Possibly overkill using pfsense?

  • Hello folks,
    I am trying to get a project off the ground to use captive portal for wireless clients.  I already have a complete domain setup so services such as DHCP and firewall are already in place and working well. 
    The basic idea I have in mind is to have just one function (captive portal) active.  With all the functions pfsense can do I'm wondering if this is a bit overkill.
    I stayed up quite late last night poking and prodding with the web gui, but probably due to being so tired I didn't make much progress in how I want this configured.

    If anybody could offer and words of wisdom on this, and possibly a few directions to get me moving…?


  • Rebel Alliance Developer Netgate

    It depends on what you will end up doing with it over the long term.

    If all you need is the portal, m0n0wall may be good enough.

  • I looked through the docs on m0n0wall and it almost seems the majority of options match up fairly well with pfsense.
    I'll play around with the setup I have now for a bit and see where it goes.

    But to clarify for what I am looking into,
    I would turn DHCP off, NAT off, Captive Portal on.  But the config details on what else needs to be configured so LAN services pass through to requesting clients is still baffling me. 
    I setup pfsense in vmware, have a client vm attached to the WAN vswitch but my attempts so far to disable the mentioned services still won't let the client vm get a dhcp address or see any network resources.
    Once I get a config down I can move the setup to a larger environment.

    Thanks again

  • Are you trying to set up a transparent captive portal?  In other words, do you want to keep a single flat network, not split your LAN into 2 segments?

  • actually yes!

  • A quick search found this old thread which suggests that it won't work in 1.2.3.  I don't know about 2.0.

  • hmm… would this be the point were m0n0 may have this type of functionality working?

  • Looking at your request there isn't alot of real detail so I won't assume or offer relative answers however
    psfsense Captive portal can work well if setup correctly.
    Networking features natting/dhcp/routing/vlans all work with captive portal in place.
    Captive portal offers 3 types of authentication passthrough/local db/radius. In passthrough you still need to setup f/w rules
    to prevent or allow traffic to pass. With the others you have to have a client dns entry pointing to your pfsense for the splash page to
    Captive portal is limited in functionality as compared with mikrotik and others; so the decision is commercial as well as functional.
    If your offering hotspot services then pfsense will be limited; however if provisioning straight access alone then suitable.

  • @nzbreser
    what is missing from mikrotik in CP?

  • @ermal:

    what is missing from mikrotik in CP?

    Maybe this one,pfSense do not support remote disconnection using POD packets, instead it is using
    reauthentication (Reauthenticate connected users every minute,i think there must be options 1/5/10 min)

  • i think there must be options 1/5/10 min

    This would be a very welcome addition, at least for me.

  • to set the re-authentication interval edit /etc/inc/captiveportal.inc and change it to whatever you want.

    /* initialize minicron interval value */
                    $croninterval = $config['captiveportal']['croninterval'] ? $config['captiveportal']['croninterval'] : 60;

    /* double check if the $croninterval is numeric and at least 10 seconds. If not we set it to 60 to avoid problems */
                    if ((!is_numeric($croninterval)) || ($croninterval < 10)) { $croninterval = 60; }

    note that you can also set it in config.xml but there is no gui to do this for you.  Either way works.


  • You can set this on the gui

  • @ermal:

    You can set this on the gui

    Where is located this options ?

  • UP

Log in to reply