Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    WDS bridging with captive portal and freeradius

    Scheduled Pinned Locked Moved Wireless
    2 Posts 1 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Ashfaq
      last edited by

      Hi,
      I have pfSense box with ver-2.1.3-RELEASE-(amd64). using captive portal with FreeRadius server.  on the LAN side a basic AccessPoint is connected with open access so anyone can connect and reach the captive portal page. each connecting device(MAC) is authenticated based on a userid/password combination.  the system can be used in the following two manner:

      (a) each device/MAC connects to portal, provides the userid/password and use the Internet. simple. each of them gets a different IP, and 1mbps connection.
      (b) a combination of an AP(in client-mode) connected to a Router on WAN-side and then multiple devices/MACs are connected to the LAN-side of router.  so the MAC of router's WAN-interface is considered as a single client in pfSense captive-portal+RADIUS and gets an IP and 1mbps connection.  and so multiple clients on the router's LAN-side share the 1mbps connection.

      now the problem.  recently i tried using a basic router (TP-Link TP-WR740N to be exact) to extend the signal of my AP.  this router has an option of WDS-bridging.  so the tp-link router connects with the primary AP (with open-access) and also creates its own SSID on its LAN-side for multiple clients to access it.  at first this seems to the case as in (b) described above.  but when clients connect through this router each clients get its own IP and 1mbps connection, but the MAC in calling-station-id in RADIUS access-request packet is the same (the MAC of tp-link WAN-interface).  so as a result, with only one userid/password multiple clients can get their own 1mbps and IP-address. the captive portal prompts each client for userid/password but allows them to get pass through it using the same credentials since the MAC been presented to RADIUS is same.

      two questions arise from this behaviour:

      1. why doesn't pfSense see the router as a single client? since the MAC is same and if that MAC already has a valid session in portal why each client is presented with a captive-portal page for credentials.
      2. if each client is considered separately then why does pfSense present the same MAC in calling-station-id for each RADIUS access-request packet ??

      Regards
      Ashfaq

      1 Reply Last reply Reply Quote 0
      • A
        Ashfaq
        last edited by

        am not sure if this behavior is a bug or its normal, the way it should be with WDS bridging.
        should i be posting it in bug repository ?

        Ashfaq

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.