Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Self register and radius authentication?

    Captive Portal
    2
    5
    7.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      ajmorris
      last edited by

      i want to set up the captive portal on the the opt interface and have the users either log in with their current usernames and passwords and authenticate with radius server or register as a new user and make an account on the pfsense box (not radius).  Then pfsense can check users against the radius server or local database..  can the captive portal do this?  then i want to give the raius uses access to the lan for printing and network browsing and the self registered users only access to the internet.  So basically a campus hotspot for new users and an wireless access for faculty and students with radius authentication.  does that make sense?

      1 Reply Last reply Reply Quote 0
      • A
        ajmorris
        last edited by

        i guess want i want to do set up two vlans within pfsense, one for lan access and the other just web access.  can i do this with pfsense and captive portal?
        andy

        1 Reply Last reply Reply Quote 0
        • J
          jeroen234
          last edited by

          the portal can use radius or the local data file but not both at same time
          what you can do is this
          use the portal on opt1
          give opt1 this rule
          action pass Interface opt1  protocol tcp Source any Source port range any any Destination any Destination port range htpp htpp

          this will give users on opt1 afther the portal access to only http

          then setup on the pfsense box a vpn ptpp server on interface opt1
          then set this rule for ptpp vpn clients
          action pass Interface ptpp protocol tcp Source any Source port range any any Destination any Destination port range htpp htpp
          action pass Interface ptpp  protocol any Source any Source port range any any Destination lan subnet Destination port range any any
          to give vpn clients access to the network on the lan port and htpp access to the internet

          clients on vpn don't have to go trou the portal

          note:
          the vpn server adress you set on the vpn server is not the same as that that the vpn clients conect to
          if youre opt1 ipadress is 1.2.3.4 then the vpnclients on opt1 interface will use in there vpn software 1.2.3.4 as vpn server adress
          afther the vpn tunnel is setup the clients will use the server ip u set in the vpn ptpp server setup
          the vpnserver adress and the opt1 ipadress can't be the same
          vpn server ipadress can't be in the same /28 range as the vpn clients ipadresses
          vpn server ipadress 10.141.250.254 and Remote address range 10.141.250.224 will work

          pfsense only will let u use 16 vpn clients at the same time

          1 Reply Last reply Reply Quote 0
          • A
            ajmorris
            last edited by

            Thanks for the info, i will give it a shot…
            i guess i would need an access point that can handle vlans right?  i don't want to deploy two access points at the same location.  I have seen several higher end access points that can handle multiple vlans and you can assign different ssid per vlan.

            or i can get one of these access points, set up multiple vlans and have one vlan go to radius auth and the other pass straight to internet...how does that sound?

            andy

            1 Reply Last reply Reply Quote 0
            • J
              jeroen234
              last edited by

              for what i typed you do not need vlans
              every accesspoint can do this for the access point is the data from normal clients and the vpn clients the same
              both are using opt1 but the data of the vpn users is protected in  a tunnel between the vpn server and the client and running on top of the normal opt1 ipadresses

              with this you have normal clients surfing  using the portal on interface opt1
              and the protected clients are surfing with a vpn conection to the vpn server of pfsense on opt1
              but the vpn server is also conectebol from the lan or the wan interface

              the data of normal clients on opt1 every one can read
              the data of the vpn clients on opt1 is only readebol for the vpn server an the vpn client

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.