No. Start coding… :P

@Gertjan:

Keep in mind that this (and maybe others) issue exists : https://redmine.pfsense.org/issues/4605#note-1

that has no relation to captive portal, OP's circumstance works perfectly fine in 2.2.2.

just to clarify,
yes the "After authentication Redirection URL" field in CP config works, to the extent that I can nominate a web a page to bring the user to.
But ideally we require to insert the user name on that page as you see from our PHP code. And that works fine on our test web server (not pfSense) when we use our own redirect coding

I would like to know if there is a way to pass a variable to the "After authentication Redirection URL" to achieve what we want to do
www.hayfieldmanor.ie/wifi-landing-page?user=$fname

And secondly with the user data we capture on the index.php to write the data to captiveportal-data.csv, again our code works on a regular webserver but not when uploaded to pfSense

Does anyone know what we should do to tweak things and get it working on pfSense?

Thanks

The DNS needs to be working. I.e., you must put the IPs into allowed IPs in CP. Doesn't need to be on pfSense at all.

https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting

Hi,

The bas news:
Natively, something like that doesn't exists in pfSense - as you already figured out.

The good one:
The possibility to make it happen is only limited to ONE thing : how good is your PHP knowledge ;)

@duke:

….
Any idea to fix this bug? Anyone can contact the maintainer of this package to report the problem?

You can do so  ;)

If … one still exists.

Where "disable concurrent logins" is checked and you're using vouchers, you'll see something like this in your portal auth log when connecting a second machine.

Jun 8 21:25:08 logportalauth[72742]: Zone: zone1 - CONCURRENT LOGIN - TERMINATING OLD SESSION: BvCaK7yXvRa3, 00:50:56:a7:5a:58, 192.168.155.101 Jun 8 21:25:08 logportalauth[72742]: Zone: zone1 - Voucher login good for 5 min.: BvCaK7yXvRa3, 00:0c:29:cc:8c:a3, 192.168.155.102

That removes the original session and adds a new one for the new MAC. It works, I just ran through testing of it again on 2.2.2.

Thanks, I had figured that out earlier.  Seemed to fix that.  Merci!

I think that's only if Concurrent user logins is disabled.

Regarding the voucher length, getting down to 4 or 5 characters is going to be hard.  The smallest I could manage was this:

31-bit RSA key

Character set: 2345678abcdefhijkmnpqrstuvwxyz
# of Roll Bits: 12
# of Ticket Bits: 12
# of Checksum Bits: 8

That yields 7-8 characters.  You can get fewer characters by adding capital letters to the character set, but that really doesn't make it any easier for users to enter on their phones.

No, you won't clobber the default page.  It's included in the captiveportal.inc php page.

As far as going back to defaults you have to upload a 0-length file.  On unix you could:

cp /dev/null captive_portal_reset.html

Then upload that as the page content file.

@rossmat:

…..
Regarding the portal index.php code, it should be the first one. Regarding the authentification method setting in WebGui, it should be the second one (option "Local User Manager / Vouchers", local auth method).

I guess you're right.

Keep in mind that it will be valid if you are using the default login page (which gives the user the possibility to enter a user+password, or voucher code).
Adapt this login page (throw out the voucher-part) and voucher are useless even if they exists and activated: no one could enter a voucher code.

Thanks for tracking that down further.

Check "ipfw zone list" to find your zone number. Mine's 2. Then check all the table contents with "ipfw -x 2 table all list". I have pfsense.org in as an allowed hostname, and correctly get:

ipfw -x 2 table all list ---table(0)--- 0.0.0.0/0 49 ---table(3)--- 208.123.73.69/32 2090 ---table(4)--- 208.123.73.69/32 2091

But it's not there after a reboot. Edit and save one of the allowed hostnames and it populates them correctly.
https://redmine.pfsense.org/issues/4746

Should work now if you just edit and save one of the entries after booting up. That works for me with one or multiple hostnames.

Hi,

Same reply as here : https://forum.pfsense.org/index.php?topic=94711.0

@muneebkalathil:

Hi ,

I want to create a 2 way authentication for the captive portal.
I prefer Sms Authentication. Any one can help me ?? … please :(

Or Is there any other way similar to this ?.

Thank You

This means some serious coding is needed.
Ask your question here https://forum.pfsense.org/index.php?board=34.0 and start talking about € or $.
No one can help you to learn this doing it yourself. Learning is an individual thing.

I think the last suggestion would probably work. I'll look into setting it up that way. Thanks.

In my experience, with 8GB RAM, some number of thousands or 10s of thousands.  Enough to worry about your subnet sizes and DHCP leases more than the number of portal users.

I'm running PFsense on a pfsense built device, not sure, possibly I can install mysl or something … this has to be robust as it's going to the south pole.

We had exact the same problem. Restoring an older (working) backup configuration doesn't fix the problem, a factory reset doesn't fix the problem, a fresh install and everything is working again. Really strange…

I have and idea but you need one additional equipment.
Your exiting environment

WAN/Internet
                                                |
                            Pfsense with captive portal
                                          |        |
                                      LAN1    LAN2
                                        |              |
                            Client LAN1    Client LAN2

I propose for you solution add L2/L3 Switch or addition Pfsense server for (Inter-LAN Communication)
New enviroment

WAN/Internet
                                                |
                            Pfsense with captive portal
                                                |
                                                |
                            L2/L3 Switch with Routing/ACL (Inter-LAN Comm)
                                        |              |
                                      LAN1    LAN2
                                        |              |
                            Client LAN1    Client LAN2

Hope this help.

Perfect.  Thanks.

I'm already using a custom portal_reply_page() and index.php.  Ought to be a piece of cake.