The limit's 1 Gb per pipe, which would be per-customer in that kind of scenario, so that shouldn't pose any issues for you unless/until you want to offer >1Gb per customer.

You can restart the lighttpd instance associated with a captive portal at the CLI, but it's different than actually saving on the CP settings to reinitialize the portal:

: ps uxawww | grep "[l]ight.*testz" root    54907  0.0  2.4  46636  5472  -  S    2:03PM    0:00.00 /usr/local/sbin/lighttpd -f /var/etc/lighty-testzone-CaptivePortal.conf : pfSsh.php playback svc restart captiveportal testzone Starting the pfSense developer shell.... Attempting to issue restart to captiveportal service... captiveportal has been restarted. : ps uxawww | grep "[l]ight.*testz" root    58835  1.0  2.4  46636  5472  -  S    2:04PM    0:00.00 /usr/local/sbin/lighttpd -f /var/etc/lighty-testzone-CaptivePortal.conf

First - I am NOT a windows person (I work mostly with networks and Linux/Unix).  Our Windows server person set up what I think you are looking for.

They set up their domain controller to provide a Radius server.  Then depending on the settings in the domain controller, users could also be in the radius listings.  The radius listings contained user names and passwords.  Then when somebody was to authenticate by VPN on a PfSense box, the PfSense box would perform a radius lookup and those in the radius server would then authenticate in the VPN on PfSense.

I hope this helps some…

North Idaho Tom Jones

You can only have a single CP instance on a given broadcast domain. There are a lot more complications to it than CP itself, for instance your clients would have to be on a different DHCP scope, which isn't possible unless you have DHCP reservations defined for every device on the non-default subnet.

In that type of network environment, if you're not isolating broadcast domains between different customers (I presume the use case there, not sure why else you'd want diff domains), your network design is fundamentally wrong.

@FeierAll:

….
Do i miss something?

MAC addresses that are added to the MAC tab are not considered as "Logged in" anymore. They have gained permanent CP access.
Just check that that they are added to the MAC list (portal setup page) when they loggin once. The MAC tab (pages) is stored in config,  so will last after a reboot.

Hello.
I believe that the error is in the custom file that I created.

When I put the url field after authentication it works perfectly, I would like to turn this option off if I leave blank post authentication field simply nothing happens after authentication.
I would have to change these file lines?

Either that, or set your PFS as a DNS forwarder and set the firewall as your clients' primary DNS referrer in your DHCP configuration.

Strange…

some hours later everything just worked fine on the new Machine... Until now there are no more problems.

I have multiple Nets...

Opt1, Opt2, Opt3, WAN -> Wan Connections
LAN -> Management Interface 192.168.30.0/24
Opt4 -> VLAN Interface for:
VLAN 31 -> WLAN 192.168.31.0/24
VLAN 32-36 -> Different LAN Vlans 192.168.32-36.0/24

I think that there was a Problem with the Multi WAN and the configured DHCP Servers...

Thanks @ all for the support ;) Hope that everything works now as expected.

Cheers

Hey ho,

okay - got it!
The Vouchers are generated "ont he fly" with the file "usr/local/bin/voucher". As written in the documentation the vouchers are generated based on an RSA Key.
That means there is NO Database in wich the NOT USED Vouchers are stored!!

So i manipulated the config.xml file and did an import of this config. I needed some trials because monowall and pfsense have a slightly different format but figured it out. After "importing" the Vouchers i still had to mark the already used Vouchers within the function in the portal section but everything is working fine :)

So anybody having the same problem try this method!

Hey ho,

okay - got it!
The Vouchers are generated "ont he fly" with the file "usr/local/bin/voucher". As written in the documentation the vouchers are generated based on an RSA Key.
That means there is NO Database in wich the NOT USED Vouchers are stored!!

So i manipulated the config.xml file and did an import of this config. I needed some trials because monowall and pfsense have a slightly different format but figured it out. After "importing" the Vouchers i still had to mark the already used Vouchers within the function in the portal section but everything is working fine :)

So anybody having the same problem try this method!

There should only be one file manager.  Either only a file manager tab page on the first portal, or every portal showing all the files.  The way it is now is stupid.

Glad to be of help. You can PM anyone in the forum - myself included -  but if you have any further questions, please direct them to the forum only. Your questions may go some way towards helping someone else looking for answers and queries that go via PM aren't generally seen.

Awesome, I might need this (not exactly, but same code area), because I want to present a after login page but also a clickable link to the initially requested page, or even open it in a new tab (with JS). Thanks a bunch.

Any news on this?

Sorted, many thanks

Removing the cookies resolved the problem and I now get the box back again.
When I click to disconnect the connection does actual now disconnect.

change_password.php

<form action="captiveportal-cmd.php" method="post" name="frm_data" class="login"> Captivportal Change Password. **cmd.php**

if(!isset($_POST['auth_user']) ||
($_POST['auth_user'])==null ||
($_POST['auth_pass'])==null||
($_POST['new_pass'])==null||
($_POST['conf_pass'])==null

){
exit();
  }

$user = $_POST['auth_user'];
$old_pwd = $_POST['auth_pass'];
$new_pwd = $_POST['new_pass'];
$conf_pwd = $_POST['conf_pass'];

echo '

if($_POST['from']=="first_login"){
echo shell_exec("sh captiveportal-first_login.sh '$user' '$old_pwd' '$new_pwd'");
}
else{
echo shell_exec("sh captiveportal-password.sh '$user' '$old_pwd' '$new_pwd'");
}
echo '
  ';
?>

**password.sh**

#!/bin/bash

base_users="/usr/pbi/freeradius-amd64/local/etc/raddb/users"
username=$1
next_changepassword=date -v +90d +%Y-%m-%d
input=$1" "$2
oldpassmd5=md5 -s $2 | awk -F ' ' '{print $4}'
newpassmd5=md5 -s $3 | awk -F ' ' '{print $4}'
#newpassword=$3
result=$(grep -i '"'$1'" Cleartext-Password := "'$2'"' $base_users | awk -F '"' '{print $2" "$4}')
size=${#result}

#echo "Input : $input"

if [ "$size" == "0" ]

then

echo ''

else

if [ "$result" == "$input" ]
        then

## Check Old Password check_allpwd=`cat /home/log/pwd.log | grep -w $1| wc -l | awk -F ' ' '{print $1}'` first_oldpwd=`grep -w $1 /home/log/pwd.log | tail -1` check_oldpwd=`cat /home/log/pwd.log | grep -w $1:$newpassmd5 | wc -l | awk -F ' ' '{print $1}'` if [ "$check_oldpwd" != "0" ] then echo '' else sed -i ''  s'/"'$1'" Cleartext-Password := "'$2'"/"'$1'" Cleartext-Password := "'$3'"/g' $base_users echo $1:$newpassmd5 >> /home/log/pwd.log grep -wiv $username /home/log/log_changepassword > /home/log/tmp ; mv /home/log/tmp /home/log/log_changepassword echo $1:$next_changepassword >> /home/log/log_changepassword #delete first_oldpwd if [ "$check_allpwd" -lt 5 ] then sh captiveportal-av.sh > /dev/null else sed -i"$1" '1d' /home/log/pwd.log rm /home/log/pwd.log$1 sh av.sh > /dev/null fi #echo `date` User [ $1 ] Change password from [ $2 ] ==\> [ $3 ] with no error. >> /home/log/success.log

echo '
';
fi

else

echo `date` User [ $1 ] Change password from [ $2 ] ==\> [ $3 ] with error. >> /home/log/error.log echo ''

fi

fi

**av.sh **``` #!/bin/sh readStatus(){ x=$(cat /home/log/Status) } readStatus while [ $x != "Ready" ] do sleep 2 readStatus done echo Busy > /home/log/Status sh /usr/local/etc/rc.d/radiusd.sh restart > /dev/null sleep 1.5 echo Ready > /home/log/Status ```****</form>