Actually, its doable without having 2 separate wifi-networks that the user needs to keep track of, instead you have 2 wifi-APs that will broadcast the same network name, but both AP's switch between each other so only one AP is active at same time.

First you create a Wifi AP, that is active only off-peak hours.
This Wifi AP, is connected to a captive portal (A) that allows BOTH peak-voucher and nonpeak-voucher.

Then you create a Wifi AP, with the same name that is active only on peak hours.
This Wifi AP, is connected to a captive portal (B) that allows ONLY peak-voucher

(A) and (B) portals needs to have same public and private key. (and of course all other settings need to be identical too)

On the (A) portal, you create 2 rolls, lets say rollid 1 and rollid 2
On the (B) portal, you create only rollid 1

Vouchers from rollid 1 you sell as peak vouchers (expensive)
Vouchers from rollid 2 you sell as nonpeak vouchers (cheap)

On more expensive AP's you can create these as separate VLANs so you still only need one cable to your pfSense box, and then you create 2 "virtual" interfaces on pfSense, that you then tie to your captive portals.

Theres 2 small disadvantages with this option:
1: The user can reuse a used peak-voucher during non-peak time. (But this can be used as a selling point, eg peak voucher gives 1 hour surf at peak times and a additional 1 hour free surf on non-peak)
2: both Peak and non-Peak users gets disconnected and have to relogin when the system switch between peak and non-peak. (This can be seen as a advantage if you want non-peak users to be kicked out when system switches to peak, even if they have time left on their voucher)

(Note: Try this out before starting selling vouchers, so you see that this fit your particular situation)

@cmb:

Not true, what you described is how vouchers always worked. You have to use RADIUS with accounting to get that behavior.

aw,  i never thought of it.. thanks

Video on how to set up DHCP: https://www.youtube.com/watch?v=cOZk6isNbdY

And a video on how to set up DNS: https://www.youtube.com/watch?v=vtk-GTLIQzQ

The only thing you'll need to change in either of these is to substitute your own IP addresses and DNS server addresses.

i @Gertjan:

@ghinthsh:

i tried it a while ago, even the client is registered in dhcp it forces to cp authentication page.

@benpal wasn't talking about adding known client to the DHCP server (which you should do also).
This is what he said:
@benpal:

Services>Captive Portal>YourZone>Allowed IP Addreses

Afterwards, clients with these IP's are NOT taken to the captive login page, they will have access right away.

Btw :  if possible, run the Captive portal on a dedicated interface. Makes live easier … Captive Portal doesn't really belong on the LAN interface.

its clear to me now thanks :)

@jassrahal:

Yes, this line was there in previous versions but instead of value="$PORTAL_ZONE$" you had to specify the zone name.. So does this replaces the previous one or it's a addition?

You could always specify the hard-coded name as the value instead of the variable, but the variable should always be used, in all versions. That way if you change your zone name, you don't have to change your portal page.

There is only one such line in the portal page.

When you add a voucher roll (a chosen number of vouchers, all with one thing in common : Minutes per ticket ( Defines the time in minutes that a user is allowed access. The clock starts ticking the first time a voucher is used for authentication. ).

"10080" minutes will produce vouchers that last one week.

When having issues like this, save your actual 'hand made' html pages and use the default 'pfsense' ones.
When things suddenly start to work, you know where to look for ;)

Thank you so much. Works perfect :)

Yeah that was fixed already.

@Gertjan:

@ishtiaqaj:

i made the changes please check once i will try …..

To check code - or just make it readable for others at least, place it in bbcode.

If you test-drive on a non-critical system, just run it.
It won't explode, neither byte.
pfSense will survive a PHP error :)

success.,

i tried the code and its work well with pfsense 2.3 fresh install,

but you can't update on existing install it will show some expired voucher to active state not all but some…(means to say, i last update my system at 22-04-2016 and than last night with new code and it show voucher active that was expire b/w 22-04-2016 to 27-04-2016.

can you provide code that delete the existing db for voucher and than restore...

Even i delete captive portal and reset pfsense to factory default than restore, but again it show some expire voucher to active state.

Gertjan

You can't have two portals on the same subnet and you also can't have different rules for different captive portal users.

Sounds like maybe what you really want is 802.1x on your switches, which could maybe drop users in a different VLAN/subnet based on their authentication.

Or instead of a portal, block all outbound web access, setup squid + authentication and maybe you can filter by user/group there (plenty of threads about that already)

By far the easiest option would be 802.1x on the switches if your switches are capable.

It has to send the speeds via RADIUS Reply Attributes, there are many examples around, for example, WISPr-Bandwidth-Max-Up and WISPr-Bandwidth-Max-Down.

Yeah, I agree to pretty much everything you said.. :) Thanks

Hi,

A picture is worth a thousand words  ;). So, yes please post a network diagram.

Regards,
Vikram

Help ….

ok I send you  the file

and the pass is daniel

Thank you

Quoting from the link I posted:

I'm guessing if it can't hit msftncsi.com it pops up a browser window in case you need to log into a hotspot. Thanks so much!

So it HAS something to do with CPs (and it has something to do w/ MY QUESTION) in a sense that it tells us the event isn't portal-side.

so (complementing Dere's answer,) THAT answered my question.

This is not a captive portal issue.
"link up/down" issues are often bad hardware or cable - or even the switch in front.

If you disable the NIC altogether, issues disappears ?

Checkout your Services => Captive Portal => CP-ID => Configuration page.
Something is missing in your 'html'  ;)

;D

You really used : "1020304050607080" ????

Make a backup …. and try it out - I'm NOT gonna do that for you ;)