[Solved] Captive Portal Thru Lan -> Wireless AP

ghinthsh

Hi All,

I am new to PFSense 2.3 and working out my pfsensebox project for about 1 month now,

*Squid3
*Squidguard
*fw rule bandwidth limiter

i plan to setup Captive Portal.

my current setup is:

ISP1 –---> WAN1 (Public IP)     
                                            PFSense ----> LAN (192.168.0.1/24) ---> Switch ---> Clients
ISP2 -----> WAN2 (Public IP)

i want my setup to be like this:

ISP1 ---> WAN1 (Public IP)                                                                                ---> Clients
                                            PFSense ---> LAN (192.168.0.1/23)  ---> Switch
ISP2 -=-> WAN2 (Public IP)                                                                                ---> Wireless Router for Captive Portal

My LAN DHCP config

192.168.0.2 - 192.168.0.254 = static clients (pc + portable devices etc)
available range: 192.168.1.2 - 192.168.1.254 for captive portal

Is this setup possible or do i need another interface?

thanks.

benpal

Hello ghinthsh,

I believe you need another interface so that your static clients will not be captured by your captive portal.
Or, you can manually add allowed IP addresses in the Services>Captive Portal>YourZone>Allowed IP Addreses.

Hope it helps…

ghinthsh

you're right benpal.

i tried it a while ago, even the client is registered in dhcp it forces to cp authentication page.

thanks.

Gertjan

@ghinthsh:

i tried it a while ago, even the client is registered in dhcp it forces to cp authentication page.

@benpal wasn't talking about adding known client to the DHCP server (which you should do also).
This is what he said:
@benpal:

Services>Captive Portal>YourZone>Allowed IP Addreses

Afterwards, clients with these IP's are NOT taken to the captive login page, they will have access right away.

Btw :  if possible, run the Captive portal on a dedicated interface. Makes live easier … Captive Portal doesn't really belong on the LAN interface.

ghinthsh

i @Gertjan:

@ghinthsh:

i tried it a while ago, even the client is registered in dhcp it forces to cp authentication page.

@benpal wasn't talking about adding known client to the DHCP server (which you should do also).
This is what he said:
@benpal:

Services>Captive Portal>YourZone>Allowed IP Addreses

Afterwards, clients with these IP's are NOT taken to the captive login page, they will have access right away.

Btw :  if possible, run the Captive portal on a dedicated interface. Makes live easier … Captive Portal doesn't really belong on the LAN interface.

its clear to me now thanks :)