Captive portal, to capture only select users



  • Hi guys,

    First time poster and newish user of pfsense 2.1.5. loving the simplicity of the package so far, but having some issues with captive portal.

    The situation:-

    I'm trying to set up a small ISP for a holiday apartment complex. Some people live here permanently, others are move temporary visitors.

    I'd like my clients to be able to access the internet seamlessly, without any click through pages
    Unless that is their paid time is up, in which case i want them to be redirected to a webpage with some text explaining that they have used all their paid time and some contact details to be able to arrange further payment.

    What i'm trying to do.

    basically i'd like captive portal to grab some users, but not others. hopefully based on their assigned antenna IP address.

    (clients access through a wireless antenna that functions bascially like a router, i've already configured pfsense to restrict bandwidth based on the ip of the clients antennas, a setting they have no access to.)

    Ideally i'd like to be able to remote into the clients antenna, change the IP and have all their traffic then redirected to the captive portal page.

    I've tried,

    setting up a new interface (opt1) connecting it to the same network as the lan interface, configuring captive portal on the OPt1 interface and then manually changing the default gateway of a test antenna to point to the ip of opt1 instead of LAN. this just fails to access any web pages, but when i disable the captive portal it works just fine.

    It seems like the captive portal IS stopping the traffic from the selected IP's BUT is NOT forwarding them to the Splash page. they just get a connection error.

    I dont want to enable DHCP on OPT1 as i use it on LAN and they are both on the same network.

    I've read that this is most likely a problem with the way DNS is set up. Also its entirely possible that having two interfaces on the same network is just a fail to begin with.

    Any help would be greatly appreciated!

    Thanks in advance :)



  • Hi,

    I would setup a separate network (VLAN and IP) with a dedicated SSID.
    Just add this network to your pfSense and enable the Captive portal on this network.

    More complex and not so secure:
    Add the captive portal to your default network and install FreeRADIUS. Then all all MAC address that should NOT see the Portal.


  • Netgate

    You really should present a diagram.  Just put a couple CPE units on it to represent them all.  I can't really tell what you're talking about Re: LAN and OPT1.