Captive portal and Vlans / subnets



  • I hope this hasn't been answered before, i have looked and quite find the answer.

    I will have two wireless networks which will be on Vlan 2 and 3.  I want to present 2 different landing pages and push them through to 2 different pages once authenticated.  My solution:

    each vlan will have different DHCP and assign different IP ranges, the webpages can run php that show a page depending on IP, the push through page defined on the CP interface will also be a simple if your IP is this then forward to this page…

    My problem is that I have never got CP to work on different vLans (or more importantly different subnets).  I have posted before and been told a simple firewall tweak is all that is required, however I can't get my head around it.  Does anyone have a walk through or can elaborate on what this tweak would need to be?



  • I assume your pfsense box is the default gateway for your two wireless VLANs?  If so, I know there's an option in release 2.0-RC1 that lets you select which interface to enable the portal on.  It's right at the top of the Services > Captive Portal page.  I'm brand new to pfsense, so maybe you've already tried this without success…

    Hope this helps!



  • You have to code it yourself on the login page to do the differentiation.



  • The differentiation between the networks i can code easily enough using php.

    The problem is that if the box is assigned a default IP of 192.168.200.1 the first subnet is 192.168.201.0/24 and the second subnet is 192.168.202.1/24 when i try and log on from either vLan i get pushed to 192.168.200.1 for the captive portal, however I can't see that page since it is on a different page.

    I assume a firewall or route needs to be written, i can't seem to get it to work though.



  • You can configure a passthrough IP for this.
    ("Allowed IP addresses" on the CP config page)


Log in to reply