Captive Portal Wifi Router Authentication



  • HeLLo,

    I read many posts about it but didnt see anyone giving solution of it.

    I am using pfsense 2.4.4 everything is running fine with radius but when i attach a router it ask for user name password for first user but after that all users from that router are allowed without Authentication.


  • Rebel Alliance

    well,
    if I understand correctly

    internet <--- pfSense with CP enabled<----a router<--- your users

    maybe you enabled NAT on your router? please disable NAT on it.



  • @awaz said in Captive Portal Wifi Router Authentication:

    I read many posts about it but didnt see anyone giving solution of it.

    Between the device and pfSense-Captive portal there can't be any router **.
    That why there is no solution. Because it isn't a problem ;)

    In detail : if you use a router with Wifi facilities, like one of it's LAN NIC's is equipped with Wifi radio device, and you connect the upstream NIC (typically labeled as WAN or upstream on this router) then the captive portal would only see the IP of this routers NIC. NOT the IP of the client - neither the MAC.
    So, everybody that connects to your router's Wifi, will be identified by pfSense with the same IP and the same MAC, the one on the router's WAN port.

    And that is bad .....

    You'll be seeing the typical "one user logs in, and after that it's a free ride for everybody else (many posts exists about this subject)"

    So, use a simple AP, if it has DHCP : shut that down.
    A router equipped with Wifi could be used, but, as said above, shut down NAT, DHCP server, etc. Make it look like a dumb AP and you'll be fine.

    ** well, you could do it. But it will break captive portal's basic operating rules.