Wi-fi authenticated hotspot config issues



  • I'm trying to set up pfSense as an authenticated wireless hotspot to provide free internet access to guests in a medical facility waiting room.  I can get everything to work fine on the hardwired LAN side, but can't figure out how to get the wifi to work.

    As I understand it, in order to use authentication, I cannot use an external wireless AP (such as WRT54G) because that won't pass the MAC address of the client PC thru to pfSense to use for the authentication. So I tried using a USB wifi on the pfSense box, and that ALMOST works. The client laptop I'm using for testing connects, requests (and apparently gets) an IP address, but then disconnects immediately and repeats the process forever. I'm pulling my hair out trying to figure out what I have set wrong. Any help would be greatly appreciated.

    Here is the setup I'm using:

    WAN - sis0 - 192.168.1.67 (DHCP from DSL modem) - ethernet on motherboard
      LAN - rl0 - 192.168.2.1 - Belkin F5D5000
      OPT1 - rum0 - 192.168.3.1 - Belkin F5D7050

    (The Belkin hardware is all the local store had in stock. But if it's an issue I can get other brands from out of town.)

    DSL modem is providing DHCP to pfSense box. LAN is also providing DHCP to hardwired connections on the box. That much seems to work fine. And the authentication (local) works fine that far.

    OPT1 is set to be an Access Point. I have tried OPT1 with DHCP enabled/disabled and still no joy.  I have tried bridging OPT1 to LAN, then to WAN, both with no joy. I've tried setting the gateway IP to the LAN, WAN and DSL IPs all with no joy.

    What am I missing?

    Thanks in advance.



  • @NoProbRob:

    As I understand it, in order to use authentication, I cannot use an external wireless AP (such as WRT54G) because that won't pass the MAC address of the client PC thru to pfSense to use for the authentication.

    Yes you can as long as the wireless AP operates as a bridge between wireless and wired networks and does not do any routing.



  • @kpa:

    @NoProbRob:

    As I understand it, in order to use authentication, I cannot use an external wireless AP (such as WRT54G) because that won't pass the MAC address of the client PC thru to pfSense to use for the authentication.

    Yes you can as long as the wireless AP operates as a bridge between wireless and wired networks and does not do any routing.

    Thanks for the reply! Thanks to you I've got it working in a "simulation mode" with another router connected as the WAN providing an "up" connection with DHCP, etc., and two laptops entering through the wireless into the LAN side. Captive Portal catches the laptops, then allows them through to that fake WAN after authenticating. It all seems to work smoothly, so I expect it to do so when I hook up the real WAN.

    I thought I had heard or read somewhere that the MAC wouldn't be passed thru the wireless, but it would make sense that that would be the case only if the wireless was handling DHCP, routing, etc. As you said, it does seem to work with the wireless serving as a "dumb" AP bridge to the LAN and nothing more.  I guess I had a "mental block" about the MAC so I foolishly didn't look into it further.

    Thanks again!!


Log in to reply