Allow users to join pfsense box to third party AP's



  • Hi,

    This is my first post, so sorry if it has been asked before but I could not find anything on the forum or internet. Also, I was not sure if this should go in Wireless or GUI sections. So posting here first.

    I am looking to provide our company remote workers with pfsense firewalls. One requirement is to allow them to join external (other company / internet cafe) wired and wireless networks via the hardware (pfsense) firewall. whilst wired is not an issue the wireless setup does raise some questions. So the working example would be;

    internet <–-> Third party network / AP <---> atheros card[pfsense] LAN <–-> client PC.

    whilst i can configure the wireless card to join an AP and I am happy that the baseline setup works. The remote user would have to configure this per connection to a different third party AP. I can not pre plot where the remote user may travel. I could train the user to do this, but i do not wish to give the firewall admin password etc. Also the GUI interface has various fields that would be best left untouched by the users.

    Is there a simple way / GUI to allow a user to join the pfsense box to an external AP (prefered would be to allow them to select/edit SSID, Password only.

    regards

    Jim



  • To answer your question, it's not simple but anything is possible.

    pfsense experts help me out on this one.
    I imagine that you could do this by simply adding extra password protection to every pfsense GUI page you do not want your users to access.
    For example you would edit every php page in the www share, add php authentication, and share the pfsense admin password with your users. The only page you wouldn't password protect is the page you want your users to access.
    While multi accounts are not possible in 1.2.X, they are possible in 2.0 BETA.

    I hope this solution isn't completely off but let's see what the pfsense experts say.



  • Tommy,

    Thanks for the reply and possible lead. If anyone has any other possible solutions, please let me know.

    Jim


Log in to reply