We can set up Captive Portal with FreeRADIUS in pfSense. Read the article to know more. At Bobcares, with our pfSense Support Services, we can handle your pfSense issues.

pfSense Captive Portal & FreeRadius

pfSense is a well-known open-source firewall as well as router distribution built on FreeBSD. It also has many functions and features, such as an integrated captive portal and authentication integration with FreeRADIUS.

With the help of a feature called the Captive Portal, users can no longer access the internet without first authenticating as it reroutes them to a login page. In contrast, FreeRADIUS is a popular open-source RADIUS server that offers network access accounting, authorization, and centralised authentication.

For the integration, we can use the following steps:

1. As we install and set up pfSense on the hardware or VM, make sure the LAN interface links with the network on which the Captive Portal will be operational.

2. Go to “Services” > “Captive Portal” in the pfSense web interface, then activate the Captive Portal. Assign the proper values to the RADIUS server, authentication method (in this case, RADIUS), and other settings as required.

3. Depending on the needs, install FreeRADIUS on a different server or the same pfSense machine. Installing FreeRADIUS on a different system can improve performance and scalability. Set up FreeRADIUS in order to authenticate users using the user database of their choice.

4. Enter the hostname or IP address of the FreeRADIUS server and the shared secret that pfSense and FreeRADIUS use for communication in the pfSense Captive Portal settings. The shared secret and the one set up in FreeRADIUS must match.

5. Add the pfSense machine as a RADIUS client in the FreeRADIUS configuration, making sure to enter the shared secret that corresponds to the one set up in pfSense. This procedure guarantees that pfSense’s RADIUS requests can be accepted by FreeRADIUS.

6. We have the option to alter the Captive Portal login page’s appearance in order to fit the company’s needs or branding.

7. Connecting a device to the network and trying to access the internet is one way to test the Captive Portal. After the device successfully authenticates, it should be sent to the Captive Portal login page and given access to the internet.

8. Make sure the proper firewall rules are on pfSense so that RADIUS traffic between the FreeRADIUS server and pfSense (UDP port 1812/1813) can flow.

9. It might be necessary to set up SSL certificates on both the FreeRADIUS server and pfSense if we intend to use HTTPS for the Captive Portal login screen. Sensitive user credentials must be protected during authentication by appropriately securing the communication.

[Looking for a solution to another query? We are just a click away.]

Conclusion

There are several configurations and factors to take into account when setting up a captive portal with RADIUS authentication. Prior to putting the setup into action, make sure we understand RADIUS, networking concepts, and pfSense administration.