• Logging solution for Captiva portal?

    6
    0 Votes
    6 Posts
    1k Views
    GertjanG

    @Gertjan:

    @itchy:

    …. btw: your Log looks much sorted and cleand than my do. My formatting is total "ugly".  >:(

    Use the GUI to see them ;D

    To show them on the forum, use the # BB-code.

  • Please Help…pfsense on multiple (cascaded) routers/access points

    3
    0 Votes
    3 Posts
    1k Views
    E

    @GERTJAN,
    Thank you for the reply. I guess ill just have to configure something that wont make my access points act as routers… hmmmn another sleepless nights...

  • Captive Portal redirection does not work without internet connection

    10
    0 Votes
    10 Posts
    4k Views
    A

    @doktornotor:

    @amiyou:

    So there is no way to create an offline captive portal?

    The only way to create "offline" CP (whatever that means) it to make your DNS server resolve everything to some bogus IP.

    https://doc.pfsense.org/index.php/Creating_a_DNS_Black_Hole_for_Captive_Portal_Clients#Create_the_configuration_file

    (If you want to run this on pfSense, do NOT follow the rest of the howto, use the Bind package and GUI instead.)

    Thanks. I will try the black hole. What will happen when the clients authenticate through the captive portal?

    My problem is that the internet is not stable with LTE, but the captive portal redirection to a landing page should still work, although the internet is not available.

  • 0 Votes
    4 Posts
    1k Views
    D

    @tommyverburgh:

    I wonder if it's possible to reinstall the captive portal service, maybe there's something wrong with the installation. I'm using the latest version on a brand new device made for pfsense.

    Sure. Reinstall latest pfSense update.

  • Invalid Credential on Capitive Portal

    13
    0 Votes
    13 Posts
    5k Views
    M

    If RADIUS isn't your thing, then another possible route you could take would be to install a proxy on your pfSense and bind that to your AD domain. This would then require your users to authenticate through the proxy with their Windows credentials before accessing the internet. There are plenty of links showing how this is done. Here are a few:

    https://vicryhc.wordpress.com/2013/07/08/how-to-setting-squid-on-pfsense-with-authentiaction-ldap-windows/

    https://forum.pfsense.org/index.php?topic=58700.0

    http://blog.cadena-it.com/linux-tips-how-to/how-to-setting-squid-on-pfsense-with-authentiaction-ldap-windows/

    There are many more to be found via Google, of course.

    You can assign group policies to AD groups via a Squid/Dansguardian combination (the way I've done it). Members of that AD group can then be assigned specific access or non-access through rules you can set up in Dansguardian. Again, you'll find quite a few examples of this on the internet already if you fire up Google.

  • 2.24\. Captive Portal - voucher expired, time expired, user still connected

    17
    0 Votes
    17 Posts
    4k Views
    N

    I had this working with Squid installed for some time… until something happened no idea...

    I had Squid uninstalled and did not worked, and now I have Squid running and is working so I don't blame Squid.

    Maybe a bug if hard time expiration = voucher time ( I can test it but not now, I had enough ).

    will see in time.

  • Set intranet as startpage for all users in network

    6
    0 Votes
    6 Posts
    1k Views
    E

    Well. Gertjan gave me the answer and a solution.

    I understand what I have done wrong and know how to correct it.

    Many thanks for the help!

  • Clients are accessing internet without captive portal

    6
    0 Votes
    6 Posts
    2k Views
    GertjanG

    See this message : https://forum.pfsense.org/index.php?topic=98324.msg548173#msg548173 - and just ask your : why did he asked if 'squid' is installed ?!

    Re-install your pfSEnse - install ONLY ONE package at the time.
    Do thorough testing …
    Find out yourself when things break.
    Now you know what package you should NOT install, because it break the captive portal  ;D

    I'll give you a hint : https://forum.pfsense.org/index.php?topic=98324.msg548173#msg548173

  • Users Hotspot with Captiveportal

    6
    0 Votes
    6 Posts
    2k Views
    N

    Hi,

    Here are some links I have bookmarked so you can read/study:

    http://sourceforge.net/projects/captiveportalplus/
    https://forum.pfsense.org/index.php?topic=91257.0
    http://blog.stefcho.eu/tag/captive-portal/
    http://blog.stefcho.eu/pfsense-2-0-rc1-configure-captive-portal-for-guests-with-local-user-management/
    http://blog.stefcho.eu/pfsense-2-0-rc1-customize-captive-portal-pages-and-implement-https/
    http://blog.stefcho.eu/pfsense-2-0-rc1-captive-portal-with-radius-authentication-and-vouchers/

  • Dynamic hosts not updating properly in "Allowed Hostnames"

    7
    0 Votes
    7 Posts
    1k Views
    D

    Yeah, adding IPv6 is completely useless, CP doesn't work with IPv6 at all.

  • Lighttpd bug?

    4
    0 Votes
    4 Posts
    931 Views
    D

    not really

    i have 500+ users on the portal
    i was thinking, this can make some problems for users loading the CP.

    thanks for helping!

    SOLVED
    close this thread ^^

  • Captive portal - Authenticated users displayed as unauthenticated

    8
    0 Votes
    8 Posts
    1k Views
    R

    Sorry not to have best described my initial configuration and thank you Derelict it was the problem : for an unknown reason the auth mode was set to none and we also use vouchers (and I'm pretty sure auth portal appeared and was authenticating to ldap).

    I've just set auth mode to radius and now authenticated users appears correctly.

    Thanks for your help

  • Vouchers reported as used and expired, although they aren't

    9
    0 Votes
    9 Posts
    2k Views
    M

    After some time (and receiving a lot of incidents about users that report vouchers that are expired, although they aren't) I finally managed to upgrade our pfSense.

    I have created a clone of the VM, upgraded it to version 2.2.4 and have wiped all rolls. Then created a new roll of vouchers and started testing.

    On this system, no users are active.

    The following happens:

    when I expire a code the appears in the logging: Aug 24 16:06:08 logportalauth[92658]: Zone: guest - CSPZsCnnRiJ (70/61) forced to expire I then test the voucher again and it is indeed expired: Aug 24 16:06:12 logportalauth[92658]: Zone: guest - CSPZsCnnRiJ (70/61) already used and expired when looking in the roll view in the GUI it shows 8 vouchers of this roll are used, instead of one! (see screenshot 1) trying the next voucher in the roll says: Aug 24 16:13:41 logportalauth[61087]: Zone: guest - hDvRKFaqvqm (70/53) already used and expired expiring another voucher: Aug 24 16:17:42 logportalauth[61087]: Zone: guest - muhaudiXxhj (70/293) forced to expire now the roll view in the GUI shows 37 vouchers are used, instead of only two! (see screenshot 2)

    So it looks like more than one voucher code is marked as used when one is expired.

    This is the logfiles with our tests:

    Aug 24 16:06:08 logportalauth[92658]: Zone: guest - CSPZsCnnRiJ (70/61) forced to expire
    Aug 24 16:06:12 logportalauth[92658]: Zone: guest - CSPZsCnnRiJ (70/61) already used and expired
    Aug 24 16:13:41 logportalauth[61087]: Zone: guest - hDvRKFaqvqm (70/53) already used and expired
    Aug 24 16:16:19 logportalauth[61087]: Zone: guest - m4DeJG7EYrV (70/45) already used and expired
    Aug 24 16:17:08 logportalauth[61087]: Zone: guest - fjRWvZuqATw (70/37) already used and expired
    Aug 24 16:17:42 logportalauth[61087]: Zone: guest - muhaudiXxhj (70/293) forced to expire

    Only these codes were forced to expire: CSPZsCnnRiJ and muhaudiXxhj.
    As you can see other codes are also reported as used and expired.

    capture1.png
    capture1.png_thumb
    capture2.png
    capture2.png_thumb

  • Firewall rules for radius-captive portal

    7
    0 Votes
    7 Posts
    1k Views
    johnpozJ

    why not just replace the ancient machine with this new pc your going to use as your captive portal?  1.2.3 came out what dec 2009 so at best your looking going on 6 year old hardware the thing is running on.. Time to replace!!  Not even taking into account all the concerns of running a firewall code from almost 6 years ago.

  • Capitive portal change with images

    6
    0 Votes
    6 Posts
    1k Views
    N

    index.html contains this form:

  • Capitve portal MAC passthrough radomly not working

    2
    0 Votes
    2 Posts
    548 Views
    GertjanG

    @hartung:

    First my personal android phone was always redirected to the portal page (of course, it is in the MAC pass through list) restarting the captive portal and even restarting the entire pfsense did not work.

    If it is on the list, it will 'fall though' and the Portal login page will never show.

    So, be ready for some digging.
    Use THE tool : https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting

    List table 1,2,3 and 4. Two of these contain all the MAC addresses that can pass through.
    Your Phone is on the list ?

    I guess, when the portal page pop up on your phone, the MAC isn't present in the (2) tables anymore.

    @hartung:

    Today, my phone was again able to pass through without any problems, now some other phones and machine here in the office were not able to pass through (all on pass through list), while others still seem fine. Since a couple of minutes, my phone ist again not bale to pass through. My boss for example has two iphones (yes, two) one is still working, the other is also keeping redirected to the portal. Happens on different systems, windows, OSX, android etc.

    What are you using to bridge between pfSense (the NIC) and your wifi devices ?
    An AP ?
    Is it in bridge mode (NOT router mode) ?
    All devices have good IP's listed on the DHCP server on pfSense ?

  • 0 Votes
    2 Posts
    525 Views
    R

    Here it worked :
    On pfsense box free radius + CP. Freeradius binds to a separate LDAP server.

    I will try to help you when you'll have posted more infos.

  • PfSense - SMS Gateway Integration

    3
    0 Votes
    3 Posts
    5k Views
    M

    There is this:

    http://wiki.freeradius.org/modules/Rlm_smsotp

    Although my personal preference would be to use an app, like one of these instead of an email:

    http://motp.sourceforge.net/#6

    The otpverify.sh script is used with a FreeRADIUS server to generate a one-time six-digit password. The app runs on the phone and generates the password which the user can use only once to authenticate.

    Personally, I've built a FreeRADIUS machine which uses the optverify.sh/Mobile-OTP combination in conjunction with Active Directory. An 'ldapsearch' script scrapes the AD schema for members of the relevant AD group (eg: CPUsers), creates the associated PIN and secret, emails the user these details and populates the FreeRADIUS users file with the relevant data. The radius server then uses the otpverify.sh script to check the passcode generated by the mobile app. It is, however, essential that the radius server and the mobile phone/tablet in question are synchronized correctly time-wise. Not quite SMS, but it works.

  • Captive Portal SMS integration

    2
    0 Votes
    2 Posts
    1k Views
    B

    Yes tux. thanks for the offer to share your knowledge. I'd really want to integrate captive portal to an sms gateway. This will enable clients receive login credentials (username and password) based on the information contained in sms gateway. bob

  • Allowed hostnames issues for https pages

    2
    0 Votes
    2 Posts
    696 Views
    D

    https://redmine.pfsense.org/issues/4746

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.