What should be used as a proxy server

@Gertjan:

@dylanh724:

Why are you even on this forum if you believe we have no control? That's what PFS is about mate :) In the time you said this, I logged into /etc/captiveportal-logout-something , took out the js that made it a popup, and suddenly works fine, just an ugly window that can be edited.

Because its a free world.
You have the right to be wrong. Me also  ;)

Anyway, your new approach isn't a popup solution (as implemented by pfSense) but you use the Redirect - which is, I guess, a better solution.
Just one question : why isn't it implemented already ?

@dylanh724:

http://pfsip:8000/?logouturl=&sessionid=&cpzone=&logout=

Now, that's why I'm here  ;D
Have a look at this https://forum.pfsense.org/index.php?topic=77143.0 - read all pages (more then 6) and you will find out how to access this needed $sessionid so you can create an URL that will log you out.

Oooooh… thank you free world :) I'll take a look

"Why isn't this already implemented as a feature?"
Good question! This should really be the default feature with popup blockers being almost default these days.

@dylanh724:

Every time, it fails. Adding to the "allowed IP addresses" is apparently only port 80.. how do I allow a different port on same allowed IP? It doesn't allow me to specify. Help!

I already showed you ( https://forum.pfsense.org/index.php?topic=69499.msg494565#msg494565 ) that devices that are on the "Captive Portal network segment" can communicate freely when their IP is on the "Allow" list.
But, of course, (your !) firewall rules on the "Captive Portal network segment interface" apply for 'outgoing' connections.

As asked before : do you really have no time to hand over a more details network setup ?
This

I have a RESTful service to send login info to on port 7833 (I can change the port, but no other port works but 80 – but can't do 80).

might be a reasonable question for you. Understand that a lot of info is missing, and this (might) explain why there are no answers.

yep, works fine.

thank you.
SM

"with no controller"  …. Agreed

Well, ….

Now you told that everything is running on the same server, I guess your fine.
Everything will be a as safe as is your "virtualbox".
Not that I know anything about vitalization. I'm old-fashioned : router (pfSEnse) in a box, servers are in their own boxes, all of them are physical boxes. With wires and so in between them ;)

Dear doktornotor,

Thank you very much. I can read the text about CARP changes in 2.2, but I am unable to make sense out of it - probably it is not myself alone.

By my understanding, the CP guest network is something like the LAN to guests. The pfSense 2.1 draft book lists the following CARP example on page 473:

Table 25.2. LAN IP Address Assignments
IP Address Usage
192.168.1.1 CARP shared IP
192.168.1.2 Primary firewall LAN IP
192.168.1.3 Secondary firewall LAN IP

This was my world for a long time. Translated to my CP it meant that 192.168.4.1 was the router (Gateway, DNS) for guests. And that address was sometimes held by the primary and sometimes by the secondary firewall. Guests would not have to know about that. In my translation, 192.168.1.2 was 192.168.4.78 and 192.168.1.3 was 192.168.4.79.

Please let me know HOW I can move the CARP IP elsewhere. I have tried to understand that for a long time, but I cannot solve it intuitively and I cannot find documentation. To which interface would I move the CARP IP? Then, how could guests reach the CARP IP if it it was not on their networks interface anymore? The aim should still be that guests have one Gateway and DNS IP, regardless which firewall is master at a given point in time. Ideally, that address would be 192.168.4.1.

My CARP setting is enclosed as a jpg screenshot. DMESG output is attached below.

Thank you very much for your efforts!

Regards,

Michael Schefczyk

$ dmesg | less
Copyright © 1992-2014 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 10.1-RELEASE-p4 #0 36d7dec(releng/10.1)-dirty: Thu Jan 22 15:12:35 CST 2015
    root@pfsense-22-amd64-builder:/usr/obj.amd64/usr/pfSensesrc/src/sys/pfSense_SMP.10 amd64
FreeBSD clang version 3.4.1 (tags/RELEASE_34/dot1-final 208032) 20140512
CPU: Intel(R) Atom(TM) CPU  C2758  @ 2.40GHz (2400.06-MHz K8-class CPU)
  Origin = "GenuineIntel"  Id = 0x406d8  Family = 0x6  Model = 0x4d  Stepping = 8
  Features=0xbfebfbff <fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,htt,tm,pbe>Features2=0x43d8e3bf <sse3,pclmulqdq,dtes64,mon,ds_cpl,vmx,est,tm2,ssse3,cx16,xtpr,pdcm,sse4.1,sse4.2,movbe,popcnt,tscdlt,aesni,rdrand>AMD Features=0x28100800 <syscall,nx,rdtscp,lm>AMD Features2=0x101 <lahf,prefetch>Structured Extended Features=0x2282 <tscadj,smep,erms>VT-x: PAT,HLT,MTF,PAUSE,EPT,UG,VPID
  TSC: P-state invariant, performance statistics
real memory  = 17179869184 (16384 MB)
avail memory = 16567734272 (15800 MB)
Event timer "LAPIC" quality 600
ACPI APIC Table: <intel  tiano ="">FreeBSD/SMP: Multiprocessor System Detected: 8 CPUs
FreeBSD/SMP: 1 package(s) x 8 core(s)
cpu0 (BSP): APIC ID:  0
cpu1 (AP): APIC ID:  2
cpu2 (AP): APIC ID:  4
cpu3 (AP): APIC ID:  6
cpu4 (AP): APIC ID:  8
cpu5 (AP): APIC ID: 10
cpu6 (AP): APIC ID: 12
cpu7 (AP): APIC ID: 14
ACPI BIOS Warning (bug): Invalid length for FADT/Pm1aControlBlock: 32, using default 16 (20130823/tbfadt-682)
ioapic0 <version 2.0="">irqs 0-23 on motherboard
wlan: mac acl policy registered
ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_bss_fw, 0xffffffff80606c30, 0) error 1
ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_ibss_fw, 0xffffffff80606ce0, 0) error 1
ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_monitor_fw, 0xffffffff80606d90, 0) error 1
iwi_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi/.
iwi_bss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (iwi_bss_fw, 0xffffffff8062e400, 0) error 1
iwi_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi/.
iwi_ibss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (iwi_ibss_fw, 0xffffffff8062e4b0, 0) error 1
iwi_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi/.
iwi_monitor: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (iwi_monitor_fw, 0xffffffff8062e560, 0) error 1
random: <software, yarrow="">initialized
module_register_init: MOD_LOAD (vesa, 0xffffffff80fb8b00, 0) error 19
kbd0 at kbdmux0
cryptosoft0: <software crypto="">on motherboard
padlock0: No ACE support.
acpi0: <alaska a="" m="" i="">on motherboard
acpi0: Power Button (fixed)
cpu0: <acpi cpu="">on acpi0
cpu1: <acpi cpu="">on acpi0
cpu2: <acpi cpu="">on acpi0
cpu3: <acpi cpu="">on acpi0
cpu4: <acpi cpu="">on acpi0
cpu5: <acpi cpu="">on acpi0
cpu6: <acpi cpu="">on acpi0
cpu7: <acpi cpu="">on acpi0
hpet0: <high precision="" event="" timer="">iomem 0xfed00000-0xfed003ff on acpi0
Timecounter "HPET" frequency 14318180 Hz quality 950
Event timer "HPET" frequency 14318180 Hz quality 350
Event timer "HPET1" frequency 14318180 Hz quality 340
Event timer "HPET2" frequency 14318180 Hz quality 340
atrtc0: <at realtime="" clock="">port 0x70-0x77 irq 8 on acpi0
atrtc0: Warning: Couldn't map I/O.
Event timer "RTC" frequency 32768 Hz quality 0
attimer0: <at timer="">port 0x40-0x43,0x50-0x53 irq 0 on acpi0
Timecounter "i8254" frequency 1193182 Hz quality 0
Event timer "i8254" frequency 1193182 Hz quality 100
Timecounter "ACPI-fast" frequency 3579545 Hz quality 900
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x408-0x40b on acpi0
pcib0: <acpi host-pci="" bridge="">port 0xcf8-0xcff on acpi0
pci0: <acpi pci="" bus="">on pcib0
pcib1: <acpi pci-pci="" bridge="">mem 0xdf6e0000-0xdf6fffff irq 16 at device 1.0 on pci0
pci1: <acpi pci="" bus="">on pcib1
pcib2: <acpi pci-pci="" bridge="">at device 0.0 on pci1
pci2: <acpi pci="" bus="">on pcib2
vgapci0: <vga-compatible display="">port 0xd000-0xd07f mem 0xde000000-0xdeffffff,0xdf000000-0xdf01ffff irq 16 at device 0.0 on pci2
vgapci0: Boot video device
pcib3: <acpi pci-pci="" bridge="">mem 0xdf6c0000-0xdf6dffff irq 16 at device 2.0 on pci0
pci3: <acpi pci="" bus="">on pcib3
xhci0: <xhci (generic)="" usb="" 3.0="" controller="">mem 0xdf500000-0xdf501fff irq 17 at device 0.0 on pci3
xhci0: 64 byte context size.
usbus0 on xhci0
pcib4: <acpi pci-pci="" bridge="">mem 0xdf6a0000-0xdf6bffff irq 20 at device 3.0 on pci0
pci4: <acpi pci="" bus="">on pcib4
igb0: <intel(r) 1000="" pro="" network="" connection="" version="" -="" 2.4.0="">port 0xc020-0xc03f mem 0xdf200000-0xdf2fffff,0xdf404000-0xdf407fff irq 22 at device 0.0 on pci4
igb0: Using MSIX interrupts with 9 vectors
igb0: Bound queue 0 to cpu 0
igb0: Bound queue 1 to cpu 1
igb0: Bound queue 2 to cpu 2
igb0: Bound queue 3 to cpu 3
igb0: Bound queue 4 to cpu 4
igb0: Bound queue 5 to cpu 5
igb0: Bound queue 6 to cpu 6
igb0: Bound queue 7 to cpu 7
igb1: <intel(r) 1000="" pro="" network="" connection="" version="" -="" 2.4.0="">port 0xc000-0xc01f mem 0xdf100000-0xdf1fffff,0xdf400000-0xdf403fff irq 23 at device 0.1 on pci4
igb1: Using MSIX interrupts with 9 vectors
igb1: Bound queue 0 to cpu 0
igb1: Bound queue 1 to cpu 1
igb1: Bound queue 2 to cpu 2
igb1: Bound queue 3 to cpu 3
igb1: Bound queue 4 to cpu 4
igb1: Bound queue 5 to cpu 5
igb1: Bound queue 6 to cpu 6
igb1: Bound queue 7 to cpu 7
pci0: <processor>at device 11.0 (no driver attached)
pci0: <base peripheral,="" iommu=""> at device 15.0 (no driver attached)
igb2: <intel(r) 1000="" pro="" network="" connection="" version="" -="" 2.4.0="">port 0xe0c0-0xe0df mem 0xdf660000-0xdf67ffff,0xdf70c000-0xdf70ffff irq 20 at device 20.0 on pci0
igb2: Using MSIX interrupts with 9 vectors
igb2: Bound queue 0 to cpu 0
igb2: Bound queue 1 to cpu 1
igb2: Bound queue 2 to cpu 2
igb2: Bound queue 3 to cpu 3
igb2: Bound queue 4 to cpu 4
igb2: Bound queue 5 to cpu 5
igb2: Bound queue 6 to cpu 6
igb2: Bound queue 7 to cpu 7
igb3: <intel(r) 1000="" pro="" network="" connection="" version="" -="" 2.4.0="">port 0xe0a0-0xe0bf mem 0xdf640000-0xdf65ffff,0xdf708000-0xdf70bfff irq 21 at device 20.1 on pci0
igb3: Using MSIX interrupts with 9 vectors
igb3: Bound queue 0 to cpu 0
igb3: Bound queue 1 to cpu 1
igb3: Bound queue 2 to cpu 2
igb3: Bound queue 3 to cpu 3
igb3: Bound queue 4 to cpu 4
igb3: Bound queue 5 to cpu 5
igb3: Bound queue 6 to cpu 6
igb3: Bound queue 7 to cpu 7
igb4: <intel(r) 1000="" pro="" network="" connection="" version="" -="" 2.4.0="">port 0xe080-0xe09f mem 0xdf620000-0xdf63ffff,0xdf704000-0xdf707fff irq 22 at device 20.2 on pci0
igb4: Using MSIX interrupts with 9 vectors
igb4: Bound queue 0 to cpu 0
igb4: Bound queue 1 to cpu 1
igb4: Bound queue 2 to cpu 2
igb4: Bound queue 3 to cpu 3
igb4: Bound queue 4 to cpu 4
igb4: Bound queue 5 to cpu 5
igb4: Bound queue 6 to cpu 6
igb4: Bound queue 7 to cpu 7
igb5: <intel(r) 1000="" pro="" network="" connection="" version="" -="" 2.4.0="">port 0xe060-0xe07f mem 0xdf600000-0xdf61ffff,0xdf700000-0xdf703fff irq 23 at device 20.3 on pci0
igb5: Using MSIX interrupts with 9 vectors
igb5: Bound queue 0 to cpu 0
igb5: Bound queue 1 to cpu 1
igb5: Bound queue 2 to cpu 2
igb5: Bound queue 3 to cpu 3
igb5: Bound queue 4 to cpu 4
igb5: Bound queue 5 to cpu 5
igb5: Bound queue 6 to cpu 6
igb5: Bound queue 7 to cpu 7
ehci0: <intel avoton="" usb="" 2.0="" controller="">mem 0xdf717000-0xdf7173ff irq 23 at device 22.0 on pci0
usbus1: EHCI version 1.0
usbus1 on ehci0
ahci0: <intel avoton="" ahci="" sata="" controller="">port 0xe150-0xe157,0xe140-0xe143,0xe130-0xe137,0xe120-0xe123,0xe040-0xe05f mem 0xdf716000-0xdf7167ff irq 19 at device 23.0 on pci0
ahci0: AHCI v1.30 with 4 3Gbps ports, Port Multiplier not supported
ahcich0: <ahci channel="">at channel 0 on ahci0
ahcich1: <ahci channel="">at channel 1 on ahci0
ahcich2: <ahci channel="">at channel 2 on ahci0
ahcich3: <ahci channel="">at channel 3 on ahci0
ahci1: <intel avoton="" ahci="" sata="" controller="">port 0xe110-0xe117,0xe100-0xe103,0xe0f0-0xe0f7,0xe0e0-0xe0e3,0xe020-0xe03f mem 0xdf715000-0xdf7157ff irq 19 at device 24.0 on pci0
ahci1: AHCI v1.30 with 2 6Gbps ports, Port Multiplier not supported
ahcich4: <ahci channel="">at channel 0 on ahci1
ahcich5: <ahci channel="">at channel 1 on ahci1
isab0: <pci-isa bridge="">at device 31.0 on pci0
isa0: <isa bus="">on isab0
uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
uart1: <16550 or compatible> port 0x2f8-0x2ff irq 3 on acpi0
orm0: <isa option="" roms="">at iomem 0xc0000-0xc7fff,0xc8000-0xc8fff,0xc9000-0xc9fff,0xca000-0xcafff on isa0
sc0: <system console="">at flags 0x100 on isa0
sc0: CGA <16 virtual consoles, flags=0x300>
vga0: <generic isa="" vga="">at port 0x3d0-0x3db iomem 0xb8000-0xbffff on isa0
ppc0: cannot reserve I/O port range
est0: <enhanced speedstep="" frequency="" control="">on cpu0
p4tcc0: <cpu frequency="" thermal="" control="">on cpu0
est1: <enhanced speedstep="" frequency="" control="">on cpu1
p4tcc1: <cpu frequency="" thermal="" control="">on cpu1
est2: <enhanced speedstep="" frequency="" control="">on cpu2
p4tcc2: <cpu frequency="" thermal="" control="">on cpu2
est3: <enhanced speedstep="" frequency="" control="">on cpu3
p4tcc3: <cpu frequency="" thermal="" control="">on cpu3
est4: <enhanced speedstep="" frequency="" control="">on cpu4
p4tcc4: <cpu frequency="" thermal="" control="">on cpu4
est5: <enhanced speedstep="" frequency="" control="">on cpu5
p4tcc5: <cpu frequency="" thermal="" control="">on cpu5
est6: <enhanced speedstep="" frequency="" control="">on cpu6
p4tcc6: <cpu frequency="" thermal="" control="">on cpu6
est7: <enhanced speedstep="" frequency="" control="">on cpu7
p4tcc7: <cpu frequency="" thermal="" control="">on cpu7
Timecounters tick every 1.000 msec
IPsec: Initialized Security Association Processing.
random: unblocking device.
usbus0: 5.0Gbps Super Speed USB v3.0
usbus1: 480Mbps High Speed USB v2.0
ugen1.1: <intel>at usbus1
uhub0: <intel 1="" 9="" ehci="" root="" hub,="" class="" 0,="" rev="" 2.00="" 1.00,="" addr="">on usbus1
ugen0.1: <0x1912> at usbus0
uhub1: <0x1912 XHCI root HUB, class 9/0, rev 3.00/1.00, addr 1> on usbus0
uhub1: 8 ports with 8 removable, self powered
uhub0: 8 ports with 8 removable, self powered
ugen1.2: <vendor 0x8087="">at usbus1
uhub2: <vendor 2="" 9="" 0x8087="" product="" 0x07db,="" class="" 0,="" rev="" 2.00="" 0.02,="" addr="">on usbus1
uhub2: 4 ports with 4 removable, self powered
ugen1.3: <american power="" conversion="">at usbus1
ugen1.4: <vendor 0x0000="">at usbus1
uhub3: <vendor 4="" 9="" 0x0000="" product="" 0x0001,="" class="" 0,="" rev="" 2.00="" 0.00,="" addr="">on usbus1
uhub3: 4 ports with 3 removable, self powered
ugen1.5: <vendor 0x0557="">at usbus1
ukbd0: <vendor 0="" 5="" 0x0557="" product="" 0x2419,="" class="" 0,="" rev="" 1.10="" 1.00,="" addr="">on usbus1
kbd1 at ukbd0
ada0 at ahcich4 bus 0 scbus4 target 0 lun 0
ada0: <hgst hts541010a9e680="" ja0oa560="">ATA-8 SATA 3.x device
ada0: Serial Number JA10001F1PP8AM
ada0: 600.000MB/s transfers (SATA 3.x, UDMA6, PIO 8192bytes)
ada0: Command Queueing enabled
ada0: 953869MB (1953525168 512 byte sectors: 16H 63S/T 16383C)
ada0: Previously was known as ad12
ada1 at ahcich5 bus 0 scbus5 target 0 lun 0
ada1: <hgst hts541010a9e680="" ja0oa560="">ATA-8 SATA 3.x device
ada1: Serial Number JA10001F1RA14N
ada1: 600.000MB/s transfers (SATA 3.x, UDMA6, PIO 8192bytes)
ada1: Command Queueing enabled
ada1: 953869MB (1953525168 512 byte sectors: 16H 63S/T 16383C)
ada1: Previously was known as ad14
SMP: AP CPU #3 Launched!
SMP: AP CPU #1 Launched!
SMP: AP CPU #6 Launched!
SMP: AP CPU #4 Launched!
SMP: AP CPU #2 Launched!
SMP: AP CPU #7 Launched!
SMP: AP CPU #5 Launched!
Timecounter "TSC-low" frequency 1200028632 Hz quality 1000
GEOM_MIRROR: Device mirror/pfSenseMirror launched (2/2).
Trying to mount root from ufs:/dev/mirror/pfSenseMirrors1a [rw]…
padlock0: No ACE support.
aesni0: <aes-cbc,aes-xts,aes-gcm>on motherboard
lagg0: IPv6 addresses on igb1 have been removed before adding it as a member to prevent IPv6 address scope violation.
lagg0: link state changed to DOWN
lagg0: IPv6 addresses on igb4 have been removed before adding it as a member to prevent IPv6 address scope violation.
lagg0: IPv6 addresses on igb5 have been removed before adding it as a member to prevent IPv6 address scope violation.
vlan0: changing name to 'lagg0_vlan4'
igb0: promiscuous mode enabled
carp: demoted by 240 to 240 (interface down)
igb3: promiscuous mode enabled
carp: demoted by 240 to 480 (interface down)
igb5: promiscuous mode enabled
igb4: promiscuous mode enabled
igb1: promiscuous mode enabled
lagg0: promiscuous mode enabled
carp: demoted by 240 to 720 (interface down)
lagg0_vlan4: promiscuous mode enabled
carp: demoted by 240 to 960 (interface down)
carp: demoted by 240 to 1200 (pfsync bulk start)
igb4: link state changed to UP
carp: VHID 3@lagg0: INIT -> BACKUP
carp: demoted by -240 to 960 (interface up)
lagg0: link state changed to UP
carp: VHID 4@lagg0_vlan4: INIT -> BACKUP
carp: demoted by -240 to 720 (interface up)
lagg0_vlan4: link state changed to UP
igb5: link state changed to UP
tun1: changing name to 'ovpns1'
tun2: changing name to 'ovpns2'
carp: VHID 2@igb3: INIT -> BACKUP
carp: demoted by -240 to 480 (interface up)
igb3: link state changed to UP
tun3: changing name to 'ovpns3'
tun4: changing name to 'ovpns4'
carp: VHID 1@igb0: INIT -> BACKUP
carp: demoted by -240 to 240 (interface up)
igb0: link state changed to UP
pflog0: promiscuous mode enabled
ovpns1: link state changed to UP
ovpns2: link state changed to UP
ovpns4: link state changed to UP
ovpns3: link state changed to UP
igb2: link state changed to UP
carp: demoted by -240 to 0 (pfsync bulk done)
carp: VHID 1@igb0: BACKUP -> MASTER (preempting a slower master)
carp: VHID 2@igb3: BACKUP -> MASTER (preempting a slower master)
carp: VHID 4@lagg0_vlan4: BACKUP -> MASTER (master down)
carp: VHID 3@lagg0: BACKUP -> MASTER (master down)
igb1: link state changed to UP
carp: demoted by 240 to 240 (send error 50 on lagg0)
ipfw2 (+ipv6) initialized, divert loadable, nat loadable, default to accept, logging disabled
DUMMYNET 0 with IPv6 initialized (100409)
load_dn_sched dn_sched FIFO loaded
load_dn_sched dn_sched QFQ loaded
load_dn_sched dn_sched RR loaded
load_dn_sched dn_sched WF2Q+ loaded
load_dn_sched dn_sched PRIO loaded

</aes-cbc,aes-xts,aes-gcm></hgst></hgst></vendor></vendor></vendor></vendor></american></vendor></vendor></intel></intel></cpu></enhanced></cpu></enhanced></cpu></enhanced></cpu></enhanced></cpu></enhanced></cpu></enhanced></cpu></enhanced></cpu></enhanced></generic></system></isa></isa></pci-isa></ahci></ahci></intel></ahci></ahci></ahci></ahci></intel></intel></intel(r)></intel(r)></intel(r)></intel(r)></processor></intel(r)></intel(r)></acpi></acpi></xhci></acpi></acpi></vga-compatible></acpi></acpi></acpi></acpi></acpi></acpi></at></at></high></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></alaska></software></software,></version></intel ></tscadj,smep,erms></lahf,prefetch></syscall,nx,rdtscp,lm></sse3,pclmulqdq,dtes64,mon,ds_cpl,vmx,est,tm2,ssse3,cx16,xtpr,pdcm,sse4.1,sse4.2,movbe,popcnt,tscdlt,aesni,rdrand></fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,htt,tm,pbe>

Nope.  One device per voucher or no limit per voucher.  My advice is to give them a voucher for each device or sell them one, set it for no limit and don't hassle it.

I want a configurable per-voucher client limit too, but it looks like a pretty big re-write.

Dont do this. U will get asymetric routing problems.

Well - I supposed I'd recommend going with a /24 (because I'm simple minded mostly), unless there is a reason not to.

Sure I can work with /16 and /8s and I do when I have to.  Does he have to?

@zoro_2009:

…. the Squid caching mechanism for the simple HTTP is doing wonders in our LAN, and I was really impatient doing the same for HTTPS as more and more sites goind pure SSL !

Negatif.
SSL connections are (normally) setup to guarantee "what the servers ouput, is what is being received by the 'client'".
A server that throws out SSL connections will indicate in the http headers that "this file should NOT be cached" because the 'client wants to see "really real time info" - even if this means that things come over slower. SSL means "You to me and no-one between us". Otherwise, a basic TCP connection will do.
A classic (non coded TCP) connection can be 'read' by a caching system, can be intercepted, cached (and translated, mangled, rerouted, whatever).
Think about this: your browser will NOT cache any information in receives when info came in by SSL.
A "cache" like squid will not 'cache' anything because it can't see what coming in (SSL, like VPN == just a random bitstream) - SSL is all about that. The cache can only 'just forward' because no caching is possible. A cache will actually just delay instead of accelerate SSL connections.

Caching SSL will be something like asking for a private 1 to 1 communication with a translator between the two of you. Fine, but you agree that the word 'private' should be redefined ;)

1/ Disable DHCP on the WRT320N and connect it via the LAN port.
2/ Absolutely no interest in proxies, sorry. Maybe someone else. (You will save yourself a lot of trouble by reconsidering what your really NEED.)

Thanks for the reply. I will just forget about it for now. I figured it was just a google calling home thing. Thanks again.

@-flo-:

…..
For sake of user’s saved login credentials I would prefer to have my single existing zone use ID 0 so the login page is still to be found on port 8000 as before. Is this possible, if so how?

"Login credentials" are not related to "using port x to authenticate" - "what is the zone ID (because many can exist)".
So, in case of doubt, just wipe all portal settings.
(go even to ssh, start viconfig - wipe everything between <captiveportal>and</captiveportal> , save back, reboot pfsense and set up portal up again.
(or export config - edit file with good editor like notepad++, and import back in - and then setup your portal again.)

The fact that it uses a port like 8001, or 8002 (https) or whatever is just a "behind the screen pfSense" thing.

@dylanh724:

….. can anyone give me a small guide to whitelist jquery?

Easy.
The answer is in front of you  ;)
Have a look at the source code of your page, and with-list all needed URLS's (or IP's) that are outside of your LAN.

'jquery' does not have its own 'fire wall rules'.
Its just a script that needs certain URL's - so white list these URL's.
Now you understand why you should consider putting these scripts locally (but then you keep in mind: if they are updated, you should update your local copies).

It might be easier to let the user first authenticate, and then let him use all the fancy stuff ….