Use captive portal from remote sites

  • Hi all

    I am trying to setup a centralized captive portal system.

    remote accesspoint1 -                                        –---- lan_if (for admin)
                                  |                                        |
    remote ap2 -------------internet------pfsense-------- wifi_if (dchp, captive portal, proxy) --- access points connected with cable
                                  |                                        |
    remote ap3 -----------                                          ------ servers_if (radius, syslog)

    remote access are connected via adsl links.
    remote access point are linksys wrt-54gl (with dd-wrt 2.4sp1 vpn firmware) and they are connected as openvpn client to pfsense.

    from a laptop I can ping the wifi_if and if I point the browser to http://wifi_if:8001 I can see the captive portal login page,
    But I have a routing policy trouble, packets that exit from the tun0 seems to be routed directly to the wan of the firewall.
    Is there the way with pfsense to force the tun_if exit inside the wifi_if subnet ?
    Is there another way to make this ?