Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Edgerouter Lite and PFsense as captive portal

    Scheduled Pinned Locked Moved Firewalling
    6 Posts 3 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kabrutus
      last edited by

      Hi all,

      I am looking to build a setup using an ERL as my main router. From there i will go into a switch and branch out to my local network.  I would like to add a PFsense box to the network and have that do my captive portal for my Wi-Fi. In order for the Captive portal to work it needs to get dhcp from the pfsense box.

      Do i just double nat?  I would prefer not to double nat.

      Wan–> ERL eth0 --> eth1-->switch -->local network
                                                            -->PFsense captive portal-->WiFi

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        There is talk of pfsense running on the ERL at some point.  Why do you think for captive portal dhcp has to come from pfsense?

        What is your wifi AP?  Why would you not just use ERL as your captive portal and connect your AP off its 3rd interface?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • K
          kabrutus
          last edited by

          the ERL doesnt have captive portal.  I have the router in place, but just need to setup a captive portal for my Wi-Fi.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            What are you using for AP?  IF you were using unifi then the controller would have the captive portal.  But you can't you just install coova chilli on it?

            https://junipermyanmar.wordpress.com/2014/02/28/installing-coova-on-er-lite/

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            1 Reply Last reply Reply Quote 0
            • K
              kabrutus
              last edited by

              I am not using Unifi.  I would prefer to run a separate box for captive portal.  I have read that i need to disable NAT on the PFSense box and make my ERL route to my pfsense box.  I'm just looking on how to do that.

              1 Reply Last reply Reply Quote 0
              • ?
                Guest
                last edited by

                Hello kabrutus,

                I really know what you mean, but it is in some cases better to stay and work with
                one brand, but there are also options to do so likes you want, you must consider
                what you want to do and what is the right thing for you.

                But there fore I personally wan to change the order of the routing devices
                such the ERL and the pfSense.

                Case 1:
                pfSense at first to connect to the WAN (modem) and the behind this for separating the
                entire private LAN through a router cascade and ERL with installed FreeRadius Server on it
                Then the pfSense CP can be used to guests for Internet only access and the Radius Server
                on the ERL behind this for only your devices and your private LAN

                Case 2:
                ERL with radius Server for the private LAN and the aplliance with pfSense will be wiped
                and sorted back with CentOS and the UBNT UniFi WLAN Controller Software!

                Case 3:
                ERL at first and pfSense at second and then disabling the NAT function on the pfSense
                and then let the pfSense only acting as a Captive Portal device in the background.

                Other cases could be going also but they are not matching nearly like the told above ones.

                • Turn off NAT at the pfSense
                • Create automatic matching NAT rules
                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.