[pfSense Support] captive portal

Wed, 25 Aug 2010 04:19:45 -0700 

Hi,
I'm running a few (6 at the moment) pfsense 1.2.3-RELEASE boxes on a rather large scale wireless network, as border routers and firewalls between the internet uplinks and the rest of the network. (network background info: +600 subnets, +150 router nodes, 6 internet uplinks, about 1000 unique mac-address clients per 24h, www.wirelessbelgie.be , non-profit organisation running on volunteers ) 


The traffic shaper is active on the pfsense boxes to allow different 
internet speeds to different subnets on the network.
I'm currently using very large alias lists to manage the +600 private 
subnets in the traffic shaper.



We are currently looking at switching to a captive portal + traffic 
shaper + freeradius, so we can set speeds based on user/pass combination 
in stead of IP subnet.
Tests are successful up till now, and we are going to switch this into 
production pretty soon.


However, I have one problem:

The network contains a lot of 'dumb' devices (ipcams, sound encoders, 
serial2ip, ...) which also need internet access, but have no clue on how 
to log in to the captive portal.



I cannot use mac-authentication with the captive portal and the radius 
server because there are routers in between the pfsense boxes and the 
devices.



From what I see now the only way to allow these devices access to the 
internet is to add them to the "Allowed IP" list in the captive portal.
But managing this list seperately on every box would be a lot of work. I 
would prefer to use an alias containing all my allowed ip's which I can 
then update through the "fetch alias list from url" package.




First Question: Is there any way to use aliases in the captive "Allowed 
IP" list, or to automate managing this list in any way ? (maybe some 
radius attribute I don't know about?)



Second question: Are the devices in the "allowed list" allowed to pass 
through the captive portal right away, or do they need to open an HTTP 
connection first to 'trigger' the captive portal logic ?



Third Question: I'm currently running 1.2.3 but switching to 2.0 would 
be possible, if this would help me in this situation. What would you 
guys recommend for this situation, 1.2.3 or 2.0 ?


Thanks!

Regards,

Hans

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org























					Reply via email to