OPNsense Forum

English Forums => General Discussion => Topic started by: unixabg on August 04, 2017, 09:08:09 pm

Title: Captive Portal two LAN subnets, how to capture just one?
Post by: unixabg on August 04, 2017, 09:08:09 pm

Greetings,

I am somewhat of a newbie with OPNSense and I am running the below:

OPNsense 17.7-amd64
FreeBSD 11.0-RELEASE-p11
OpenSSL 1.0.2l 25 May 2017

with two network cards so WAN and LAN. I have two subnets that need to to be available for the  LAN  of 172.16.0.1/16 and 172.17.0.1/24.  I looked for a way to create a virtual adapter to isolate the 172.17.0.1/24, but only found Firewall/Virtual IP's to add the second subnet of 172.17.0.1/24 to LAN. I have created the captive portal with interface LAN and on allowed addresses I put 172.16.0.1/16. So I would think that the captive portal should only capture (splashed for authentication) 172.17.0.1/24, however it is still capturing the 172.16.0.1/16 address subnet.

Thanks in advance for any ideas.

Title: Re: Captive Portal two LAN subnets, how to capture just one?
Post by: unixabg on August 06, 2017, 06:53:09 pm

Greetings,

I am going to reply to my own questions since I at this point do not understand what is wrong. Should someone know how to solve the original question please do not hesitate to share.

As for my solution to the problem, well I just  added another physical adapter to the system. Assigned the guest network range to the new adapter and followed the steps in the documentation. I am happy to say everything is working perfect.

Title: Re: Captive Portal two LAN subnets, how to capture just one?
Post by: franco on August 07, 2017, 07:08:52 am

Hi there,

I think that was the right choice if you want to separate a network using a captive portal it should run on a separate, dedicated network port or at least a VLAN if you need to share the port.

Otherwise, there is no guarantee someone won't be able to sidestep authentication by pretending to be from the other unauthenticated network.


Cheers,
Franco