Best setup for my configuration



  • Hello,

    My first pass with pfsense was a mess, so now I'm asking for a "best practices" if you will on how to set up pfsense for the configuration(see attached)

    What I would like to happen is for anyone who connects to the wireless access points must have to authenticate through the captive portal before they can see anything from the local network or the internet. What is the best way to set up pfsense for this to work? Do I need to change anything in my setup?

    Sorry for the terrible picture…

    Thanks for the help.



  • So you are using pf only for Wireless clients then.

    DON'T USE VLAN1 it is a security risk

    if you are using 1.2.3 then all APs need to be connected to a switch that is connected to 1 interface that has captive portal running on it as in 1.2.3 and older it can only bind to 1 interface. in 2.0 it can bind to multiple interfaces.



  • Yes I'm wanting to use pfsense just for wireless but it will be our own employees using our wireless(some guests who only need Internet) and they will need access to the local network. I am wanting to use pfsense mainly for the captive portal so that we can have them authenticate through radius to IAS on a server 2003 box to discourage them from giving out the wireless password for the employee network if we had a two ssid system (employee and guest). We do not want to do that, we would like to have it be one ssid and let pfsense decide where the traffic is routed. I am aware of the security concerns with this setup but this is one of the only free ways that I have seen to accomplish this. Is this possible with pfsense through firewall rules?

    I've had it set up before to where it was working sort of, users would get on the wireless on vlan 2, not be able to get Internet,but once they authenticated they could get Internet, bit they could not see the local network. My setup was exactly like my drawing above.


Log in to reply