• Captive Portal FreeRadius on PFSense 2.2

    1
    0 Votes
    1 Posts
    795 Views
    No one has replied
  • MSCHAPv2: How a shared key is used in auth request

    4
    0 Votes
    4 Posts
    999 Views
    E

    MSCHAPv2 uses a server side digital certificate. With this certificate it creates a secure tunnel. Inside this tunnel it uses CHAP or even PAP authentication.

    Hopes this helps. Otherwise google RADIUS + MSCHAPv2. There is alot of information about it.

  • Location of MAC, Allowed IP Address, Allowed Hostnames in Filesystem

    2
    0 Votes
    2 Posts
    616 Views
    D

    config.xml, as everything else. Do NOT mess with stuff via command line, everything will get lost on reboot. Backup the config, edit and restore.

  • Vouchers

    3
    0 Votes
    3 Posts
    1k Views
    DerelictD

    The more characters in your character set the more bits are represented by each character.  If you reduce the character set to just 0-9 and leave everything the same, your voucher codes will be a lot longer since each character only represents just over 3 bits.

    These are the codes generated with a 31-bit RSA key and just characters 0-9:

    9767485071
    4491872511
    4010085371
    7614876371
    0462301741
    5243682381
    3307579181
    5803371332
    513190794
    634302458

    Same settings, same 31-bit key but with the following character set: 23456789abcdefghijkmnpqrstuvwxyz

    wzig7z3
    zamms3
    qap4t54
    nkrxf8
    8mm4iw3
    6hkyas3
    saz7xh
    zsinyi3
    bybac33
    ks7uzq

    Now we'll include capitals: 23456789abcdefghijkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ

    57TnR
    tuWwW5
    Lc4N93
    L9cXZ
    n39mK5
    QEuvD5
    2ugKX5
    5WYvL3
    ppmEr5
    Mtmab

    I, personally, don't think capitals are worth going from a maximum of 7 characters to a maximum of 6.

  • Captive Portal login with voucher no longer possible since 2.2

    2
    0 Votes
    2 Posts
    819 Views
    D

    Helps to read the nifty release notes and fix your CP pages code…

    https://doc.pfsense.org/index.php/2.2_New_Features_and_Changes#Captive_Portal

  • NEW SETUP - Captive Portal

    6
    0 Votes
    6 Posts
    5k Views
    DerelictD

    It'll do just fine.  Overkill is a matter of opinion.

    You want a rule allowing access from LAN net  to "any" not the gateway IP.

    Of course, you want to block access from LAN to anything you don't want your guests to have access to.

    Having access to free software like pfSense, I can't imagine why anyone would want to run the "firewall" built into a DSL modem, but that too is probably a matter of opinion.

    Sorry for the noobness, but I'm trying and the documentation references here are minimal, most to buy the book if you want anything detailed(which I don't like)…

    Hmm.  There are plenty of Captive Portal setup walkthroughs available.  From what you've described so far, it's a simple firewall rule problem.

    https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting

    doc.pfsense.org.  Charge: $0.00

  • IPv6 and captive portal

    3
    0 Votes
    3 Posts
    1k Views
    D

    As noted above, there is no IPv6 support in CP. (Also, I don't create any "default" any->any IPv6 rule on CP interfaces, so the traffic will get blocked by pf no matter what ipfw does.)

  • 2nd client gain internet access without entering voucher after 1st client

    4
    0 Votes
    4 Posts
    881 Views
    GertjanG

    @Ferry:

    ….
    i disabled dhcp in my linksys router

    It's not an idea. It was the only solution.

    If the DHCP server on AP was running then your clients could get a IP that the portal didn't assign. That is NOT good. But, never ever the client can pass the portal interface. It would mean that a client could assign himself an IP (static IP) in the net mask of the portal interface, and he would have a free ride.
    No way.

    If a second clients can pass through  the portal right away after a first client did login (with a password, voucher, whatever) then all your visitors are using the same IP and MAC. This means that your AP is in router mode.

    You probably deactivated the "router-mode" of you AP.
    That's why every thing works now as advertised  ;)

  • Captive portal with ibsng

    7
    0 Votes
    7 Posts
    1k Views
    A

    Thanks a lot.How can I use radius proxy?I did not find any instruction.

  • ByPassing Captive Portal With Proxy

    7
    0 Votes
    7 Posts
    4k Views
    T

    Thanks @Gertjan for that.  I'm actually using the stable version of squid.  I think squid3 beta is the best option for me now though I would prefer the stable version.  I actually need captive portal users to use the proxy server which we heavily do caching.  Thank you everyone!

  • Captive Portal

    3
    0 Votes
    3 Posts
    863 Views
    E

    Explain your setup more clearly.

    U can limit the amount of MBs with RADIUS. Doesn't Mather if yoiu use a AP or not.

  • FreeRadius2 Acct-Input-Octets attribute problem

    1
    0 Votes
    1 Posts
    607 Views
    No one has replied
  • TOS and confirmation checkbox only

    15
    0 Votes
    15 Posts
    4k Views
    GertjanG

    Just keep in mind that CNA might not support 'javascript'.

  • Don’t open automatic login page when user connect to wifi first time

    5
    0 Votes
    5 Posts
    2k Views
    DerelictD

    When the portal page doesn't come up it is almost always:

    HTTPS set as browser's home page (go to a regular http site - just type 10.10.10.10 in the browser or something)
    DNS (usually static DNS servers in the client even though they're DHCP)

    Find out what port your portal is on and try connecting directly to that.  (eg http://192.168.10.1:8002)

  • How many concurrent user could be connected via captive portal?

    3
    0 Votes
    3 Posts
    1k Views
    U

    in this moment we have connected 11596 users , not all this users is online simultaneously.

  • CP + proxy, how to make landing page redirect?

    1
    0 Votes
    1 Posts
    697 Views
    No one has replied
  • After upgrade to 2.2 redirection broken to the captive portal.

    10
    0 Votes
    10 Posts
    7k Views
    DerelictD

    Thanks.  That still doesn't make it entirely clear that your port 8000/8001 portal is going to be changed to 8002/8003, etc.

  • Captive portal pop up logout problem

    3
    0 Votes
    3 Posts
    1k Views
    A

    Hello Gertjan!

    Thanks for the reply.

    with squid non transparent I am sure downloading continues after disconnecting via CP. In transparent squid everything is ok.

    I am using pfsense 2.0.3 only because in this version I can use non transparent squid with CP login option as using non transport squid I can block https traffic and also able to cache https traffic.

  • Users on reboot

    6
    0 Votes
    6 Posts
    1k Views
    6

    @ermal:

    You are sure this is still true on 2.2?

    Not sure if MAC passthrough is still slow when new users join and there are already thousands in the list, but just allowing them through, the database appears to be cleared on reboot.

  • Concurrent CP users

    1
    0 Votes
    1 Posts
    659 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.