WIFI captive portal with an ADSL router with a WIFI interface


  • An ADSL modem/router has both an ethernet and a WIFI interface. The ADSL modem is NOT used. Smartphones connect to the WIFI interface and we want them to access the internet through a connected pfsense gateway that shows a captive portal and whose WAN side is another ADSL router that is connected to the internet.

    But the WIFI ADSL router has no manual setting for the default gateway to make it point to pfsense as the default gateway. Instead, the router is stuck trying to point to its ADSL side, it tries to get a default gateway from there.

    So smartphones can only see pfsense's web configurator at 192.168.0.1.  Any packet addressed to anything other than 192.168.0.1 and 192.168.0.2 (router's web configurator) gets lost.

    My question is: is it possible or wise to run a web server on pfsense that listens on the LAN side on port 8081 and presents a captive portal where after authentication you type google.com on a form and the web server fetches content from google.com and shows this content underneath, like some web-based proxies do? Would CGIproxy work?

    Alternatively, is it possible or wise to send all packets to a public web-based proxy and fill in the form there?

    Alternatively, if I find out how to set up the smartphone's dated IPsec VPN client, can all packets be sent to a compatible VPN server while the smartphone thinks it is talking to an IPsec VPN server at 192.168.0.1?

    Anything that allows people to connect their smartphones to the internet with minimal fuss through this is preferred.


  • Usually I would disable DHCP on the combo-WiFi-ADSL-router. Plug pfSense LAN into one of the LAN ports of combo-WiFi-ADSL-router. Enable DHCP on pfSense LAN. Then the WiFi clients will get DHCP from pfSense LAN. It won't matter that combo-WiFi-ADSL-router has no way to specify an alternate default gateway, because it will no longer be serving anything out to clients.


  • It works! Thanks.

    And it also works if the pfsense LAN interface and the combo-router are on different subnets (10.0.0.x for pfsense and 192.168.1.x the combo-router). The smartphone gets a 10.0.0.x IP and 10.0.0.1 as the default gateway even though it cannot see the combo-router at 192.168.1.254. How can this be? Can the smartphone see all MACs?