Captive portal authentication setup for a specific subnet



  • Hello there,

    I have a pfsense installation on a PC in a university library with wireless and LAN workstation PCs for Internet and I want to use its WAN connection for adding additional wireless points in the same building. For authentication I want to use the captive portal setup, the problem is that the PCs in the library also need a password and the users that come to log to the internet get confused about that.
    How can I setup two different subnets for the captive portal - one for the library users and another for the additional wireless anthenas?
    Notice that the library PCs do not need authentication.

    The setup is the following:

    WAN 62.xx.xx.xx
    room subnet 172.xx.xx.xx
    addtional anthenas 192.xx.xx.xx
    172.xx.xx.xx uses WAN 62.xx.xx.xx without authentication
    192.xx.xx.xx anthena users need authentication for internet through 62.xx.xx.xx

    How can I get the two subnets (172.xx.xx.xx and 192.xx.xx.xx) working?
    I think that can be managed through the firewall rules for PPTP VPN.
    Thank you in advance.



  • @jttodorov:

    WAN 62.xx.xx.xx
    room subnet 172.xx.xx.xx
    addtional anthenas 192.xx.xx.xx
    172.xx.xx.xx uses WAN 62.xx.xx.xx without authentication
    192.xx.xx.xx anthena users need authentication for internet through 62.xx.xx.xx

    How can I get the two subnets (172.xx.xx.xx and 192.xx.xx.xx) working?
    I think that can be managed through the firewall rules for PPTP VPN.
    Thank you in advance.

    Hi,
    Tu use CP on more than one interface you must go to PFS2.0.
    If I have get you idea correctly you wish to connect AP's this which are connected on 62.x.x.x by using PPTP to inside net, then use CP to control traffic from them.
    It will be much better if you create VLAN's, then put those AP's together on same (or different VLAN's to distinguish between AP for students and those for stuff) VLAN. PFS will be then between WAN and VLAN's inside campus.
    Each VLAN can have then different set of rules (firewall) and you can choose in what way will CP work on them.

    I hope that this is good explanation.

    Br

    Sasa


Log in to reply