Different default gateway on different voucher list with captive portal ?

  • Hi all,

    I don't know if following scenario is possible, if so can anybody shine a light on this ?

    Here's the setup :

    We use pfSense 2.0.1 with 3 NIC's.
    NIC 1 : is a WAN interface with IP1/GW1
    NIC 2 : is a LAN interface on which there are access points in bridge mode. On this NIC captive portal, dhcp and dns forw is installed and works with voucher code's.

    So far so good …. everyhting works as expected. Users can authenticate them based on voucher code and can get internet access.

    NIC 3 : is connected with our intranet which has another default gateway as NIC 1 (INTRANET/GW2)

    On the NIC3 subnet are all our servers, mail, http, application, file, print etc.

    What we try to accomplish is this :

    We have two groups of users.

    a) Company workers which may access all our servers, data and printers and hence may have access to the intranet on NIC3 and must use the default gateway associated with that subnet (= INTRANET/GW2) (because that gateway is proxied, virusscanned, connected with other branches over VPN etc).
    b) Guest users may only use plain internet (which is bandwidth throttled) and must use the gateway associated with NIC1 (GW1) and have NO access to the intranet on NIC3

    Is there a way to set access/a default gateway based on which voucher list is used ?
    It would be ideal to have 2 voucher lists on the same pfSense box, one for company workers and one for guests.

    PS : At the moment we can have 2 different pfSense boxes, running two completely separated access point networks (with different SSIDS) and hence two different captive portals ... BUT ... this is so clumsy form an administrative point of view and confusing for the end user. (In the clumsy scenario the company users have to use SSID 'Company' with associated voucher code, and the free users have to use SSID 'free user' with associated voucher code. This gives multiple calls a day on the IT helpdesk form workers who use the wrong SSID.

    PS 2 : In our branche we can't disable the proxy on GW1 (which is located on in the head office, their policy is that every company worker has to use the end-proxy, so we can't change that).
    We could route everyone (alse the guests) over this gateway (GW1), but then guests must change their proxy settings (which is sometimes prohibited if a guest has a computer on which a no-proxy editing policy is set).

    So ....

    Is there a way to do all the above on 1 pfSense box with one access point SSID ?

  • I think this answer/customization is more suited for portal.pfsense.org

    Presently, the answer is no.

Log in to reply