New To PFSense, Need Custom Captive Portal

  • Hi,

    I've never used PFSense before, although in the past I have used various Linux distros. I currently manage the network for a large, multi-company space, that has a shared internet connection for dozens of companies. We have been using SonicWall routers with wired LAN connections in each office and wifi access points scattered throughout the space. Since the facility is so large and has so many users in and out all day, it's been difficult to identify problem machines on the network. So far all we have been able to do is identify the MAC addresses of problem machines, but that doesn't tell us who owns the machines or where they are physically located.

    Enter PFSense. What I am trying to accomplish is a custom captive portal page, that would show up on every machine across the network the first time they connect. I do NOT want it to prompt for a password or user login, and I want each user to only have to do this one time. I want the splash page to collect the following information: Name, Company, Office Number, Phone Number, and Email. I also want the captive portal to collect the user's MAC address automatically. Below those fields there will be the user policy agreement, and then a continue button. When they hit that button they have internet access, and I want all of that information collected by the page to be made available to me, so I can easily identify who owns what MAC address.  This way, if someone's machine is causing problems on the shared internet connection, I can track that person down without having to go on a wild goose chase throughout the entire facility trying to find the MAC address in question. After all, there's dozens of computers and devices connected at any one point in time.

    So I have started working on a PFSense box in a test environment. As of right now I have a custom captive portal page created, but I'm not entirely sure I've made it properly, in fact I probably haven't. So I'm not opposed to making one from scratch all over again. When the user pushes the "continue" button, all it's doing right now is refreshing the captive portal page, it is not advancing to another page or to any other url. That's a problem obviously. I'm also not sure where this information that is being put into the fields is going.

    Please help! And thank you in advance for your responses.

  • In the amount of time from when I posted this to now, I have come across a little more information on my own, and have installed the FreeRADIUS package onto PFSense, because it appears I need this. But I will be honest, I'm totally lost here. I have no idea how to make FreeRADIUS and the CP communicate with eachother, especially since I'm not even sure if my CP is coded properly.

    Also, it appears I do need to have users create a username and password in order to accomplish what I am trying to do here? Correct me if I am wrong. I was hoping to bypass the need for users to have a password.

  • A solution that could probably work would be to collect the required user information and the MAC address the first time the portal is opened and then automatically add the MAC address to the MAC pass-through list. Also without seeing at least some of your custom page code it's quite hard to tell you if you made an error there.

  • I see what you are saying there, but I'm not quite sure how to implement it. As for seeing the custom page code… I've ditched the page I was trying to use and started over, using what I came across this thread:,8748.msg50758.html#msg50758

    So, I have the default pfSense custom portal page, and all I've done was add a custom logo to the top, and a "to register click here" at the bottom. When they click the "click here", it directs the user to the page I created from the code in the link above. From what I am seeing, however, it appears this only works on older versions of pfSense, pre-dating 2.0. When the user fills out their information and clicks on register, it returns with a fatal error.

    Has anyone found a way to make this work on 2.0+ or made something similar?

  • Here's the code I am using on the Registration page. As I said before, the page they first see is the default captive portal page, just with a custom logo and a "click here to register" at the bottom, which takes them to the code here.


  • So I have a friend who is a PHP expert looking at my self-registration page, that I built off of the code in the post above… I'll let the forum know how that goes.

    In the meantime, I was wondering... A lot of the businesses in this space use their own routers or have their own wifi netwoks, basically sub-networks of our master network. I want each user to be forced to log in, even behind sub-networks. However, in my test environment, the captive portal seems to be seeing everything behind a sub-network as one machine. So, for example, in my test environment, if I log in to the captive portal on one machine behind a sub-network, the other machines on that same sub-network aren't forced to log in.

    I pushed this testing even further and found that when I enable Pass-through MAC automatic additions, it is actually adding the MAC of the sub-network's router, not the MAC of the individual machine. Is there a way around this?

  • @jerwiles:

    I pushed this testing even further and found that when I enable Pass-through MAC automatic additions, it is actually adding the MAC of the sub-network's router, not the MAC of the individual machine. Is there a way around this?

    No you cannot use MAC addresses across network boundaries.

  • I didn't think so…  :-\  I knew that was the case with other routers, didn't know if pfSense was able to bypass those boundaries or not.

  • So I ended up using pfSense 1.2.3… user self registration via the php script above works beautifully. Too bad I couldn't get this working on 2.0. Since deployment I have run into some other issues in pfSense 1.2.3 that 2.0 would fix.

Log in to reply