Edgerouter Lite and PFsense as captive portal

  • Hi all,

    I am looking to build a setup using an ERL as my main router. From there i will go into a switch and branch out to my local network.  I would like to add a PFsense box to the network and have that do my captive portal for my Wi-Fi. In order for the Captive portal to work it needs to get dhcp from the pfsense box.

    Do i just double nat?  I would prefer not to double nat.

    Wan–> ERL eth0 --> eth1-->switch -->local network
                                                          -->PFsense captive portal-->WiFi

  • LAYER 8 Global Moderator

    There is talk of pfsense running on the ERL at some point.  Why do you think for captive portal dhcp has to come from pfsense?

    What is your wifi AP?  Why would you not just use ERL as your captive portal and connect your AP off its 3rd interface?

  • the ERL doesnt have captive portal.  I have the router in place, but just need to setup a captive portal for my Wi-Fi.

  • LAYER 8 Global Moderator

    What are you using for AP?  IF you were using unifi then the controller would have the captive portal.  But you can't you just install coova chilli on it?


  • I am not using Unifi.  I would prefer to run a separate box for captive portal.  I have read that i need to disable NAT on the PFSense box and make my ERL route to my pfsense box.  I'm just looking on how to do that.

  • Hello kabrutus,

    I really know what you mean, but it is in some cases better to stay and work with
    one brand, but there are also options to do so likes you want, you must consider
    what you want to do and what is the right thing for you.

    But there fore I personally wan to change the order of the routing devices
    such the ERL and the pfSense.

    Case 1:
    pfSense at first to connect to the WAN (modem) and the behind this for separating the
    entire private LAN through a router cascade and ERL with installed FreeRadius Server on it
    Then the pfSense CP can be used to guests for Internet only access and the Radius Server
    on the ERL behind this for only your devices and your private LAN

    Case 2:
    ERL with radius Server for the private LAN and the aplliance with pfSense will be wiped
    and sorted back with CentOS and the UBNT UniFi WLAN Controller Software!

    Case 3:
    ERL at first and pfSense at second and then disabling the NAT function on the pfSense
    and then let the pfSense only acting as a Captive Portal device in the background.

    Other cases could be going also but they are not matching nearly like the told above ones.

    • Turn off NAT at the pfSense
    • Create automatic matching NAT rules

Log in to reply