Use PFSense for captive portal only



  • My current configuration as below

    LAN –-- PFsense ---- Internet

    I need to implement something like this

    LAN ---- PFSense ---- Router --- Internet

    I got little understanding about the network, my job is to implement captive portal (with radius). The network guys wanna implement as above so the router can act as DHCP server + web cache (dunno what software). My part is pfsense part which will do captive portal function.

    Can Anyone give Idea what I should do. They said, the LAN client will get the IP (local) from the router. I seems I need something like bridging? Do Captive portal works in this setup?



  • Bridging doesn't work for captive portal. Just connect the pfSense with it's wan interface to the lan of that router. at the lan of the pfsense choose a subnet that doesn't conflict with the lan subnet of the router. Make sure your clients behind the pfSense use the dnsforwarder of the pfsense as dns server. Enable captive portal and that's it (unless your pfsense lan subnet conflicts with the router's lan subnet it's just turning on the captive portal at lan while keeping the factory default config).



  • Thanks for the reply Hoba. Let's me try to digest you info. Let's said the router will provide the following IP for a LAN client (for example only)

    Router
    NAT ON
    LAN IP 10.10.1.1
    DHCP serving 10.10.10.1-10.10.254.254 mask 255.255.0.0
    DHCP serve DNS server as pfsense IP right? 10.10.1.2

    PFSense
    WAN to Router LAN port
    WAN use static IP 10.10.1.2 mask 255.255.0.0 gateway (need?) 10.10.1.1
    DHCP OFF
    anything else here?
    Do I need to setup DHCP forwarder?

    anything else? Will test when I get to the labs but hopefully to get any additional info here.



  • Yes, the gateway at the pfSense wan s needed. Are all clients behind the pfSense? You should use the pfSense as dhcp server for the clients behind it. makes things a bit easier.



  • Wifi clients will be behind pfsense. They already got another server for  router + web cache (squid? not so sure), they only need captive portal function for wifi client.


Locked