----- ====== Introduction to pfSense ====== * We will configure the Captive Portal available in pfSense to integrate with RADIUSdesk and use RADIUS for authentication. * To do this, we will start with the simplest possible configuration, which we will build on later. ===== Our setup ===== * As already mentioned, we have a very simple pfSense VM that acts as a router. * There is a WAN port that is connected to the network with internet access. * There is a LAN port where we want to activate the captive portal. To access pfSense via the WAN port, you can temporarily disable the firewall with the following command #Disable packet filter pfctl -d # Enable packet filter pfctl -e * Here you can find instructions on how to permanently open HTTP access to the WAN port: https://www.vdtutorials.com/enabling-pfsense-2-5-2-administration-via-the-wan-interface/ * You will probably also need to add a similar rule for HTTPS. ===== System -> User Manager ===== * pfSense groups the configuration of LDAP and RADIUS servers under User Manager. * You can specify multiple RADIUS servers under the **Authentication Servers** applet. * We add our RADIUSdesk server here and select the **PAP** protocol. {{:technical:pf:pf_um_radius.png|}} * Now everything is ready for the configuration of the captive portal. {{:technical:pf:pf_um_radius1.png|}} ===== Add Captive Portal ===== * Go to the **Services** -> **Captive Portal** menu entry. * Select **Add** to add a new zone. {{:technical:pf:pf_captive_add.png|}}