Captive Portal On Wireless Router
-
Good night all. I've got something that requires expertise beyond what I can do.
I've gotten pfSense working in a lot of different scenarios so far, but this one is throwing me a bit.
Captive Portal works. It does. But let's say…......
INTERNAL NETWORK - 10.2.2.1 - 254
GUEST NETWORK - 192.168.1.1 - 254
ISP DHCP - 192.168.0.1Now the guest network - I purposely put a wireless router there to just give free access based on vouchers. Anyone that comes in should ask for a voucher and get it before going on. The vouchers are timed. The problem is, once a voucher is entered pfSense is recognizing the router as the device that is on, and EVERYONE that comes in thereafter has free access until the voucher expires.
Is there some way around this? Should I disable DHCP on the router and assign all other devices that I don't know to a VLAN or something? Never setup a VLAN to be honest. Or maybe the other way around, where I put all of the known devices on a VLAN and then everything else not on the VLAN? That way I can let pfSense control the entire DHCP and it should eliminate the issues with the Captive Portal. Maybe?
Any suggestions welcome. Thanks in advance.
-
The IP and MAC address for everyone behind your wireless router is the same. You want an access point behind your captive portal so captive portal sees everyone's individual IP and MAC addresses.
https://doc.pfsense.org/index.php/Use_an_existing_wireless_router_with_pfSense
-
Hi there. Thanks for that. I know that method, but I want to keep the guests separate. That's the reason for the router. Is there any way to make it work?
-
No. Put them on a separate pfSense interface and configure the wireless as described. They are all one MAC/IP address pair like you have it. CP cannot tell them apart.
-
OK. Thanks for that. Will have to look into other hardware then. VLAN not advised for this setup?
-
VLANs are fine. They appear as just another interface to pfSense.
-
OK. I've done the existing router setup before, so that's not difficult. I am going to do some reading up on the VLAN setup and test it out. Never done that before.