Change captive portal detected WAN IP address for radius auth

  • Hello Guys,

    Thanks to Belgacon, our national internet provider, I have a problem with captive portal.

    My internet providers forces users to be inside a LAN subnet behind their own router.

    The problem is that when I try to connect to my freeradius server (on another site), the NAS-IP-Address field sent by pfsense is its WAN address, who is not its real WAN address but the one within the provider's LAN, and so the authentication is rejected with a  Reply-Message = "NAS not found!"  >:(

    I tried to change my with the following values but no way….

    function getNasIP()
       $nasIp = "" ;


    Has someone experienced it yet? And how to solve it?

    Is it not a way to explicitly tell the captive portal service to send a custom IP instead of the detected WAN address??

    Thank you by advance for the help and please excuse my bad english...


  • Hi everybody,

    It works!

    Finally i've modified /etc/ with the following values :

    function getNasIP()
        $nasIp = "";
            $nasIp = "";
        return $nasIp;

    and rebooted my device… (this is what I did not do first time)

    After this, my radius messages were looking better

    NAS-IP-Address =
            NAS-Identifier = ""
            User-Name = "testuser"
            Acct-Status-Type = Start
            Acct-Authentic = RADIUS
            Service-Type = Login-User
            NAS-Port-Type = Ethernet
            NAS-Port = 7
            Acct-Session-Id = "221de044d5aee762"
            Framed-IP-Address =
            Called-Station-Id = "5c:d9:98:aa:bb:cc"
            Calling-Station-Id = "00:21:5d:aa:bb:cc"

    Mister developers, is it not a way to add a field on captive portal configuration page to permit to manually change the WAN IP address? I think it should be grandly appreciated...


Log in to reply