Captive portal from routed address
-
We have a new subnet 172.16.10.0/23 behind a router with no NAT into LANnetwork of pfsense with subnet 192.168.52.0/20, does PF sense captive portal support that routed subnet?
-
You mean you have two - or 3 ? 4 ? WAN IPs ?
That's a multi WAN setup for me, and will work with the captive portal, which is just a LAN type interface.I would : first : make all WANs and LANs work.
And because it is a Multi WAN setup, select you multi WAN usage setup rules.
Sub step : get (rent) a domain name, get the pfSense acme.sh package, set up a certificate for your portal, as you probably want to use https with a recognized certificate, not a self signed one that will scare of the portal users as their browser will 'warn or plainly refuse the http access)
On the portal interface (make life easy : don't use the LAN for this, reserve it its own interface) place a generic "pass all" rule, first.
The : activate the portal and done.Be ware : Capitive portal : is DNS sensitize. Your are not allowed to break DNS ^^
-
@Gertjan thanks for the reply.
No we are routing on our LAN side as we have a very distributed network before we reach the pfsense as our GW,DNS and Captive portal.
It looks like the captive portal is only accepting auth from its LAN IP address subnet, not any routed traffic. Adding this subnet as allowed works but is not ideal as these users now bypass auth. -
@Elnatan said in Captive portal from routed address:
It looks like the captive portal is only accepting auth from its LAN IP address subnet
When the captive portal is active, pfSense host a web page that emits portal visitors users to enter credentials.
When valid, their IP/MAC is added to the captive portal 'pass' table, so form then on, they can use whatever lies behind the LAN interface, normally : the internet. -
@Gertjan This portal is not being emitted to devices arriving at the LAN1 interface for subnets not included in the LAN1 address range.
To break it down:
We have 192.168.52.1/22 as our PFSense IP address.
We have routers inside the network to break up a wide broadcast domain.
2 Subnets that need captive portal are:
172.16.10.0/23
172.16.12.0/23We have configured routes to these subnets on the pfsense so they can ping it.
-
Realized we are using MAC filtering, and with routing no MAC addresses reach the PFSense.
Thanks for the assistance. -
And without MAC info, portal management becomes more like, a lame duck. It might 'work' but will only by IP based.
