{"id":19325,"date":"2022-05-26T11:22:44","date_gmt":"2022-05-26T09:22:44","guid":{"rendered":"http:\/\/www.firewallhardware.it\/pfsense-2-4-x-configurazione-captive-portal\/"},"modified":"2022-05-26T12:43:04","modified_gmt":"2022-05-26T10:43:04","slug":"pfsense-captive-portal-configuration","status":"publish","type":"post","link":"https:\/\/blog.miniserver.it\/en\/pfsense\/pfsense-captive-portal-configuration\/","title":{"rendered":"pfSense: Captive Portal Configuration"},"content":{"rendered":"

The purpose of this guide is to allow access to the Internet through the PFSense Captive Portal<\/strong> service. This system allows access to navigation by entering authorized users or by entering a temporary configurable vaucher (usage time, allowed speed, …)<\/p>\n

Hardware and software environment used<\/h3>\n

Tested hardware: We performed the configuration on a single hardware system as, in fact, the configuration can be replicated on any device compatible with the pfSense<\/strong> system. However, we recommend not using a lower power system than the system used in our tests.<\/p>\n

Tested Corporate Firewall:<\/strong>
\nThe entire Compact Small UTM<\/a><\/u> line
\nAll the Small UTM<\/a><\/u> line<\/p>\n

The software used<\/strong> on the appliance is pfSense\u00ae<\/strong> version 2.4.4-RELEASE-p3<\/strong><\/p>\n

Configuration<\/h3>\n

First we need to identify one or more network cards on which the Captive Portal<\/strong> will be controlled, these can be normal LAN or VLan. Let’s take an example on VLAN.<\/p>\n

Create a VLAN from the “Interface<\/strong>-> assignement<\/strong>->Vlan<\/strong>” menu then add<\/strong><\/p>\n

\"Captive<\/p>\n

Configure it on the desired interface, in this example we create the VLan 25 on the LAN interface (igb1)<\/p>\n

\"Captive<\/p>\n

Then we add an interface with the VLAN just created, from the tab “Interface assignement<\/strong>” select in the drop down menu of “avaible network port<\/strong>” the newly created VLan then click on “Add<\/strong>” as shown in fig below.<\/p>\n

\"Captive<\/p>\n

An interface with the initial name “OPT<\/strong>” will be created. Click on it to enable and configure it<\/p>\n

Below an example<\/p>\n

\"Captive<\/p>\n

Configure DHCP from Services<\/strong>->DHCP Server<\/strong><\/p>\n

\"Captive<\/p>\n

So, in our example, select the tab of the newly added tab and configure DHCP as you wish<\/p>\n

\"Captive<\/p>\n

We create and enable the captive portal from the Service<\/strong>->Captive portal<\/strong> menu, click on “Add<\/strong>”<\/p>\n

\"Captive<\/p>\n

Then we enable the service by giving it a name, so we click on Save & continue<\/strong><\/p>\n

\"Captive<\/p>\n

The page will appear as below, we enable the service<\/p>\n

\"Captive<\/p>\n

At this point we select the network or networks on which to enable the captive portal<\/strong>. In our example we will select VLAN25<\/strong><\/p>\n

\"Captive<\/p>\n

Further down the page we select the type of authentication, in our example we will use local users at the firewall.<\/p>\n

\"Captive<\/p>\n

From the Vouchers tab we create all the vouchers we want with the “Add<\/strong>” button<\/p>\n

\"Captive<\/p>\n

Then we select the complexity of the voucher with Roll#<\/strong><\/p>\n

The minutes of connections allowed with the use of these vouchers<\/p>\n

And with count how many vouchers to generate<\/p>\n

\"Captive<\/p>\n

Once saved, we can export the vouchers by clicking on the “X<\/strong>” icon<\/p>\n

\"\"<\/p>\n

An example of an exported file<\/p>\n

\"Captive<\/p>\n

If from VLan25 we try to connect using the pfsense<\/strong> as gateway, this will send us back to the Captive Portal<\/strong> page; asking us to authenticate a local user or enter a voucher<\/p>\n

\"Captive<\/p>\n

If we go to the active user tab we will see the active vouchers<\/p>\n

\"Captive<\/p>\n

With possibility to see detailed information as in the figure below<\/p>\n

\"Captive<\/p>\n","protected":false},"excerpt":{"rendered":"

Il Captive Portal di pfSense ii permettere di accedere alla navigazione tramite inserimento di utenti autorizzati oppure con l\u2019inserimento di un vaucher temporaneo configurabile (tempo di utilizzo, velocit\u00e0 consentita,\u2026).<\/p>\n","protected":false},"author":11,"featured_media":25347,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[124],"tags":[199,138],"class_list":["post-19325","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-pfsense","tag-firewall-en","tag-pfsense-en"],"_links":{"self":[{"href":"https:\/\/blog.miniserver.it\/en\/wp-json\/wp\/v2\/posts\/19325","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.miniserver.it\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.miniserver.it\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.miniserver.it\/en\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.miniserver.it\/en\/wp-json\/wp\/v2\/comments?post=19325"}],"version-history":[{"count":6,"href":"https:\/\/blog.miniserver.it\/en\/wp-json\/wp\/v2\/posts\/19325\/revisions"}],"predecessor-version":[{"id":25346,"href":"https:\/\/blog.miniserver.it\/en\/wp-json\/wp\/v2\/posts\/19325\/revisions\/25346"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.miniserver.it\/en\/wp-json\/wp\/v2\/media\/25347"}],"wp:attachment":[{"href":"https:\/\/blog.miniserver.it\/en\/wp-json\/wp\/v2\/media?parent=19325"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.miniserver.it\/en\/wp-json\/wp\/v2\/categories?post=19325"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.miniserver.it\/en\/wp-json\/wp\/v2\/tags?post=19325"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}