@danicavini
Thanks, i will try it !

@undrblack

Without knowing the details :
When you remove the 'virtual' part, that is : running pfSense with 3 real networking interfaces, bare bone, your issue will be gone. I can imagine the vitual interfaces / switch can be set up many ways, some of them could be wrong ?
See also Virtualization ! if you have a Windows 10 (Pro) orMS SErver : use the build in Hyper-V : I've one running iwth Hyper-V, and it works fine. There is a detailed step by step setup guide in the doc.
When a client connects to the Wifi, can you see the DHCP server log 'lease' attribution on the right interface ? What was the IP/mask/gateway/DNS received on the client ? That info should correspond to with the pfSense portal NIC.
pfSEnse doesn't handle the the AP <=> Client radio (wifi) connection.
if the AP is an AP and router, the pfSense portal only sees the IP and MAC of the router, not the IP and MAC of the clients. Ones a first client is logged in, all the others will pass without seeing a login screen.

@steveits Great! I love pfSense.

@raymondchauke I would also love to see that and it is my hope they add to it.

@mbunal merhaba AP'lerde ağ için parola tanımlaması yaparsanız ağa bağlanmak isteyen her cihaz için önce wifi parolası girilmesi istenir sonrasında captive portal ekranına girerek oturum açmaları istenir. eğer ağlara bağlanan cihazlar aynı ise captive portal üzerinden mac adreslerine tek tek izin verebilirsiniz.

@gertjan said in Pfsense captive portal does not show on IPhone !!:

They don't care about de local castle from the 14 century.

heheh - I don't know when I was on business trips my favorite part was taking in the local history and stuff to do. This was mostly the local tavern ;) But still - hehehe

I spent a bit of time in Tulle on multiple occasions.. I had a couple of fav watering holes there.. One of my favorite spots was a little place tucked away on a side street, loved to sit outside and just watch the people going about their business and enjoy a few beers..

It was across from the cathedral there, and believe that was from the 14th century ;)

Your customizing, right ?

Use https://pfsense.yourlan.tld/system_usermanager.php as an example.

Normally, when you use a page like "https://pfsense.yourlan.tld/system_usermanager.php" you should be logged in.
But, as you create your won "user edit" page, you could throw away that need. Just borrow (copy) the code you need to update the user's settings - the 'saving part is happening after the line that says :

if ($_POST['save'] && !$read_only) {

Something like : have to look up the user ID first, and if it exists, compare the old password with what the user entered (first "old" password box) and if there is a match, update the user's password with what he entered in the "new" password second box.
This way, you allow only known users to change their own password.

https://forum.netgate.com/topic/97205/template-roll-printer-with-options-for-2-2-6-2-3-2-3-4-2-4-0

Hi,

@emad said in Nginx "404 Not Found" Error after POST action to "$PORTAL_ACTION%2quot;:

So, do I miss knowledge with CP behavior or should I modify something?

You might as well check (== read and understand what happens when and why etc) this file /usr/local/captiveportal/index.php
It's the file that's get 'executed' when a users is redirected that the portal login interface.
Read that file carefully - and also check this one : /etc/inc/captiveportal.inc which contains all the functions.

For instance, you'll find why/where/when a string like $PORTAL_ACTION$ is replaced by the correct URL before getting send to the client.
Throwing $PORTAL_ACTION$ at the client's web browser who throws it back to the captive portal web server will produce 404 errors.

Issue created: https://redmine.pfsense.org/issues/10798

@anwarmoinudeen Hi Sir did your issue got resolved already? i also have the same issue in pfsense

@Gertjan shodan.io is a service that scans the internet for known exposure and for vulnerabilities

i remember you are french, so I link you here a video in French on the subject https://youtu.be/SxjmOFBtsvk

Thanks dear for your kind reply. I solved my problem that I created another portal to handle the pfsense CP pages to the users and now everything is going perfect EXPECT I need to add a code to my logout page to get the close event from the pages with a warning message to the users that "if you close this page will be logged-out" then if the user confirm this warning message I will force the logout button before closing.
Your suggestion is highly appreciated :)

Thanks dear for your kind reply :)

This :
fd71b78d-7064-43fc-a6ee-6a3e8d963ee1-image.png

Is the 'simple' setup.

The ipfw firewall works best when it 'sees' the MAC addresses of the connected devices.
If it doesn't, well ... check our AP again : make it work as an AP, not a router. Routers hide MAC addresses for upstream routers (= pfSense). That not good if you want the captive portal to work flawlessly.

If you just want a count, you can use the script that is there for RRD:

/usr/local/bin/php-cgi -q /usr/local/bin/captiveportal_gather_stats.php '<zone name>' 'loggedin'

/usr/local/bin/php-cgi -q /usr/local/bin/captiveportal_gather_stats.php '<zone name>' 'concurrent'

@Gertjan Other one are missing,

because of google being blocked in china, cellphones and multiple chinese garbage browsers (360browser, etc...) are usually using one of these URL:

https://connect.rom.miui.com/generate_204 (Xiaomi) http://www.qualcomm.cn/generate_204 (Huawei) http://www.265.com/generate_204 (Google Chrome, Asus cellphones. This website is owned by google)

I also heard that nintendo devices are using http://conntest.nintendowifi.net for captive portal detection
but anyway, i don't think that's very important..

@Gertjan said in Trouble With CaptivePortal on Two VLANs in One Interface:

You are already using multiple interfaces - a VLAN is considered as a interface.

Typically, each interface has its own dedicated AP(s) - using a dedicated radio (== Wifi) setup.
A user should choose the correct Wifi SSID first to use the correct network. You can't automatize this.

I just wanted to make it happen. I was planning to redirect the user to the correct VLAN by using just one SSID. But I completely got that I can not do it. Thanks for your helps.

@free4 I still can not find an opportunity to try PacketFence. I will write down here if I can be successful on it.

@Gertjan thanks, it looks like a solid explanation for my case

@jimp Thanks, this reply helped a lot

I think I got it going. After upgrading to v.2.4.4 I downloaded the built-in portal.html and adapted it to work for me. the ones in the book didn't work.
thx for your patience with me.

Install the Patch package.
Read the Patch package manual (Netgate's pfSense doc).

Or : as you already found out, it concerns only the edit of a file, a couple of lines.
A good text editor like Ultraedit or Notepad++ and a tool like SmartFTP or FileZilla (both can handle SFTP access) and your do it as is done old fashioned way - ans still today : with your fingers. Btw : and keyboard.