If you're asking what I think you're asking (You might want to rephrase your question otherwise), then this has been asked numerous times and almost always with the same answer. Searching the forum will give you pretty much all the replies you need.

https://forum.pfsense.org/index.php?topic=100963.0

The NTop or NTopNG packages can give you detailed historical traffic information, if that's what you're after. You can get the IP address and sometimes the machine name and even OS type, depending on circumstances. You could match the IP against the authentication logs to find out who your hog is.

I think this is not possible, nearest you can do is non transparent proxy setup with authentication , on providing profile to various users with squidguard (if you require filtration), may be in this mode even captive portal can be used (not sure but worth trying).

@Gertjan:

then this guy:

(ie: http://www.google.com/)

told me who to do it.

Btw : are you letting the visitor authenticate to the portal ?

Bringing people to ie www.google.com - a page they can not leave, seems awkward to me.
Bringing people to a host (a server on a host) so they can authenticate seems complicated to me.
Any, I guess you didn't tell us everything ;)

Gertjan i am not sure what you meant to say exactly with the rest of your post, anyway, it was not Google that "told me HOW to do it", i did try it, yes, but i couldn't find exactly what i was looking for, so i just went to some other place on the web, where i was able to find someone that answered that request without too many turnings around, leave alone the need that some users here (DoktorNotor & co) have to just criticize and put evilness all around them, instead to contribute positively on something, why ohh why some people have to feel and behave that way toward others it's really beyond me, don't you think that someone posting a request for help maybe has already enough stuff to deal with? Honestly, what it's wrong with people like these ??

In regard of the system i did choose, a picture which once clicked forward to the next page, which in my specific case it would be a site hosted locally, not accessible from the web and which require local users wishing to access the www, to be first identified, so in case someone eventually do bad stuff around, it can very easily be pin pointed (as we do).
This first initial page will serve to give the users, most of them with very little experience on a pc, an introduction on what to expect if they wish to make use of this long range wi-fi spot (maybe 5-10km?), it's a local community based project.

@SmartCodar:

Facebook keeps on adding URL's and when ever there is new URL in backgroud Facebook will try to open URL and since there is no Internet Connectivity facebook page will keep trying opening URL unless timeout. Upon timeout Login page is shown.

and finally, the FB server detected that 'you' (your users) have aceBook access problems and the 'blacklist' you (your IP) altogether for a while.

@SmartCodar:

It seems that the list is not complete.

and they keep doing so - this list http://bgp.he.net/search?search[search]=facebook&commit=Search never ends, and is still growing.
Which is under stable: a 'good - final' solution after years of doing so will give the impression that 'it is always the same' and FB will LOOSE clients. CLienst/users want NEW things every day ….
Their is only ONE solution : sign up with FB, some kind of contract that YOU, as a third party person, will use THEIR authenticity system that fires a signal (call-back) to your server (== Captive Portal).
Go to one of their offices.
Bring along a coding specialist (the public API won't lett you do what you need - you will have aces to another API (which also is evolving)
Bring along a lawyer
Bring along a huge amount of cash (Hey, you thought FB was free like 0 $ ? - they DO make money)

You'll be having your FB authenticate pint with fixed URL's and IP's (never ever tell somebody about them, because if they become public, a simple ddoss will blackout these points, having big clients (who paid FB) leaving in the dark ..... and they will yell, because they paid for it)

Etc etc.

The secret of why FB works for everybody (well, they do go down, globally) is that works VERY distributed. If one FB host isn't available, another one. If one is overloaded, another one pops up. Capture this behavior with a what a

Btw : tis question has been asked many times.
It will be asked again next day, or tomorrow.

To answer it, you should know what a "Captive Portal" is.
How FB works (API).
Mix up the to together and your have a real "Misssion Impossible 8" (the exception might be : be friends with the owner or your bank).

I will NOT exclude the fact that a solution MIGHT exist.
Maybe something like this: redirect the visitor to a local page that EXPLAINS:
That the visitor should authenticate with FB in ONE minute. You open up your pfSEnse Captive portal for ONE minute for every new IP/MAC.
After that, if it had NO FB call-back that says : Ok, this user (IP/MAC) logged in, your shut down the connection for X hours.

Asking for help with 2.0.1 is going to receive little feedback other than "upgrade then ask again."

Nobody has a test environment for 2.0.1 to try things to help you.

If you want to pay me US$2500 to setup and US$500/yr to maintain a 2.0.1 test environment plus US$100 per ticket, for which the accepted, billable answer might very well be "that's broken in 2.0.1. Upgrade."  PM me.

Sorted, here is the solution for future users looking to do the same….sorry to differ by the rest, but i find no pleasure in putting more misery into other people struggles, much better to write nothing at all than follow their truly horrible attitude....

@SmartCodar:

@Gertjan:

Thanks Gertjan this worked very well
Thanks,

Can you please let me know which config file I need to use? Also does Write_Config can be called using a Cron? I mean without doing login or Authentication.
@SmartCodar:

Basically I need to Upload the Captive Portal Page pro-grammatically.

…..
For example when PFSense System is rebooted. is there any way where I need to copy my Captive Portal Page Content file? I have tried to copy in \var\etc but it wont worked. Is there any additional step I need to do

From how I understand it, when pfSense reboots, using PHP a script, use wget/ftp/curl/what-ever to 'import' a new html file, and write_config() it.
See here https://github.com/pfsense/pfsense/blob/master/src/usr/local/www/services_captiveportal.php#L447

The other way around: create a script (it can be on any device that can access pfSense**)  that accepts a $POST, so you can send ove new file - put it in the config,  write_config() and restart the captive portal service.

** if needed, you can decide to skip the entire GUI login protection. Remember, its PHP, your free to do what you want ;)

Hi!
First, I would like to say that this is a very beta version. All basic features are working fine, exept expiration date. This field will be used by bash or PHP script that will run daily (hourly?) and delete expired vouchers. Also, software are made in portuguese, but there's a file named 'pfvmanager.po' located in 'locale/en/LC_MESSAGES' ready for translation. If you wish, you can translate this file to your language and send to me :)

And for the last: this is a free software, but you must keep credits in source code and footer page :)

Instructions how to install are in my blog: https://www.jonis.com.br/2015/10/15/pfvmanager-vouchers/

Feel free to post bugs and feature requests in my projects page: http://projetos.jonis.com.br/projects/pfsense-voucher-manager

It seems there's no way to intercept that behaviour.

The browser start an https connection and wait for a valid certificate. So you can only send an invalid certificate and receive a cert error by enabling https login in captive portal.
Without  https login the client browser will be stuck waiting for cert.

It's an https design I see.

But I still think that making an unexpensive or free project like captive portals with no authentication sould be possible.

Instead with https you need a more complex infrastructure and management. You can't no more do that and forget it as you can expect from a free project.

I wonder why no one ever put things that way. I love https but I think we should have a workaround maybe browser side.

After all we want something legit. Just allow navigation with proper https after a splash page was shown. Not a real man in the middle workaround.

Sorry for this question but I tought that it's too strange  that https don't allow redirect in any case. Never saw things that way before.

Yeah, should be msftncsi.com

No idea, the only thing i can be sure of, is that i didn't touch a single thing after the problem manifested itself, apart from switching off(yesterday) and on again(today) the machine, as i was looking for an answer before to possibly make things even worse by doing something wrong  :D

@doktornotor:

That's a version you should NOT be using at all due to numerou vulnerabilities and severe bugs. Let alone keep customizing it. Absurd.

I understand, thanks. But this build has a lot of customization and I'm on the process of migrating them gradually.

Thank you very much muswellhillbilly, after enabling the option in the portal worked perfectly.  ;D
Really thank you for the help, ALL the information I need are stored in radacct table. =D

Again thanks for the help, saved many hours of work debugging to find that little detail configuration.

Sincerely Tácio Andrade.

Going back to basics first, with the captive portal disabled, can the VLAN access the internet?

Without a connection to the internet behind the captive portal, the page will never load. (DNS)