pfSense "router" to an other pfSense captive portal possible ?



  • Hello everyone,

    I have 2 pfsense( as you can see in the picture), I put virtual IP on each captive pfsense redirected to each web server, I think I have put all the steps in necessary( gateway, rules...), because if i disable captive portal, it works.

    0_1550245959585_schéma_pfsense.jpg

    So, i would like know if it's possible to use a pfSense router and a second pfSense with a captive portal in this way ?

    Thanks for all !!!


  • Rebel Alliance

    @nathansj26 said in pfSense "router" to an other pfSense captive portal possible ?:

    I have 2 pfsense( as you can see in the picture)

    i'm sorry but there i see 3 pfsense in this picture..I assume the two captive portal are in the same pfsense ?

    If my assumption is correct, how did you link the pfsenses? using multiple interfaces? using VLAN? or using one interface with virtual IPs?

    So, i would like know if it's possible to use a pfSense router and a second pfSense with a captive portal in this way ?

    sure, it is possible...however I guess you made a configuration mistake...a captive portal has to be applied on the input interface, not on the output one

    users devices-->pfsense interface with captive portal enabled-->routing table of pfsense-->pfsense interface linked to your server network -->your server

    what you was looking for was a "reverse captive portal", which doesn't exists in pfsense

    you can still create two captive portal in the way you want, but each Captive portal has to be applied on the interface between the two pfSenses, not on the servers one.

    you can apply only one captive portal per interface, meaning you will need to setup multiple interfaces between your two pfsenses. you can achieve this by using VLANs between your pfsenses.



  • Hello,
    Thank you for all this answers !! ;)
    I detail my problem :

    0_1550479043707_schéma_pfsense.jpg

    In fact, I want to secure my machine networks with the use of a captive portal. The goal is that the client must be able to access the machine without knowing its internal address. Each machine has a differant network that's why I use a pfSense for each network.

    I use the first pfSense(Router) for route all requests to the good pfsense.

    I hope have been more clair, thanks for all !! ;)


Log in to reply