<nav type="pills" justified="false">
  * [[:user_manuals|Back to Documentation]]
  * [[:technical:pf-intro|Introduction to pfSense]]
</nav>

-----

====== Introduction to pfSense ======
  *  We will configure the Captive Portal available in pfSense to integrate with RADIUSdesk and use RADIUS for authentication.
  * To do this, we will start with the simplest possible configuration, which we will build on later.

===== Our setup =====
  * As already mentioned, we have a very simple pfSense VM that acts as a router.
  * There is a WAN port that is connected to the network with internet access.
  * There is a LAN port where we want to activate the captive portal.
<alert type="success">
To access pfSense via the WAN port, you can temporarily disable the firewall with the following command
<code sh>
#Disable packet filter 
pfctl -d
# Enable packet filter 
pfctl -e
</code> 
</alert>
  * Here you  can find instructions on how to permanently open HTTP access to the WAN port: https://www.vdtutorials.com/enabling-pfsense-2-5-2-administration-via-the-wan-interface/
  * You will probably also need to add a similar rule for HTTPS.


===== System -> User Manager =====
  * pfSense groups  the configuration of LDAP and RADIUS servers under User Manager.
  * You can specify multiple RADIUS servers under the **Authentication Servers** applet.
  * We add our RADIUSdesk server here and select the **PAP** protocol.
<panel type="primary">
{{:technical:pf:pf_um_radius.png|}} 
</panel>
  * Now everything is ready for the configuration of the captive portal.
<panel type="primary">
{{:technical:pf:pf_um_radius1.png|}} 
</panel>

===== Add Captive Portal =====
  * Go to the **Services** -> **Captive Portal** menu entry.
  * Select **Add** to add a new zone.
<panel type="primary">
{{:technical:pf:pf_captive_add.png|}} 
</panel>