Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive portal from routed address

    Scheduled Pinned Locked Moved Captive Portal
    7 Posts 2 Posters 84 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E Offline
      Elnatan
      last edited by

      We have a new subnet 172.16.10.0/23 behind a router with no NAT into LANnetwork of pfsense with subnet 192.168.52.0/20, does PF sense captive portal support that routed subnet?

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG Offline
        Gertjan @Elnatan
        last edited by

        @Elnatan

        You mean you have two - or 3 ? 4 ? WAN IPs ?
        That's a multi WAN setup for me, and will work with the captive portal, which is just a LAN type interface.

        I would : first : make all WANs and LANs work.
        And because it is a Multi WAN setup, select you multi WAN usage setup rules.
        Sub step : get (rent) a domain name, get the pfSense acme.sh package, set up a certificate for your portal, as you probably want to use https with a recognized certificate, not a self signed one that will scare of the portal users as their browser will 'warn or plainly refuse the http access)
        On the portal interface (make life easy : don't use the LAN for this, reserve it its own interface) place a generic "pass all" rule, first.
        The : activate the portal and done.

        Be ware : Capitive portal : is DNS sensitize. Your are not allowed to break DNS ^^

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        E 1 Reply Last reply Reply Quote 0
        • E Offline
          Elnatan @Gertjan
          last edited by

          @Gertjan thanks for the reply.
          No we are routing on our LAN side as we have a very distributed network before we reach the pfsense as our GW,DNS and Captive portal.
          It looks like the captive portal is only accepting auth from its LAN IP address subnet, not any routed traffic. Adding this subnet as allowed works but is not ideal as these users now bypass auth.

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG Offline
            Gertjan @Elnatan
            last edited by

            @Elnatan said in Captive portal from routed address:

            It looks like the captive portal is only accepting auth from its LAN IP address subnet

            When the captive portal is active, pfSense host a web page that emits portal visitors users to enter credentials.
            When valid, their IP/MAC is added to the captive portal 'pass' table, so form then on, they can use whatever lies behind the LAN interface, normally : the internet.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            E 1 Reply Last reply Reply Quote 0
            • E Offline
              Elnatan @Gertjan
              last edited by

              @Gertjan This portal is not being emitted to devices arriving at the LAN1 interface for subnets not included in the LAN1 address range.

              To break it down:
              We have 192.168.52.1/22 as our PFSense IP address.
              We have routers inside the network to break up a wide broadcast domain.
              2 Subnets that need captive portal are:
              172.16.10.0/23
              172.16.12.0/23

              We have configured routes to these subnets on the pfsense so they can ping it.

              E 1 Reply Last reply Reply Quote 0
              • E Offline
                Elnatan @Elnatan
                last edited by

                Realized we are using MAC filtering, and with routing no MAC addresses reach the PFSense.
                Thanks for the assistance.

                GertjanG 1 Reply Last reply Reply Quote 0
                • GertjanG Offline
                  Gertjan @Elnatan
                  last edited by

                  @Elnatan

                  And without MAC info, portal management becomes more like, a lame duck. It might 'work' but will only by IP based.

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.