captive portal: bye bye my love

The captive portal is being replaced! This hooks up the new page into the services section while ditching most of the old code. There'll be no migration, if you use package `opnsense-devel' and the captive portal you'll have to switch to `opnsense' or migrate to the new code. Beware that the new captive portal is going to be a huge step forward but features will trickle in week after week until it is stable enough to merge it. Latest release date is going to be 16.1.

captive portal: bye bye my love
The captive portal is being replaced! This hooks up the new page into the services section while ditching most of the old code. There'll be no migration, if you use package `opnsense-devel' and the captive portal you'll have to switch to `opnsense' or migrate to the new code. Beware that the new captive portal is going to be a huge step forward but features will trickle in week after week until it is stable enough to merge it. Latest release date is going to be 16.1.
5e5e6c2f · Franco Fichtner · 1812da68 · 5e5e6c2f · 1812da68 · 5e5e6c2f
Commit 5e5e6c2f authored Oct 15, 2015 by Franco Fichtner
63 changed files
--- a/src/Makefile
+++ b/src/Makefile
 ROOT=	/usr/local
-TREES=	captiveportal etc opnsense pkg sbin wizard www
+TREES=	etc opnsense pkg sbin wizard www

 .include "../Mk/tree.mk"
--- a/src/captiveportal/index.php
+++ b/src/captiveportal/index.php
--- a/src/etc/config.xml.sample
+++ b/src/etc/config.xml.sample
@@ -457,6 +457,6 @@
    </monitor_type>
  </load_balancer>
  <widgets>
-    <sequence>system_information-container:col1:show,captive_portal_status-container:col1:close,carp_status-container:col1:close,cpu_graphs-container:col1:close,gateways-container:col1:close,interface_statistics-container:col1:close,interface_list-container:col2:show,ipsec-container:col2:close,load_balancer_status-container:col2:close,log-container:col2:close,picture-container:col2:close,rss-container:col2:close,services_status-container:col2:close,traffic_graphs-container:col2:close</sequence>
+    <sequence>system_information-container:col1:show,carp_status-container:col1:close,gateways-container:col1:close,interface_statistics-container:col1:close,interface_list-container:col2:show,ipsec-container:col2:close,load_balancer_status-container:col2:close,log-container:col2:close,picture-container:col2:close,rss-container:col2:close,services_status-container:col2:close,traffic_graphs-container:col2:close</sequence>
  </widgets>
 </opnsense>
--- a/src/etc/inc/captiveportal.CHAP.inc
+++ b/src/etc/inc/captiveportal.CHAP.inc
--- a/src/etc/inc/captiveportal.inc
+++ b/src/etc/inc/captiveportal.inc
--- a/src/etc/inc/captiveportal.radius_accounting.inc
+++ b/src/etc/inc/captiveportal.radius_accounting.inc
-<?php
-
-/*
-    Copyright (c) 2006, Jonathan De Graeve <jonathan.de.graeve@imelda.be>
-    All rights reserved.
-
-    Redistribution and use in source and binary forms, with or without
-    modification, are permitted provided that the following conditions
-    are met:
-
-    1. Redistributions of source code must retain the above copyright
-       notice, this list of conditions and the following disclaimer.
-    2. Redistributions in binary form must reproduce the above copyright
-       notice, this list of conditions and the following disclaimer in the
-       documentation and/or other materials provided with the distribution.
-    3. The names of the authors may not be used to endorse or promote products
-       derived from this software without specific prior written permission.
-
-    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-    ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-    WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-    IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
-    INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-    BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-    DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
-    OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-    NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
-    EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-    This code cannot simply be copied and put under the GNU Public License or
-    any other GPL-like (LGPL, GPL2) License.
-
-    This code is made possible thx to samples made by Michael Bretterklieber <michael@bretterklieber.com>
-    author of the PHP PECL Radius package
-*/
-
-define('GIGAWORDS_RIGHT_OPERAND', '4294967296'); // 2^32
-
-/*
-RADIUS ACCOUNTING START
-----------------------
-*/
-
-PEAR::loadExtension('bcmath');
-
-function RADIUS_ACCOUNTING_START($ruleno, $username, $sessionid, $radiusservers, $clientip, $clientmac) {
-
-    global $config, $cpzone;
-
-    $retvalue = array();
-    $nas_mac = mac_format(get_interface_mac("wan"));
-    $clientmac = mac_format($clientmac);
-    $nas_port = intval($ruleno);
-    $radiusvendor = $config['captiveportal'][$cpzone]['radiusvendor'] ? $config['captiveportal'][$cpzone]['radiusvendor'] : null;
-
-    switch($radiusvendor) {
-
-        case 'cisco':
-        $calledstationid = $clientmac;
-        $callingstationid = $clientip;
-        break;
-
-        default:
-	$calledstationid = getNasIP();
-        $callingstationid = $clientmac;
-	break;
-    }
-
-    // Create our instance
-    $racct = new Auth_RADIUS_Acct_Start;
-
-    /* Different Authentication options
-     *
-     * Its possible todo other authentication methods but still do radius accounting
-     *
-     * RADIUS_AUTH_RADIUS => authenticated via Radius
-     * RADIUS_AUTH_LOCAL  => authenticated local
-     * RADIUS_AUTH_REMOTE => authenticated remote
-     *
-     */
-    $racct->authentic = RADIUS_AUTH_RADIUS;
-
-    // Construct data package
-    $racct->username = $username;
-    /*
-    Add support for more then one radiusserver.
-    At most 10 servers may be specified.
-    When multiple servers are given, they are tried in round-robin fashion until a valid response is received
-    */
-    foreach ($radiusservers as $radsrv) {
-        // Add a new server to our instance
-        $racct->addServer($radsrv['ipaddr'], $radsrv['acctport'], $radsrv['key']);
-    }
-
-    if (PEAR::isError($racct->start())) {
-        $retvalue['acct_val'] = 1;
-        $retvalue['error'] = $racct->getMessage();
-
-        // If we encounter an error immediately stop this function and go back
-        $racct->close();
-        return $retvalue;
-    }
-
-    /*
-     * NAS_PORT_TYPE, int => RADIUS_ETHERNET (15), RADIUS_WIRELESS_OTHER (18), RADIUS_WIRELESS_IEEE_802_11 (19)
-     */
-
-    // Default attributes
-    $racct->putAttribute(RADIUS_NAS_PORT_TYPE, RADIUS_ETHERNET);
-    $racct->putAttribute(RADIUS_NAS_PORT, $nas_port, 'integer');
-    $racct->putAttribute(RADIUS_ACCT_SESSION_ID, $sessionid);
-
-    // Extra data to identify the client and nas
-    $racct->putAttribute(RADIUS_FRAMED_IP_ADDRESS, $clientip, "addr");
-    $racct->putAttribute(RADIUS_CALLED_STATION_ID, $calledstationid);
-    $racct->putAttribute(RADIUS_CALLING_STATION_ID, $callingstationid);
-
-    // Send request
-    $result = $racct->send();
-
-    // Evaluation of the response
-    // 5 -> Accounting-Response
-    // See RFC2866 for this.
-    if (PEAR::isError($result)) {
-        $retvalue['acct_val'] = 1;
-        $retvalue['error'] = $result->getMessage();
-
-    } else if ($result === true) {
-        $retvalue['acct_val'] = 5 ;
-
-    } else {
-        $retvalue['acct_val'] = 1 ;
-
-    }
-
-    // close OO RADIUS_ACCOUNTING
-    $racct->close();
-    unset($racct);
-
-    return $retvalue ;
-
-}
-
-/*
-RADIUS ACCOUNTING STOP/UPDATE
-----------------------------
-*/
-
-function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radiusservers,$clientip,$clientmac, $term_cause = 1, $interimupdate=false,$stop_time = null) {
-
-    global $config, $cpzone;
-
-    $retvalue = array();
-    $nas_mac = mac_format(get_interface_mac("wan"));
-    $clientmac = mac_format($clientmac);
-    $nas_port = intval($ruleno);
-    $radiusvendor = $config['captiveportal'][$cpzone]['radiusvendor'] ? $config['captiveportal'][$cpzone]['radiusvendor'] : null;
-    $stop_time = (empty($stop_time)) ? time() : $stop_time;
-    $session_time = $stop_time - $start_time;
-    $volume['input_bytes_radius'] = remainder(0);
-    $volume['input_gigawords'] = gigawords(0);
-    $volume['output_bytes_radius'] = remainder(0);
-    $volume['output_gigawords'] = gigawords(0);
-
-    switch($radiusvendor) {
-
-        case 'cisco':
-        $calledstationid = $clientmac;
-        $callingstationid = $clientip;
-        break;
-
-        default:
-	$calledstationid = getNasIP();
-        $callingstationid = $clientmac;
-	break;
-    }
-
-    // Create our instance, see if we should use Accounting Interim Updates or Accounting STOP messages
-    if ($interimupdate)
-        $racct = new Auth_RADIUS_Acct_Update;
-    else
-        $racct = new Auth_RADIUS_Acct_Stop;
-
-    /*
-    Add support for more then one radiusserver.
-    At most 10 servers may be specified.
-    When multiple servers are given, they are tried in round-robin fashion until a valid response is received
-    */
-    foreach ($radiusservers as $radsrv) {
-        // Add a new server to our instance
-        $racct->addServer($radsrv['ipaddr'], $radsrv['acctport'], $radsrv['key']);
-    }
-
-    // See RADIUS_ACCOUNTING_START for info
-    $racct->authentic = RADIUS_AUTH_RADIUS;
-
-    // Construct data package
-    $racct->username = $username;
-    // Set session_time
-    $racct->session_time = $session_time;
-
-    if (PEAR::isError($racct->start())) {
-        $retvalue['acct_val'] = 1;
-        $retvalue['error'] = $racct->getMessage();
-
-        // If we encounter an error immediately stop this function and go back
-        $racct->close();
-        return $retvalue;
-    }
-
-    // The RADIUS PECL Package doesn't have this vars so we create them ourself
-    define("RADIUS_ACCT_INPUT_GIGAWORDS", "52");
-    define("RADIUS_ACCT_OUTPUT_GIGAWORDS", "53");
-
-    // Default attributes
-    $racct->putAttribute(RADIUS_NAS_PORT_TYPE, RADIUS_ETHERNET);
-    $racct->putAttribute(RADIUS_NAS_PORT, $nas_port, 'integer');
-    $racct->putAttribute(RADIUS_ACCT_SESSION_ID, $sessionid);
-
-    // Extra data to identify the client and nas
-    $racct->putAttribute(RADIUS_FRAMED_IP_ADDRESS, $clientip, "addr");
-    $racct->putAttribute(RADIUS_CALLED_STATION_ID, $calledstationid);
-    $racct->putAttribute(RADIUS_CALLING_STATION_ID, $callingstationid);
-
-    // Volume stuff: Ingress
-    $racct->putAttribute(RADIUS_ACCT_INPUT_PACKETS, $volume['input_pkts'], "integer");
-    $racct->putAttribute(RADIUS_ACCT_INPUT_OCTETS, $volume['input_bytes_radius'], "integer");
-    $racct->putAttribute(RADIUS_ACCT_INPUT_GIGAWORDS, $volume['input_gigawords'], "integer");
-    // Volume stuff: Outgress
-    $racct->putAttribute(RADIUS_ACCT_OUTPUT_PACKETS, $volume['output_pkts'], "integer");
-    $racct->putAttribute(RADIUS_ACCT_OUTPUT_OCTETS, $volume['output_bytes_radius'], "integer");
-    $racct->putAttribute(RADIUS_ACCT_OUTPUT_GIGAWORDS, $volume['output_gigawords'], "integer");
-	$racct->putAttribute(RADIUS_ACCT_SESSION_TIME, $session_time, "integer");
-
-    if (!$interimupdate)
-        $racct->putAttribute(RADIUS_ACCT_TERMINATE_CAUSE, $term_cause);
-
-    // Send request
-    $result = $racct->send();
-
-    // Evaluation of the response
-    // 5 -> Accounting-Response
-    // See RFC2866 for this.
-    if (PEAR::isError($result)) {
-        $retvalue['acct_val'] = 1;
-        $retvalue['error'] = $result->getMessage();
-
-    } else if ($result === true) {
-        $retvalue['acct_val'] = 5 ;
-
-    } else {
-        $retvalue['acct_val'] = 1 ;
-
-    }
-
-    // close OO RADIUS_ACCOUNTING
-    $racct->close();
-
-    return $retvalue;
-
-}
-
-
-/**
- * Radius Volume Helpers
- *
- */
-
-function gigawords($bytes) {
-
-
-    /*
-     * RFC2866 Specifies a 32bit unsigned integer, which is a max of 4294967295
-     * Currently there is a fault in the PECL radius_put_int function which can handle only 32bit signed integer.
-     */
-
-    // We use BCMath functions since normal integers don't work with so large numbers
-    $gigawords = bcdiv( bcsub( $bytes, remainder($bytes) ) , GIGAWORDS_RIGHT_OPERAND) ;
-
-    // We need to manually set this to a zero instead of NULL for put_int() safety
-    if (is_null($gigawords)) {
-        $gigawords = 0;
-    }
-
-    return $gigawords;
-
-}
-
-function remainder($bytes) {
-
-    // Calculate the bytes we are going to send to the radius
-    $bytes = bcmod($bytes, GIGAWORDS_RIGHT_OPERAND);
-
-    if (is_null($bytes)) {
-        $bytes = 0;
-    }
-
-
-    return $bytes;
-
-}
-
-?>
--- a/src/etc/inc/captiveportal.radius_authentication.inc
+++ b/src/etc/inc/captiveportal.radius_authentication.inc
-<?php
-
-/*
-    Copyright (c) 2006, Jonathan De Graeve <jonathan.de.graeve@imelda.be>
-    All rights reserved.
-
-    Redistribution and use in source and binary forms, with or without
-    modification, are permitted provided that the following conditions
-    are met:
-
-    1. Redistributions of source code must retain the above copyright
-       notice, this list of conditions and the following disclaimer.
-    2. Redistributions in binary form must reproduce the above copyright
-       notice, this list of conditions and the following disclaimer in the
-       documentation and/or other materials provided with the distribution.
-    3. The names of the authors may not be used to endorse or promote products
-       derived from this software without specific prior written permission.
-
-    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-    ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-    WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-    IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
-    INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-    BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-    DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
-    OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-    NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
-    EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-    This code cannot simply be copied and put under the GNU Public License or
-    any other GPL-like (LGPL, GPL2) License.
-
-    This code is made possible thx to samples made by Michael Bretterklieber <michael@bretterklieber.com>
-    author of the PHP PECL Radius package
-
-*/
-
-/*
-RADIUS AUTHENTICATION
---------------------
-*/
-
-require_once("captiveportal.CHAP.inc");
-
-function RADIUS_AUTHENTICATION($username,$password,$radiusservers,$clientip,$clientmac,$ruleno) {
-
-    global $config, $cpzone;
-
-    $retvalue = array();
-    $clientmac = mac_format($clientmac);
-    $nas_port = $ruleno;
-    $radiusvendor = $config['captiveportal'][$cpzone]['radiusvendor'] ? $config['captiveportal'][$cpzone]['radiusvendor'] : null;
-    $radius_protocol = $config['captiveportal'][$cpzone]['radius_protocol'];
-    // Do we even need to set it to NULL?
-    $retvalue['error'] = $retvalue['reply_message'] = $retvalue['url_redirection'] = $retvalue['session_timeout'] = null;
-    $retvalue['idle_timeout'] = $retvalue['session_terminate_time'] = $retvalue['interim_interval'] = null;
-
-    switch($radiusvendor) {
-
-        case 'cisco':
-		$calledstationid = $clientmac;
-		$callingstationid = $clientip;
-		break;
-        default:
-		$calledstationid = getNasIP();
-		$callingstationid = $clientmac;
-		break;
-    }
-
-    // Create our instance
-    $classname = 'Auth_RADIUS_' . $radius_protocol;
-    $rauth = new $classname($username, $password);
-
-    /*
-     * Add support for more then one radiusserver.
-     * At most 10 servers may be specified.
-     * When multiple servers are given, they are tried in round-robin fashion until a valid response is received
-     */
-    foreach ($radiusservers as $radsrv) {
-        // Add a new server to our instance
-        $rauth->addServer($radsrv['ipaddr'], $radsrv['port'], $radsrv['key']);
-
-    }
-
-    // Construct data package
-    $rauth->username = $username;
-    switch ($radius_protocol) {
-        case 'CHAP_MD5':
-        case 'MSCHAPv1':
-            $classname = $radius_protocol == 'MSCHAPv1' ? 'Crypt_CHAP_MSv1' : 'Crypt_CHAP_MD5';
-            $crpt = new $classname;
-            $crpt->username = $username;
-            $crpt->password = $password;
-            $rauth->challenge = $crpt->challenge;
-            $rauth->chapid = $crpt->chapid;
-            $rauth->response = $crpt->challengeResponse();
-            $rauth->flags = 1;
-            // If you must use deprecated and weak LAN-Manager-Responses use this:
-            //$rauth->lmResponse = $crpt->lmChallengeResponse();
-            //$rauth->flags = 0;
-            break;
-
-        case 'MSCHAPv2':
-            // Construct data package
-            $crpt = new Crypt_CHAP_MSv2;
-            $crpt->username = $username;
-            $crpt->password = $password;
-            $rauth->challenge = $crpt->authChallenge;
-            $rauth->peerChallenge = $crpt->peerChallenge;
-            $rauth->chapid = $crpt->chapid;
-            $rauth->response = $crpt->challengeResponse();
-            break;
-
-        default:
-            $rauth->password = $password;
-            break;
-    }
-
-    if (PEAR::isError($rauth->start())) {
-        $retvalue['auth_val'] = 1;
-        $retvalue['error'] = $rauth->getError();
-
-        // If we encounter an error immediately stop this function and go back
-        $rauth->close();
-        return $retvalue;
-    }
-
-    // Default attributes
-    $rauth->putAttribute(RADIUS_SERVICE_TYPE, RADIUS_LOGIN);
-    $rauth->putAttribute(RADIUS_NAS_PORT_TYPE, RADIUS_ETHERNET);
-    $rauth->putAttribute(RADIUS_NAS_PORT, $nas_port, 'integer');
-
-    // Extra data to identify the client and nas
-    $rauth->putAttribute(RADIUS_FRAMED_IP_ADDRESS, $clientip, addr);
-    $rauth->putAttribute(RADIUS_CALLED_STATION_ID, $calledstationid);
-    $rauth->putAttribute(RADIUS_CALLING_STATION_ID, $callingstationid);
-
-    // Send request
-    $result = $rauth->send();
-
-    // Evaluation of the response
-    // 1 -> Access-Request => We will use this value as an error indicator since we can't get a 1 back from the radius
-    // 2 -> Access-Accept
-    // 3 -> Access-Reject
-    // See RFC2865 for this.
-    if (PEAR::isError($result)) {
-        $retvalue['auth_val'] = 1;
-        $retvalue['error'] = $result->getMessage();
-
-    } else if ($result === true) {
-        $retvalue['auth_val'] = 2;
-
-    } else {
-        $retvalue['auth_val'] = 3;
-
-    }
-
-    // Get attributes, even if auth failed.
-    // We will push the results in the retvalue array
-    if (!$rauth->getAttributes()) {
-        $retvalue['error'] = $rauth->getError();
-
-    } else {
-        $retvalue = array_merge($retvalue,$rauth->listAttributes());
-
-        // We convert the session_terminate_time to unixtimestamp if its set before returning the whole array to our caller
-        if (!empty($retvalue['session_terminate_time'])) {
-        $stt = &$retvalue['session_terminate_time'];
-        $stt = strtotime(preg_replace("/\+(\d+):(\d+)$/", " +\${1}\${2}", preg_replace("/(\d+)T(\d+)/", "\${1} \${2}",$stt)));
-         }
-    }
-
-    // close OO RADIUS_AUTHENTICATION
-    $rauth->close();
-    unset($rauth);
-
-    return $retvalue;
-
-}
-
-?>
--- a/src/etc/inc/certs.inc
+++ b/src/etc/inc/certs.inc
@@ -475,30 +475,12 @@ function is_webgui_cert($certref)
 		$config['system']['webgui']['protocol'] != 'http';
 }

-function is_captiveportal_cert($certref)
-{
-	global $config;
-
-	if (!isset($config['captiveportal'])) {
-		return;
-	}
-
-	foreach ($config['captiveportal'] as $portal) {
-		if (isset($portal['enable']) && isset($portal['httpslogin']) && ($portal['certref'] == $certref)) {
-			return true;
-		}
-	}
-
-	return false;
-}
-
 function cert_in_use($certref) {
 	return (is_webgui_cert($certref) ||
 		is_user_cert($certref) ||
 		is_openvpn_server_cert($certref) ||
 		is_openvpn_client_cert($certref) ||
-		is_ipsec_cert($certref) ||
-		is_captiveportal_cert($certref));
+		is_ipsec_cert($certref));
 }

 function crl_update(& $crl) {

--- a/src/etc/inc/interfaces.inc
+++ b/src/etc/inc/interfaces.inc
@@ -3120,10 +3120,6 @@ function interface_configure($interface = 'wan', $reloadall = false, $linkupeven

 			/* update dyndns */
 			configd_run("dyndns reload {$interface}");
-
-			/* XXX: which CPZONE? Needed? */
-			/* reload captive portal */
-			captiveportal_init_rules();
 		}
 	}

@@ -5412,3 +5408,21 @@ function get_ppp_uptime($port){
 		return $total_time;
 	}
 }
+
+/**
+ * Get the NAS-IP-Address based on the current wan address
+ *
+ * Use functions in interfaces.inc to find this out
+ *
+ */
+
+function getNasIP()
+{
+    $nasIp = get_interface_ip();
+
+    if (!is_ipaddr($nasIp)) {
+        $nasIp = '0.0.0.0';
+    }
+
+    return $nasIp;
+}
--- a/src/etc/inc/ipsec.auth-user.php
+++ b/src/etc/inc/ipsec.auth-user.php
@@ -201,21 +201,6 @@ if (!function_exists("getNasID")) {
    }
 }

-/**
- * Get the NAS-IP-Address based on the current wan address
- *
- * Use functions in interfaces.inc to find this out
- *
- */
-if (!function_exists("getNasIP")) {
-    function getNasIP()
-    {
-        $nasIp = get_interface_ip();
-        if(!$nasIp)
-            $nasIp = "0.0.0.0";
-        return $nasIp;
-    }
-}
 /* setup syslog logging */
 openlog("charon", LOG_ODELAY, LOG_AUTH);


--- a/src/etc/inc/openvpn.auth-user.php
+++ b/src/etc/inc/openvpn.auth-user.php
@@ -198,21 +198,6 @@ function getNasID()
 }
 }

-/**
- * Get the NAS-IP-Address based on the current wan address
- *
- * Use functions in interfaces.inc to find this out
- *
- */
-if (!function_exists("getNasIP")) {
-function getNasIP()
-{
-    $nasIp = get_interface_ip();
-    if(!$nasIp)
-        $nasIp = "0.0.0.0";
-    return $nasIp;
-}
-}
 /* setup syslog logging */
 openlog("openvpn", LOG_ODELAY, LOG_AUTH);


--- a/src/etc/inc/radius.inc
+++ b/src/etc/inc/radius.inc
@@ -288,22 +288,15 @@ class Auth_RADIUS extends PEAR {
     */
    function putStandardAttributes()
    {
-        global $config, $cpzone;
+        global $config;
+
+        $ipaddr = getNasIP();

-        if (!function_exists("getNasIp")) {
-            $ipaddr = "0.0.0.0";
-        } else {
-            $ipaddr = getNasIP();
-        }
        // Add support for sending NAS-IP-Address, set this explicitly as an ip_addr
        $this->putAttribute(RADIUS_NAS_IP_ADDRESS, $ipaddr, "addr");

        // Add support for sending NAS-Identifier
-        if (empty($config["captiveportal"][$cpzone]["radiusnasid"])) {
-            $nasId = php_uname("n");
-        } else {
-            $nasId = $config["captiveportal"][$cpzone]["radiusnasid"];
-        }
+        $nasId = php_uname("n");
        $this->putAttribute(RADIUS_NAS_IDENTIFIER, $nasId);
    }


--- a/src/etc/inc/rrd.inc
+++ b/src/etc/inc/rrd.inc
@@ -97,8 +97,6 @@ function enable_rrd_graphing()
 	$mbuf = "-mbuf.rrd";
 	$cellular = "-cellular.rrd";
 	$vpnusers = "-vpnusers.rrd";
-	$captiveportalconcurrent = "-concurrent.rrd";
-	$captiveportalloggedin = "-loggedin.rrd";
 	$ntpd = "ntpd.rrd";

 	$rrdtool = "/usr/local/bin/rrdtool";
@@ -110,7 +108,6 @@ function enable_rrd_graphing()
 	$php = "/usr/local/bin/php";
 	$cpustats = "/usr/local/sbin/cpustats";
 	$ifconfig = "/sbin/ifconfig";
-	$captiveportal_gather = "/usr/local/sbin/captiveportal_gather_stats.php";
 	$ntpq = "/usr/local/sbin/ntpq";

 	$rrdtrafficinterval = 60;
@@ -123,7 +120,6 @@ function enable_rrd_graphing()
 	$rrdmbufinterval = 60;
 	$rrdcellularinterval = 60;
 	$rrdvpninterval = 60;
-	$rrdcaptiveportalinterval = 60;
 	$rrdntpdinterval = 60;

 	$trafficvalid = $rrdtrafficinterval * 2;
@@ -136,7 +132,6 @@ function enable_rrd_graphing()
 	$mbufvalid = $rrdmbufinterval * 2;
 	$cellularvalid = $rrdcellularinterval * 2;
 	$vpnvalid = $rrdvpninterval * 2;
-	$captiveportalvalid = $rrdcaptiveportalinterval * 2;
 	$ntpdvalid = $rrdntpdinterval * 2;

 	/* Assume 2*10GigE for now */
@@ -486,94 +481,10 @@ function enable_rrd_graphing()
 		$rrdupdatesh .= "MBUF=`$netstat -m | ";
 		$rrdupdatesh .= " $awk '/mbuf clusters in use/ { gsub(/\//, \":\", $1); print $1; }'`\n";
 		$rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$mbuf N:\${MBUF}\n";
-
 		/* End mbuf statistics */

 		/* End System statistics */

-		/* Captive Portal statistics, set up the rrd file */
-		if(is_array($config['captiveportal'])) {
-			foreach ($config['captiveportal'] as $cpkey => $cp) {
-				if (!isset($cp['enable']))
-					continue;
-
-				$ifname= "captiveportal";
-				$concurrent_filename = $rrddbpath . $ifname . '-' . $cpkey . $captiveportalconcurrent;
-				if (!file_exists("$concurrent_filename")) {
-					$rrdcreate = "$rrdtool create $concurrent_filename --step $rrdcaptiveportalinterval ";
-					$rrdcreate .= "DS:concurrentusers:GAUGE:$captiveportalvalid:0:10000 ";
-					$rrdcreate .= "RRA:AVERAGE:0.5:1:1200 ";
-					$rrdcreate .= "RRA:AVERAGE:0.5:5:720 ";
-					$rrdcreate .= "RRA:AVERAGE:0.5:60:1860 ";
-					$rrdcreate .= "RRA:AVERAGE:0.5:1440:2284 ";
-					$rrdcreate .= "RRA:MIN:0.5:1:1200 ";
-					$rrdcreate .= "RRA:MIN:0.5:5:720 ";
-					$rrdcreate .= "RRA:MIN:0.5:60:1860 ";
-					$rrdcreate .= "RRA:MIN:0.5:1440:2284 ";
-					$rrdcreate .= "RRA:MAX:0.5:1:1200 ";
-					$rrdcreate .= "RRA:MAX:0.5:5:720 ";
-					$rrdcreate .= "RRA:MAX:0.5:60:1860 ";
-					$rrdcreate .= "RRA:MAX:0.5:1440:2284 ";
-					$rrdcreate .= "RRA:LAST:0.5:1:1200 ";
-					$rrdcreate .= "RRA:LAST:0.5:5:720 ";
-					$rrdcreate .= "RRA:LAST:0.5:60:1860 ";
-					$rrdcreate .= "RRA:LAST:0.5:1440:2284 ";
-
-					create_new_rrd($rrdcreate);
-					unset($rrdcreate);
-				}
-
-				/* enter UNKNOWN values in the RRD so it knows we rebooted. */
-				if(file_exists("/var/run/booting")) {
-					mwexec("$rrdtool update $concurrent_filename N:U");
-				}
-
-				/* the Captive Portal stats gathering function. */
-				$rrdupdatesh .= "\n";
-				$rrdupdatesh .= "# polling Captive Portal for number of concurrent users\n";
-				$rrdupdatesh .= "CP=`${php} -q ${captiveportal_gather} '${cpkey}' 'concurrent'`\n";
-				$rrdupdatesh .= "$rrdtool update $concurrent_filename \${CP}\n";
-
-				$loggedin_filename = $rrddbpath . $ifname . '-' . $cpkey . $captiveportalloggedin;
-				if (!file_exists("$loggedin_filename")) {
-					$rrdcreate = "$rrdtool create $loggedin_filename --step $rrdcaptiveportalinterval ";
-					$rrdcreate .= "DS:loggedinusers:GAUGE:$captiveportalvalid:0:10000 ";
-					$rrdcreate .= "RRA:AVERAGE:0.5:1:1200 ";
-					$rrdcreate .= "RRA:AVERAGE:0.5:5:720 ";
-					$rrdcreate .= "RRA:AVERAGE:0.5:60:1860 ";
-					$rrdcreate .= "RRA:AVERAGE:0.5:1440:2284 ";
-					$rrdcreate .= "RRA:MIN:0.5:1:1200 ";
-					$rrdcreate .= "RRA:MIN:0.5:5:720 ";
-					$rrdcreate .= "RRA:MIN:0.5:60:1860 ";
-					$rrdcreate .= "RRA:MIN:0.5:1440:2284 ";
-					$rrdcreate .= "RRA:MAX:0.5:1:1200 ";
-					$rrdcreate .= "RRA:MAX:0.5:5:720 ";
-					$rrdcreate .= "RRA:MAX:0.5:60:1860 ";
-					$rrdcreate .= "RRA:MAX:0.5:1440:2284 ";
-					$rrdcreate .= "RRA:LAST:0.5:1:1200 ";
-					$rrdcreate .= "RRA:LAST:0.5:5:720 ";
-					$rrdcreate .= "RRA:LAST:0.5:60:1860 ";
-					$rrdcreate .= "RRA:LAST:0.5:1440:2284 ";
-
-					create_new_rrd($rrdcreate);
-					unset($rrdcreate);
-				}
-
-				/* enter UNKNOWN values in the RRD so it knows we rebooted. */
-				if(file_exists("/var/run/booting")) {
-					mwexec("$rrdtool update $loggedin_filename N:U");
-				}
-
-				/* the Captive Portal stats gathering function. */
-				$rrdupdatesh .= "\n";
-				$rrdupdatesh .= "# polling Captive Portal for number of logged in users\n";
-				$rrdupdatesh .= "CP=`${php} -q ${captiveportal_gather} '${cpkey}' 'loggedin'`\n";
-				$rrdupdatesh .= "$rrdtool update $loggedin_filename \${CP}\n";
-
-			}
-		}
-		/* End Captive Portal statistics */
-
 		/* NTP, set up the ntpd rrd file */
 		if (isset($config['ntpd']['statsgraph'])) {
 			/* set up the ntpd rrd file */

--- a/src/etc/inc/system.inc
+++ b/src/etc/inc/system.inc
@@ -1025,32 +1025,13 @@ function system_generate_lighty_config(
 	$port = 80,
 	$document_root = '/usr/local/www/',
 	$cert_location = 'cert.pem',
-	$ca_location = 'ca.pem',
-	$captive_portal = false)
+	$ca_location = 'ca.pem')
 {
 	global $config;

 	@mkdir('/tmp/lighttpdcompress');

-	if ($captive_portal !== false)  {
-		$captiveportal = ',"mod_evasive"';
-		$http_rewrite_rules = "url.rewrite-once = ( \"(.*captiveportal.*)\" => \"$1\", \"(.*)\" => \"/index.php?zone={$captive_portal}&redirurl=$1\" )\n";
-
-		if (!isset($config['captiveportal'][$captive_portal]['maxprocperip']) || empty($config['captiveportal'][$captive_portal]['maxprocperip'])) {
-			$maxprocperip = 10;
-		} else {
-			$maxprocperip = $config['captiveportal'][$captive_portal]['maxprocperip'];
-		}
-
-		$captive_portal_mod_evasive = "evasive.max-conns-per-ip = {$maxprocperip}";
-
-		$server_upload_dirs = "server.upload-dirs = ( \"/tmp/captiveportal/\" )\n";
-		@mkdir('/tmp/captiveportal', 0555);
-		$server_max_request_size = "server.max-request-size    = 384";
-		$cgi_config = "";
-	} else {
-		$captiveportal = ",\"mod_cgi\"";
-		$http_rewrite_rules = <<<EOD
+	$http_rewrite_rules = <<<EOD
 # Phalcon ui and api routing
 alias.url += ( "/ui/" => "/usr/local/opnsense/www/" )
 alias.url += ( "/api/"  => "/usr/local/opnsense/www/" )
@@ -1059,11 +1040,9 @@ url.rewrite-if-not-file = ( "^/ui/(.*)$" => "/ui/index.php?_url=/$1" ,
 )

 EOD;
-		$captive_portal_mod_evasive = "";
-		$server_upload_dirs = "server.upload-dirs = ( \"/root/\", \"/tmp/\", \"/var/\" )\n";
-		$server_max_request_size = "server.max-request-size    = 2097152";
-		$cgi_config = "cgi.assign                 = ( \".cgi\" => \"\" )";
-	}
+	$server_upload_dirs = "server.upload-dirs = ( \"/root/\", \"/tmp/\", \"/var/\" )\n";
+	$server_max_request_size = "server.max-request-size    = 2097152";
+	$cgi_config = "cgi.assign                 = ( \".cgi\" => \"\" )";

 	if (empty($port))
 		$lighty_port = "80";
@@ -1079,26 +1058,10 @@ EOD;
 	else
 		$max_procs = ($config['system']['webgui']['max_procs']) ? $config['system']['webgui']['max_procs'] : 2;

-	// Ramp up captive portal max procs, assuming each PHP process can consume up to 64MB RAM
-	if ($captive_portal !== false)  {
-		if ($realmem > 135 and $realmem < 256) {
-			$max_procs += 1; // 2 worker processes
-		} else if ($realmem > 255 and $realmem < 513) {
-			$max_procs += 2; // 3 worker processes
-		} else if ($realmem > 512) {
-			$max_procs += 4; // 6 worker processes
-		}
-		if ($max_procs > 1)
-			$max_php_children = intval($max_procs/2);
-		else
-			$max_php_children = 1;
-
-	} else {
-		if ($realmem < 78)
-			$max_php_children = 0;
-		else
-			$max_php_children = 1;
-	}
+	if ($realmem < 78)
+		$max_php_children = 0;
+	else
+		$max_php_children = 1;

 	if(!isset($config['syslog']['nologlighttpd'])) {
 		$lighty_use_syslog = <<<EOD
@@ -1107,11 +1070,7 @@ server.errorlog-use-syslog="enable"
 EOD;
 	}

-        if ($captive_portal !== false) {
-                $fast_cgi_path = "/tmp/php-fastcgi-{$captive_portal}.socket";
-        } else {
-                $fast_cgi_path = "/tmp/php-fastcgi.socket";
-	}
+	$fast_cgi_path = "/tmp/php-fastcgi.socket";

 	$fastcgi_config = <<<EOD
 #### fastcgi module
@@ -1147,7 +1106,7 @@ server.network-backend	= "writev"

 ## modules to load
 server.modules              =   ( "mod_access", "mod_expire", "mod_compress", "mod_redirect",
-	{$captiveportal}, "mod_fastcgi","mod_alias", "mod_rewrite"
+	"mod_cgi", "mod_fastcgi","mod_alias", "mod_rewrite"
 )

 server.max-keep-alive-requests = 15
@@ -1285,8 +1244,6 @@ compress.filetype  = ("text/plain","text/css", "text/xml", "text/javascript" )

 {$cgi_config}

-{$captive_portal_mod_evasive}
-
 expire.url = (
 				"" => "access 50 hours",
        )
@@ -1337,7 +1294,7 @@ EOD;
 	}

 	// Add HTTP to HTTPS redirect
-	if ($captive_portal === false && $config['system']['webgui']['protocol'] == "https" && !isset($config['system']['webgui']['disablehttpredirect'])) {
+	if ($config['system']['webgui']['protocol'] == "https" && !isset($config['system']['webgui']['disablehttpredirect'])) {
 		if($lighty_port != "443") {
 			$redirectport = ":{$lighty_port}";
 		} else {

--- a/src/etc/inc/util.inc
+++ b/src/etc/inc/util.inc
@@ -1059,36 +1059,11 @@ function ip_in_subnet($addr,$subnet) {
 	}
 }

-
-
-function mac_format($clientmac) {
-	global $config, $cpzone;
-
-	$mac = explode(":", $clientmac);
-	$mac_format = $cpzone ? $config['captiveportal'][$cpzone]['radmac_format'] : false;
-
-	switch($mac_format) {
-	case 'singledash':
-		return "$mac[0]$mac[1]$mac[2]-$mac[3]$mac[4]$mac[5]";
-
-	case 'ietf':
-		return "$mac[0]-$mac[1]-$mac[2]-$mac[3]-$mac[4]-$mac[5]";
-
-	case 'cisco':
-		return "$mac[0]$mac[1].$mac[2]$mac[3].$mac[4]$mac[5]";
-
-	case 'unformatted':
-		return "$mac[0]$mac[1]$mac[2]$mac[3]$mac[4]$mac[5]";
-
-	default:
-		return $clientmac;
-	}
-}
-
-function resolve_retry($hostname, $retries = 5) {
-
-	if (is_ipaddr($hostname))
+function resolve_retry($hostname, $retries = 5)
+{
+	if (is_ipaddr($hostname)) {
 		return $hostname;
+	}

 	for ($i = 0; $i < $retries; $i++) {
 		// FIXME: gethostbyname does not work for AAAA hostnames, boo, hiss

--- a/src/etc/inc/voucher.inc
+++ b/src/etc/inc/voucher.inc
--- a/src/etc/rc.backup_captiveportal
+++ b/src/etc/rc.backup_captiveportal
-#!/usr/local/bin/php
-<?php
-
-/*
-	Copyright (C) 2007 Marcel Wiget <mwiget@mac.com>.
-	All rights reserved.
-
-	Redistribution and use in source and binary forms, with or without
-	modification, are permitted provided that the following conditions are met:
-
-	1. Redistributions of source code must retain the above copyright notice,
-	   this list of conditions and the following disclaimer.
-
-	2. Redistributions in binary form must reproduce the above copyright
-	   notice, this list of conditions and the following disclaimer in the
-	   documentation and/or other materials provided with the distribution.
-
-	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
-	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-	POSSIBILITY OF SUCH DAMAGE.
-*/
-
-require_once("config.inc");
-require_once("interfaces.inc");
-require_once("util.inc");
-require_once("filter.inc");
-require_once("captiveportal.inc");
-
-global $config, $cpzone;
-
-if (isset($config['captiveportal'])) {
-	foreach ($config['captiveportal'] as $cpzone => $cp) {
-		captiveportal_radius_stop_all();
-		captiveportal_send_server_accounting(true);
-	}
-}
-
-voucher_save_db_to_config();
--- a/src/etc/rc.bootup
+++ b/src/etc/rc.bootup
@@ -137,8 +137,6 @@ require_once("vpn.inc");
 echo ".";
 require_once("openvpn.inc");
 echo ".";
-require_once("captiveportal.inc");
-echo ".";
 require_once("rrd.inc");
 echo ".";
 echo " done.\n";
@@ -306,12 +304,6 @@ filter_configure_sync();
 /* setup pppoe and pptp */
 vpn_setup();

-/* start the captive portal */
-captiveportal_configure();
-
-/* start Voucher support */
-echo 'Enabling voucher support...' . (voucher_configure(true) ? 'done.' : 'failed.') . PHP_EOL;
-
 /* start IPsec tunnels */
 $ipsec_dynamic_hosts = vpn_ipsec_configure();


--- a/src/etc/rc.filter_synchronize
+++ b/src/etc/rc.filter_synchronize
@@ -355,10 +355,6 @@ if (is_array($config['hasync'])) {
 			$config['schedules'] = array();
 		$sections[] = 'schedules';
 	}
-	if (isset($hasync['synchronizecaptiveportal']) && isset($config['captiveportal']) && is_array($config['captiveportal']))
-		$sections[] = 'captiveportal';
-	if (isset($hasync['synchronizecaptiveportal']) && isset($config['vouchers']) &&  is_array($config['vouchers']))
-		$sections[] = 'vouchers';

 	if (count($sections) <= 0) {
 		log_error("Nothing has been configured to be synched. Skipping....");

--- a/src/etc/rc.initial.setports
+++ b/src/etc/rc.initial.setports
@@ -33,7 +33,6 @@ require_once("config.console.inc");
 require_once("filter.inc");
 require_once("util.inc");
 require_once("vpn.inc");
-require_once("captiveportal.inc");
 require_once("rrd.inc");
 require_once("system.inc");
 require_once("services.inc");

--- a/src/etc/rc.linkup
+++ b/src/etc/rc.linkup
@@ -85,7 +85,6 @@ function handle_argument_group($iface, $argument2) {
 			log_error("DEVD Ethernet attached event for {$iface}");
 			log_error("HOTPLUG: Configuring interface {$iface}");
 			require_once("vpn.inc");
-			require_once("captiveportal.inc");
 			// Do not try to readd to bridge otherwise em(4) has problems
 			interface_configure($iface, true, true);
 			break;

--- a/src/etc/rc.prunecaptiveportal
+++ b/src/etc/rc.prunecaptiveportal
-#!/usr/local/bin/php
-<?php
-
-/*
-	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
-	All rights reserved.
-
-	Redistribution and use in source and binary forms, with or without
-	modification, are permitted provided that the following conditions are met:
-
-	1. Redistributions of source code must retain the above copyright notice,
-	   this list of conditions and the following disclaimer.
-
-	2. Redistributions in binary form must reproduce the above copyright
-	   notice, this list of conditions and the following disclaimer in the
-	   documentation and/or other materials provided with the distribution.
-
-	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
-	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-	POSSIBILITY OF SUCH DAMAGE.
-*/
-
-require_once("config.inc");
-require_once("interfaces.inc");
-require_once("filter.inc");
-require_once("captiveportal.inc");
-require_once("util.inc");
-
-global $g;
-global $cpzone;
-global $cpzoneid;
-
-$cpzone = str_replace("\n", "", $argv[1]);
-
-if (!is_array($config['captiveportal'][$cpzone])) {
-	log_error("{$cpzone} is not a valid zone in the configuration!");
-	return;
-}
-
-$cpzoneid = $config['captiveportal'][$cpzone]['zoneid'];
-
-if (file_exists('/tmp/.rc.prunecaptiveportal.running')) {
-	$stat = stat('/tmp/.rc.prunecaptiveportal.running');
-	if (time() - $stat['mtime'] >= 120) {
-		@unlink('/tmp/.rc.prunecaptiveportal.running');
-	} else {
-		log_error("Skipping CP prunning process because previous/another instance is already running");
-		return;
-	}
-}
-
-@file_put_contents('/tmp/.rc.prunecaptiveportal.running', '');
-
-captiveportal_prune_old();
-
-@unlink('/tmp/.rc.prunecaptiveportal.running');
--- a/src/etc/rc.reload_all
+++ b/src/etc/rc.reload_all
@@ -32,7 +32,6 @@ require_once("interfaces.inc");
 require_once("openvpn.inc");
 require_once("filter.inc");
 require_once("vpn.inc");
-require_once("captiveportal.inc");
 require_once("util.inc");
 require_once("system.inc");
 require_once("pfsense-utils.inc");

--- a/src/etc/rc.reload_interfaces
+++ b/src/etc/rc.reload_interfaces
@@ -32,7 +32,6 @@ require_once("filter.inc");
 require_once("util.inc");
 require_once("openvpn.inc");
 require_once("vpn.inc");
-require_once("captiveportal.inc");
 require_once("system.inc");
 require_once("interfaces.inc");
 require_once("openvpn.inc");
@@ -43,5 +42,3 @@ require_once("unbound.inc");
 system_routing_enable();
 interfaces_configure();
 filter_configure_sync();
-/* XXX: needs fixing */
-//ovpn_config_server("pfreload");
--- a/src/etc/rc.restart_webgui
+++ b/src/etc/rc.restart_webgui
@@ -3,7 +3,6 @@

 require_once('config.inc');
 require_once('interfaces.inc');
-require_once('captiveportal.inc');
 require_once('rrd.inc');
 require_once('util.inc');
 require_once('system.inc');
@@ -31,7 +30,6 @@ while (is_process_running('lighttpd')) {
 }

 system_webgui_start();
-captiveportal_init_webgui();
 enable_rrd_graphing();

 echo 'done.' . PHP_EOL;
--- a/src/opnsense/mvc/app/models/OPNsense/Base/Menu/Menu.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/Base/Menu/Menu.xml
@@ -168,15 +168,7 @@
        </Diagnostics>
    </Firewall>
    <Services order="4" cssClass="glyphicon glyphicon-cog">
-        <CaptivePortal VisibleName="Captive Portal" url="/services_captiveportal_zones.php">
-            <Edit url="/services_captiveportal.php?zone=*"/>
-            <IP url="/services_captiveportal_ip.php?zone=*"/>
-            <IP_edit url="/services_captiveportal_ip_edit.php?zone=*"/>
-            <MAC url="/services_captiveportal_mac.php?zone=*"/>
-            <MAC_edit url="/services_captiveportal_mac_edit.php?zone=*"/>
-            <Voucher url="/services_captiveportal_vouchers.php?zone=*"/>
-            <FileManager url="/services_captiveportal_filemanager.php?zone=*"/>
-        </CaptivePortal>
+        <CaptivePortal VisibleName="Captive Portal" url="/ui/captiveportal/" cssClass="fa fa-paper-plane-o"/>
        <DHCPRelay VisibleName="DHCP Relay" url="/services_dhcp_relay.php"/>
        <DHCPServer VisibleName="DHCP Server" url="/services_dhcp.php">
            <DHCPServerTab url="/services_dhcp.php?if=*"/>
@@ -279,9 +271,6 @@
        </PPTP>
    </VPN>
    <Status order="6" cssClass="glyphicon glyphicon-tasks">
-        <CaptivePortal VisibleName="Captive Portal" url="/status_captiveportal.php">
-            <CaptivePortalDetails url="/status_captiveportal.php?*"/>
-        </CaptivePortal>
        <DHCPLeases VisibleName="DHCP IPv4 Leases" url="/status_dhcp_leases.php">
            <DHCPLeasesDetails url="/status_dhcp_leases.php?*"/>
        </DHCPLeases>

--- a/src/opnsense/mvc/app/models/OPNsense/CaptivePortal/CPClient.php
+++ b/src/opnsense/mvc/app/models/OPNsense/CaptivePortal/CPClient.php
--- a/src/opnsense/mvc/app/models/OPNsense/Core/ACL_Legacy_Page_Map.json
+++ b/src/opnsense/mvc/app/models/OPNsense/Core/ACL_Legacy_Page_Map.json
@@ -3,10 +3,6 @@
        "name": "User - Config - Deny Config Write",
        "descr": "If present, ignores requests from this user to write config.xml."
    },
-    "user-services-captiveportal-login": {
-        "name": "User - Services - Captive portal login",
-        "descr": "Indicates whether the user is able to login on the captive portal."
-    },
    "user-shell-access": {
        "name": "User - System - Shell account access",
        "descr": "Indicates whether the user is able to login for example via SSH."
@@ -639,90 +635,6 @@
            "wizard.php*"
        ]
    },
-    "page-services-captiveportal": {
-        "name": "WebCfg - Services: Captive portal page",
-        "descr": "Allow access to the 'Services: Captive portal' page.",
-        "match": [
-            "services_captiveportal.php*"
-        ]
-    },
-    "page-services-captiveportal-allowedhostnames": {
-        "name": "WebCfg - Services: Captive portal: Allowed Hostnames page",
-        "descr": "Allow access to the 'Services: Captive portal: Allowed Hostnames' page.",
-        "match": [
-            "services_captiveportal_hostname.php*"
-        ]
-    },
-    "page-services-captiveportal-allowedips": {
-        "name": "WebCfg - Services: Captive portal: Allowed IPs page",
-        "descr": "Allow access to the 'Services: Captive portal: Allowed IPs' page.",
-        "match": [
-            "services_captiveportal_ip.php*"
-        ]
-    },
-    "page-services-captiveportal-editallowedhostnames": {
-        "name": "WebCfg - Services: Captive portal: Edit Allowed Hostnames page",
-        "descr": "Allow access to the 'Services: Captive portal: Allowed Hostnames' page.",
-        "match": [
-            "services_captiveportal_hostname_edit.php*"
-        ]
-    },
-    "page-services-captiveportal-editallowedips": {
-        "name": "WebCfg - Services: Captive portal: Edit Allowed IPs page",
-        "descr": "Allow access to the 'Services: Captive portal: Edit Allowed IPs' page.",
-        "match": [
-            "services_captiveportal_ip_edit.php*"
-        ]
-    },
-    "page-services-captiveportal-editmacaddresses": {
-        "name": "WebCfg - Services: Captive portal: Edit MAC Addresses page",
-        "descr": "Allow access to the 'Services: Captive portal: Edit MAC Addresses' page.",
-        "match": [
-            "services_captiveportal_mac_edit.php*"
-        ]
-    },
-    "page-services-captiveportal-voucher-edit": {
-        "name": "WebCfg - Services: Captive portal: Edit Voucher Rolls page",
-        "descr": "Allow access to the 'Services: Captive portal: Edit Voucher Rolls' page.",
-        "match": [
-            "services_captiveportal_vouchers_edit.php*"
-        ]
-    },
-    "page-services-captiveportal-editzones": {
-        "name": "WebCfg - Services: Captive portal: Edit Zones page",
-        "descr": "Allow access to the 'Services: Captive portal: Edit Zones' page.",
-        "match": [
-            "services_captiveportal_zones_edit.php*"
-        ]
-    },
-    "page-services-captiveportal-filemanager": {
-        "name": "WebCfg - Services: Captive portal: File Manager page",
-        "descr": "Allow access to the 'Services: Captive portal: File Manager' page.",
-        "match": [
-            "services_captiveportal_filemanager.php*"
-        ]
-    },
-    "page-services-captiveportal-macaddresses": {
-        "name": "WebCfg - Services: Captive portal: Mac Addresses page",
-        "descr": "Allow access to the 'Services: Captive portal: Mac Addresses' page.",
-        "match": [
-            "services_captiveportal_mac.php*"
-        ]
-    },
-    "page-services-captiveportal-vouchers": {
-        "name": "WebCfg - Services: Captive portal: Vouchers page",
-        "descr": "Allow access to the 'Services: Captive portal: Vouchers' page.",
-        "match": [
-            "services_captiveportal_vouchers.php*"
-        ]
-    },
-    "page-services-captiveportal-zones": {
-        "name": "WebCfg - Services: Captive portal: Zones page",
-        "descr": "Allow access to the 'Services: Captive portal: Zones' page.",
-        "match": [
-            "services_captiveportal_zones.php*"
-        ]
-    },
    "page-services-dhcprelay": {
        "name": "WebCfg - Services: DHCP Relay page",
        "descr": "Allow access to the 'Services: DHCP Relay' page.",
@@ -975,41 +887,6 @@
            "services_wol_edit.php*"
        ]
    },
-    "page-status-captiveportal": {
-        "name": "WebCfg - Status: Captive portal page",
-        "descr": "Allow access to the 'Status: Captive portal' page.",
-        "match": [
-            "status_captiveportal.php*"
-        ]
-    },
-    "page-status-captiveportal-expire": {
-        "name": "WebCfg - Status: Captive portal: Expire Vouchers page",
-        "descr": "Allow access to the 'Status: Captive portal: Expire Vouchers' page.",
-        "match": [
-            "status_captiveportal_expire.php*"
-        ]
-    },
-    "page-status-captiveportal-test": {
-        "name": "WebCfg - Status: Captive portal: Test Vouchers page",
-        "descr": "Allow access to the 'Status: Captive portal: Test Vouchers' page.",
-        "match": [
-            "status_captiveportal_test.php*"
-        ]
-    },
-    "page-status-captiveportal-voucher-rolls": {
-        "name": "WebCfg - Status: Captive portal: Voucher Rolls page",
-        "descr": "Allow access to the 'Status: Captive portal: Voucher Rolls' page.",
-        "match": [
-            "status_captiveportal_voucher_rolls.php*"
-        ]
-    },
-    "page-status-captiveportal-vouchers": {
-        "name": "WebCfg - Status: Captive portal: Vouchers page",
-        "descr": "Allow access to the 'Status: Captive portal: Vouchers' page.",
-        "match": [
-            "status_captiveportal_vouchers.php*"
-        ]
-    },
    "page-status-carp": {
        "name": "WebCfg - Status: CARP page",
        "descr": "Allow access to the 'Status: CARP' page.",

--- a/src/opnsense/mvc/script/test.php
+++ b/src/opnsense/mvc/script/test.php
-<?php
-require_once("script/load_phalcon.php");
-
-$cpc = new Captiveportal\CPClient();
-
-$acc_list = $cpc->list_accounting();
-
-print_r($acc_list);
-
-//$cpc->portal_allow("test","10.211.55.101","00:1C:42:49:B7:B2","Fritsx");
-
-//$cpc->disconnect("test",array("5489714eba263","gdsajhgadsjhg"));
-
-//$cpc->reconfigure();
-//$cpc->refresh_allowed_mac();
-//$cpc->refresh_allowed_ips();
-
-
-//$db = new Captiveportal\DB("test");
-//$db->remove_session("XXX");
-//$db->insert_session(100,1,"10.211.55.101","00:1C:42:49:B7:B2","frits","XXX","aksjdhaskjh",
-//	null,null, null,null, null);
-//
-//$clients  = $db->listClients( array("sessionid" => "XXX") );
-//
-//foreach($clients as $client ){
-//    print($client->pipeno) ;
-//}
-
-//$arp = new \Captiveportal\ARP();
-//$arp->setStatic("172.20.0.1",'00:1c:42:49:b7:b1');
-//$arp->dropStatic("172.20.0.1");
-
-//$config = \Core\Core\Config::getInstance();
-
-//$config->dump();
-//print_r($config->xpath('//opnsense/interfaces/*') );
-
-//$rules= new \Core\Captiveportal\Rules();
--- a/src/sbin/captiveportal_gather_stats.php
+++ b/src/sbin/captiveportal_gather_stats.php
-#!/usr/local/bin/php
-<?php
-
-/*
-        Copyright (C) 2011 Warren Baker
-        All rights reserved.
-
-        Redistribution and use in source and binary forms, with or without
-        modification, are permitted provided that the following conditions are met:
-
-        1. Redistributions of source code must retain the above copyright notice,
-           this list of conditions and the following disclaimer.
-
-        2. Redistributions in binary form must reproduce the above copyright
-           notice, this list of conditions and the following disclaimer in the
-           documentation and/or other materials provided with the distribution.
-
-        THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-        INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-        AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-        AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
-        OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-        SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-        INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-        CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-        ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-        POSSIBILITY OF SUCH DAMAGE.
-*/
-
-require_once("interfaces.inc");
-require_once("config.inc");
-require_once("captiveportal.inc");
-require_once("util.inc");
-
-global $cpzone;
-
-$cpzone = $argv[1];
-$type = $argv[2];
-
-// TODO: fix this file
-
-/* read in captive portal db */
-$cpdb = array();//  captiveportal_read_db();
-
-/* determine number of logged in users */
-$no_users = count($cpdb);
-$concurrent_users = $no_users;
-
-/* set initial user count to zero */
-$current_user_count = 0;
-
-/* tmp file to use to store old data (per interface)*/
-$tmpfile = '/var/db/captiveportal_online_users';
-
-if (empty($type)) {
-    exit;
-}
-
-/* echo the rrd required syntax */
-echo "N:";
-$result = "NaN";
-
-if ($type == "loggedin") {
-    $timestamp = 0;
-
-    /* Find out the previous user timestamp
-	* so we can determine the difference between the current
-	* and previous user count. If the file is empty return a 0.
-	*/
-    $fd = @fopen($tmpfile, "r");
-    if ($fd) {
-        while (!feof($fd)) {
-            $line = trim(fgets($fd));
-            if ($line) {
-                $previous_user_timestamp = $line;
-            } else {
-                $previous_user_timestamp = 0;
-            }
-        }
-    } else {
-        $previous_user_timestamp = 0;
-    }
-    @fclose($fd);
-
-    foreach ($cpdb as $user) {
-        $user_ip = $user[2];
-        // Record the timestamp
-        $timestamp = $user[0];
-        if ($timestamp > $previous_user_timestamp) {
-            $current_user_count = $current_user_count + 1;
-        }
-    }
-
-    // Write out the latest timestamp but not if it is empty
-    if (!empty($timestamp)) {
-        $fd = @fopen($tmpfile, "w");
-        if ($fd) {
-            fwrite($fd, $timestamp);
-        }
-        @fclose($fd);
-    }
-
-    /* If $timestamp is less than or equal to previous_user_timestamp return 0,
-	 * as we only want the 'X' number of users logged in since last RRD poll.
-	 */
-    if ($timestamp <= $previous_user_timestamp) {
-        $result = 0;
-    } else {
-        $result = $current_user_count;
-    }
-} elseif ($type == "concurrent")
-    $result = $no_users;
-
-echo "$result";
--- a/src/www/crash_reporter.php
+++ b/src/www/crash_reporter.php
@@ -29,7 +29,6 @@
 */

 require_once("guiconfig.inc");
-require_once("captiveportal.inc");

 function upload_crash_report($files, $agent)
 {

--- a/src/www/diag_authentication.php
+++ b/src/www/diag_authentication.php
 <?php
+
 /*
-    Copyright (C) 2014 Deciso B.V.
+	Copyright (C) 2014 Deciso B.V.
 	Copyright (C) 2010 Ermal Luçi
 	All rights reserved.

@@ -28,6 +29,7 @@

 require_once("guiconfig.inc");
 require_once("PEAR.inc");
+require_once("interfaces.inc");
 require_once("radius.inc");

 function getUserGroups($username, $authcfg)

--- a/src/www/diag_backup.php
+++ b/src/www/diag_backup.php
@@ -150,8 +150,6 @@ function spit_out_select_items($name, $showall) {
 	global $config;

 	$areas = array("aliases" => gettext("Aliases"),
-		       "captiveportal" => gettext("Captive Portal"),
-		       "voucher" => gettext("Captive Portal Vouchers"),
 		       "dnsmasq" => gettext("DNS Forwarder"),
 		       "dhcpd" => gettext("DHCP Server"),
 		       "dhcpdv6" => gettext("DHCPv6 Server"),
@@ -445,15 +443,6 @@ if ($_POST) {
 									$savemsg = gettext("The m0n0wall configuration has been restored and upgraded to OPNsense.");
 									mark_subsystem_dirty("restore");
 								}
-								if(is_array($config['captiveportal'])) {
-									foreach($config['captiveportal'] as $cp) {
-										if (isset($cp['enable'])) {
-											/* for some reason ipfw doesn't init correctly except on bootup sequence */
-											mark_subsystem_dirty("restore");
-											break;
-										}
-									}
-								}
 								setup_serial_port();
 							} else {
 								$input_errors[] = gettext("The configuration could not be restored.");

--- a/src/www/diag_logs_auth.php
+++ b/src/www/diag_logs_auth.php
@@ -45,7 +45,6 @@ if ($_POST['clear']) {
 }

 $pgtitle = array(gettext("Status"),gettext("System logs"),gettext("Portal Auth"));
-$shortcut_section = "captiveportal";
 include("head.inc");

 ?>

--- a/src/www/fbegin.inc
+++ b/src/www/fbegin.inc
@@ -38,15 +38,6 @@ function find_service_by_name($name) {
 	return array();
 }

-function find_service_by_cp_zone($zone) {
-	$services = get_services();
-	foreach ($services as $service)
-		if (($service["name"] == "captiveportal") && isset($service["zone"]) && ($service["zone"] == $zone))
-			return $service;
-	return array();
-}
-
-
 /* Determine automated help URL. Should output the page name and
   parameters separately */
 $uri_split = "";
@@ -243,9 +234,6 @@ if($need_alert_display == true) {
 								case "openvpn":
 									$ssvc = find_service_by_openvpn_vpnid($vpnid);
 									break;
-								case "captiveportal":
-									$ssvc = find_service_by_cp_zone($cpzone);
-									break;
 								default:
 									$ssvc = find_service_by_name($shortcuts[$shortcut_section]['service']);


--- a/src/www/interfaces.php
+++ b/src/www/interfaces.php
@@ -33,7 +33,6 @@

 require_once("guiconfig.inc");
 require_once("vpn.inc");
-require_once("captiveportal.inc");
 require_once("filter.inc");
 require_once("rrd.inc");
 require_once("vpn.inc");

--- a/src/www/interfaces_assign.php
+++ b/src/www/interfaces_assign.php
@@ -33,7 +33,6 @@ $pgtitle = array(gettext("Interfaces"),gettext("Assign network ports"));
 require_once("guiconfig.inc");
 require_once("filter.inc");
 require_once("vpn.inc");
-require_once("captiveportal.inc");
 require_once("rrd.inc");
 require_once("system.inc");
 require_once("interfaces.inc");

--- a/src/www/reboot.php
+++ b/src/www/reboot.php
--- a/src/www/services_captiveportal.php
+++ b/src/www/services_captiveportal.php
--- a/src/www/services_captiveportal_filemanager.php
+++ b/src/www/services_captiveportal_filemanager.php
--- a/src/www/services_captiveportal_ip.php
+++ b/src/www/services_captiveportal_ip.php
--- a/src/www/services_captiveportal_ip_edit.php
+++ b/src/www/services_captiveportal_ip_edit.php
--- a/src/www/services_captiveportal_mac.php
+++ b/src/www/services_captiveportal_mac.php
--- a/src/www/services_captiveportal_mac_edit.php
+++ b/src/www/services_captiveportal_mac_edit.php
--- a/src/www/services_captiveportal_vouchers.php
+++ b/src/www/services_captiveportal_vouchers.php
--- a/src/www/services_captiveportal_vouchers_edit.php
+++ b/src/www/services_captiveportal_vouchers_edit.php
--- a/src/www/services_captiveportal_zones.php
+++ b/src/www/services_captiveportal_zones.php
--- a/src/www/services_captiveportal_zones_edit.php
+++ b/src/www/services_captiveportal_zones_edit.php
--- a/src/www/services_dhcp.php
+++ b/src/www/services_dhcp.php
--- a/src/www/shortcuts.inc
+++ b/src/www/shortcuts.inc
--- a/src/www/status.php
+++ b/src/www/status.php
--- a/src/www/status_captiveportal.php
+++ b/src/www/status_captiveportal.php
--- a/src/www/status_captiveportal_expire.php
+++ b/src/www/status_captiveportal_expire.php
--- a/src/www/status_captiveportal_test.php
+++ b/src/www/status_captiveportal_test.php
--- a/src/www/status_captiveportal_voucher_rolls.php
+++ b/src/www/status_captiveportal_voucher_rolls.php
--- a/src/www/status_captiveportal_vouchers.php
+++ b/src/www/status_captiveportal_vouchers.php
--- a/src/www/status_services.php
+++ b/src/www/status_services.php
--- a/src/www/system_certmanager.php
+++ b/src/www/system_certmanager.php
--- a/src/www/system_hasync.php
+++ b/src/www/system_hasync.php
--- a/src/www/widgets/include/captiveportal.inc
+++ b/src/www/widgets/include/captiveportal.inc
--- a/src/www/widgets/javascript/cpu_graphs.js
+++ b/src/www/widgets/javascript/cpu_graphs.js
--- a/src/www/widgets/widgets/captive_portal_status.widget.php
+++ b/src/www/widgets/widgets/captive_portal_status.widget.php
--- a/src/www/widgets/widgets/services_status.widget.php
+++ b/src/www/widgets/widgets/services_status.widget.php