@TheHitchhiker:

connected to an AP(192.168.2.10) in bridge mode. ….

Perfect.

@TheHitchhiker:

Now here, when enabling captive portal, I set the clients under the AP to use DNS of LAN interface, ….

What ?? Where did that came from ? You shouldn't modify ANY settings on your PC / iDevice / whatever.
You should NOT create the situation that you have to setup every device that visits your portal network.

@TheHitchhiker:

users are redirected to the portal, but then after authenticating, I have no internet access.

What are your firewall LAN rules ?
Did you modify your captive portal "html" file - uploadd your own ?
Did your device (PC) obtained a gateway ? DNS ? What are these ?
This https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting covers 99 % off all troubles.

@TheHitchhiker:

I added allow rules, to let in traffic from/to the internet on LAN interface but no luck.

Normally, to begin with,  to have a setup that woks :
NO rules on WAN
NO NAT
NO rules on the "LAN" interface - the global PASS rule ON LAN (== everything that comes INTO LAN interface from your LAN network, passes) which means : The captive portal setup on LAN (although NOT the best setup **) works with a minimal - read : none - if not no setup or changes have been applied on the interfaces

** best will be : Captive portal on separate OPTx interface.

@jimp:

If you have a current version of Chrome it should see the cert error, try an HTTP portal test, and then automatically open a new tab with the portal login. At least it does for me.

I do have HTTPS portal enabled with a valid cert (LE/ACME) for my hostname set on the portal config, and a host override pointing that hostname to the CP interface address. But last time I tested it, it should work with an invalid/self-signed cert, basically any unexpected HTTPS response, including a timeout, should kick in Chrome's portal detection.

Firefox pops up its little portal detection bar with a button to open the portal either way.

Good to here all this :D I didn"t even know that our browsers are also "captive portal aware" these days.

Like this :
You give away a login + password.
The first time the user logs in, the MAC of his device is attached to this "record". Further logins need a match against password AND MAC.

I'm pretty sure that (Free)Radius can be teached to do just that.
You need to define some policies, rules, settings or whatever they call that when you setup FreeRadius.

Btw : MAC's can be spoofed rather easy.

This :
@gadgetguy:

…  I don't understand how to debug the comm between pfSense and FreeRadius....

is a method I use so I understand what two processes exchange. Like a database server MySQL can be put in some sort of debug mode, and log all the communication it receives, I'm pretty sure FreeRadius has the same mode.
If everything works, that all this is not needed. You condemned to checkout your needs and curiosity, and look in the "manual" how to implement it.

Read also : https://forum.pfsense.org/index.php?topic=136951.msg749960#msg749960