Trouble With CaptivePortal on Two VLANs in One Interface

mylmzertia

Hello everyone,

First of all, Thanks for all the ideas and comments

I couldn't make it work whatever I try the CaptivePortal with two VLANs. I would like to create an authentication system to understand who has a user account and who don't. By this way, I will put every device to User VLAN or Guest VLAN. Firstly I have created three Interfaces and those are by sequence; WAN, LAN, CHOICE. CHOICE has two VLANs and those are USER and GUEST. I have already supplied my LDAP connections with the pfSense. I have created a rule to GUEST VLAN to not to reach other VLANs by entering manual IP. I have set the DHCP settings for all of them.

CHOICE IP Block -: --192.168.50.100 - 120/24
USER IP Block ----: --192.168.10.100 - 200/24
GUEST IP Block ---: --192.168.20.100 - 200/24

Everything is ready but!!! the CaptivePortal settings are not. The CaptivePortal of CHOICE shows a page to the user to select which network to go. This page shows two button on it and I have created it by myself.

One of the buttons says User Login and the second one says Guest Login.

When I press the User Login button, It redirects me to the CaptivePortal of USER VLAN and authentication screen works well. After all of these steps, the browser opens a page and it says You are connected !

The same thing happens while doing the same things for GUEST VLAN.

But after all, the IP shows that I have an IP 192.168.50.100 and never changes. Actually, I have created this for distributing two different IP addresses from one interface named CHOICE.

Sorry for my ignorance but if you have any idea, it would be wonderful to help me.

free4

@mylmzertia hello,

captive portals can be NAT-based or VLAN-based.
pfSense only support nat-based captive portal

if you are looking for VLAN based captive portals, I would suggest you to have a look to other products, such as packetfence

mylmzertia

Thank you for your reply.
You mean I can only make this happen with two different interfaces on pfSense?

Gertjan

You are already using multiple interfaces - a VLAN is considered as a interface.

Typically, each interface has its own dedicated AP(s) - using a dedicated radio (== Wifi) setup.
A user should choose the correct Wifi SSID first to use the correct network. You can't automatize this.

mylmzertia

@Gertjan said in Trouble With CaptivePortal on Two VLANs in One Interface:

You are already using multiple interfaces - a VLAN is considered as a interface.

Typically, each interface has its own dedicated AP(s) - using a dedicated radio (== Wifi) setup.
A user should choose the correct Wifi SSID first to use the correct network. You can't automatize this.

I just wanted to make it happen. I was planning to redirect the user to the correct VLAN by using just one SSID. But I completely got that I can not do it. Thanks for your helps.

@free4 I still can not find an opportunity to try PacketFence. I will write down here if I can be successful on it.