Use pfsense as a wifi captive portal



  • Hi,

    I'd like to use pfsense as a wifi captive portal: authorised users may connect to it via an external access point and go to internet

    Therefore I have installed it with two nics: one on the WLAN network, say 192.168.2.x and one on the LAN network, say 192.168.1.x.

    WLAN network has an access point (192.168.2.253) that handles Wi-fi connection, LAN has internet connection, i.e. there is a firewall and a router to internet.
    What I'd like to do is assign a daily ticket to a user, so this user connects to wifi, is forced to authenticate, and only after that is allowed to use internet, i.e. I have to allow some sort of routing (I think) between 192.168.2 and 192.168.1.254 (the internet firewall on LAN).

    My question is: how can I do that? Is it correct to do that? Can you point me to a correct solution???

    Thanks



  • The routing stuff seems straightforward:
    The WLAN side is your pfSense LAN 192.168.2.0/24
    Your LAN is the pfSense WAN 192.168.1.0/24
    On the pfSense WAN you could:
    a) specify a WAN interface IP that is not used in 192.168.1.0/24 - e.g. 192.168.1.253/24 - and set the WAN gateway to 192.168.1.254 and DNS server to whatever; or
    b) use DHCP on WAN and your real internet firewall at 192.168.1.254 can give you an IP, gateway and DNS.
    If you can modify your real internet gateway to add a route back to 192.168.2.0/24 then you can turn off NAT on the pfSense - no need to end up with "double NAT" if you don't have to.



  • It works.

    Thanks!!! :)


Locked