Pfsense and radius on the same computer?

  • Sorry if this is a newb question but I am looking for an opensource firewall that can give me what I need without a ton of effort.  I know almost nothing about captive portals except that I know my church would benefit.  We have a fairly small church and are very friendly with each other.  Anyway with friendliness comes openness and insecurity.  I am not worried so much about the regular members gaining access to the church network as much as I am those that come on occasion.  Right now the church just has a simple dlink router/wifi ap and the problem is that the password gets spread around a little to freely and there is no segregation of the wifi users from the in house wired computers.  I thought with pfsense I might be able to have multiple network cards to keep the wifi traffic and wired traffic on separate lans which I am pretty sure pfsense can do right?

    My big question though is with the captive portal, it seems as though all captive portals I have seen use a separate server for the authentication.  Can I use the pfsense server to also act as the authenticating server for freeRADIUS?  Why would you normally put it on a separate server?  Is it just because of the horse power that authentication can use up if lots of people are authenticating all the time?  Will it all work on one small computer if the traffic is light and only one or two people were using wifi at a time?  I am just not sure if what I am hoping is possible and want some feedback before I dive into this venture.

    Also I am not a certified network guy I only dabble for a hobby so I would appreciate laymans terms please.

  • Yes, just build a machine with 3 interfaces (WAN/LAN/WiFi with captive portal). You can seperate the WiFi from the LAN easily with firewallrules and run the captive portal to intercept your users.

    pfSense can use an external radius server, the radius server package installed on the same machine or a local user manager. The easiest thing is the local user manager. This one will just provide a static set of configurable users/passwords. You can't do accounting with that but if I get you right you don't need that anyway. Just give it a go. It's rather easy once you see the settings in the webgui.

  • Thanks for the response. I will definitely give pfsense a try then.  It seems as though it is what I have been looking for.  Now all I got to do is find the time to try it out hehe.

Log in to reply