Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive Portal On Wireless Router

    Scheduled Pinned Locked Moved Captive Portal
    7 Posts 2 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      khat17
      last edited by

      Good night all. I've got something that requires expertise beyond what I can do.

      I've gotten pfSense working in a lot of different scenarios so far, but this one is throwing me a bit.

      Captive Portal works. It does. But let's say…......

      INTERNAL NETWORK - 10.2.2.1 - 254
      GUEST NETWORK - 192.168.1.1 - 254
      ISP DHCP - 192.168.0.1

      Now the guest network - I purposely put a wireless router there to just give free access based on vouchers. Anyone that comes in should ask for a voucher and get it before going on. The vouchers are timed. The problem is, once a voucher is entered pfSense is recognizing the router as the device that is on, and EVERYONE that comes in thereafter has free access until the voucher expires.

      Is there some way around this? Should I disable DHCP on the router and assign all other devices that I don't know to a VLAN or something? Never setup a VLAN to be honest. Or maybe the other way around, where I put all of the known devices on a VLAN and then everything else not on the VLAN? That way I can let pfSense control the entire DHCP and it should eliminate the issues with the Captive Portal. Maybe?

      Any suggestions welcome. Thanks in advance.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        The IP and MAC address for everyone behind your wireless router is the same. You want an access point behind your captive portal so captive portal sees everyone's individual IP and MAC addresses.

        https://doc.pfsense.org/index.php/Use_an_existing_wireless_router_with_pfSense

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • K
          khat17
          last edited by

          Hi there. Thanks for that. I know that method, but I want to keep the guests separate. That's the reason for the router. Is there any way to make it work?

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            No. Put them on a separate pfSense interface and configure the wireless as described. They are all one MAC/IP address pair like you have it. CP cannot tell them apart.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • K
              khat17
              last edited by

              OK. Thanks for that. Will have to look into other hardware then. VLAN not advised for this setup?

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                VLANs are fine. They appear as just another interface to pfSense.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • K
                  khat17
                  last edited by

                  OK. I've done the existing router setup before, so that's not difficult. I am going to do some reading up on the VLAN setup and test it out. Never done that before.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.