Installing PFSense Captive Portal With Block Mac Address

Without realizing it, we may often come across captive portals, namely special pages for logging in that users must go through before connecting to a WiFi network. Airports, coffee shops, and hotels are the most popular places to find them, but all types of businesses can benefit from using Captive portals. This is an elegant solution to improve security and marketing.

Most internet owners who are frequently visited by people or as places where many people gather carry out Captive portal authentication before giving visitors limited access to the wider internet or network resources. Usually Captive portals do not allow internet access via open wifi unless we have entered Login data into a web-based form. Until this form is completed, the user is classed as a 'captive'. Hence the name Captive portal.

Of course, one of the main functions of Captive portals is to ensure access is restricted to authorized users only. But it also plays an important role in collecting data, which can be used to create more meaningful user profiles, which in turn can inform future marketing plans.

Captive portals are special login pages that users must navigate before connecting to a public (or free) Wi-Fi network. Once users are authenticated, they must be validated against a database of authorized users before they can access the network. This allows businesses to show users the terms of service for using a Wi-Fi hotspot. They must agree to the terms to access the hotspot.

Some Captive portals ask for a username and password. A business may provide passwords to verified customers, for example, when paying for its products or services (e.g., a room, a cup of coffee, a meal, etc.). This gives a business control over who uses its Wi-Fi hotspot. The terms of service page (which is basically a list of the dos and don'ts of using the network) also protects them from potential legal liability.

In this article we will learn how to create a Captive portal with the PFsense Router. Because there are many login methods or techniques that can be applied to the PFSense Captive portal, we will limit the discussion in this article to restrictions on logging in using the Mac address for mobile phone, computer or laptop users.


1. PFSense Captive Portal Installation

So that the PFSense Captive portal can run optimally, PFSense DNS should be set to DNS Forwarder or DNS Resolver mode. In this article we will not discuss how to setup a DNS Forwarder or DNS Resolver, we will focus on the topic of discussing creating a Captive portal.

The first step in creating a Captive portal with a PFSense Router is that we have to log in to PFSense to be able to access the configuration. Below is the PFSense Firewall Router Login display.


After successfully logging in and we have entered the main PFSense Dashboard page, type the Service menu and continue by clicking the Captive Portal menu.


You will be directed to the Captive portal menu or dashboard. To start creating a Captive portal, try looking at the bottom right of your monitor screen for a button that says "+ Add". Click the button to create a Captive portal. You will be directed to the "Services / Captive Portal / Add Zone" menu. Fill in the blank column according to the name you want.


After clicking the "Save & Continue" button you are asked to activate the Captive Portal that you created earlier. You have to click the "Enable" menu, so the following image will appear.


In this menu settings, you leave everything "default" except for the "Interfaces" option. You select the "interfaces" or Landcard that corresponds to the Interfaces on the FPSense Router. Because in this article, we only use 2 interfaces, the one that must be activated is the LANWIFI interface. Interfaces LANWIFI is the name for the Landcard that is connected to our internet users, while Interfaces "WANINDIHOME" is a Landcard that comes from the Public Internet, in this case we use INDIHOME internet.


2. Activate Captive Portal Block Mac Address

Because we will use a Mac Address to authenticate Login to our internet network, in the image above you click on the "MACs" menu, so it will appear as in the following image.


Then we click the "+Add" button to enter the Mac Address of the devices of the people who will use our Internet network. When we are finished click the "+Add" button.

Well, in this menu, as seen in the image above, you can enter the Mac Address of everyone who wants to connect to our internet network. In the image above there is an "Action" option which consists of the "Pass" and "Block" options.


You can apply the "Pass" and "Block" options to users who use our internet and users who no longer use our internet. Try looking at the picture below.



At this point, the creation of the Captive Portal on the PFSense Firewall Router has been completed and you can use your Captive Portal system for your internet users. However, in the technique above we have to do it manually to activate "Pass" and deactivate "Block" for every user who uses our internet.

This article is only a basic technique for creating a Captive portal. You can develop the technique above or combine it with the Freeradius application so that users who use our internet network can set their usage time and every user who uses our internet network can be automatically inactive.
Iwan Setiawan

I Like Adventure: Mahameru Mount, Rinjani Mount I Like Writer FreeBSD

Post a Comment

Previous Post Next Post