Question about Captive Portal

Started by Vilhonator, October 02, 2020, 04:09:01 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 02, 2020, 04:09:01 PM
Hi.

I'm working at a company providing network connection for couple of class rooms on school premises.

We have an issue with people telling Wifi password to anyone who asks and using network for pretty much anything, but study (streaming and playing games mostly), so I noted my boss about captive portal.

Now my question is, is it possible to have OpnSense on internal network and just enforce Captive Portal with traffic shaping without NAT and firewall filters among VLANs?

Basical idea is that student connects to wifi, opens browser and is forced to logon to Captive portal before he/she can use internet and internet connection, banned sites and services etc. are handled by different firewall and opnsense just shares the traffic bandwidth from internet among specific VLANs and doesn't have direct connection to internet (basically WAN and all other ethernet ports have internal IP addresses).

If so, does it require more than 1 ethernet port and what type of NICs (801.q VLAN support is one I'm sure of is required)
October 02, 2020, 04:33:52 PM #1
You can have opnsense on a private network to serve captive portal + freeradius if you wish..

There are more intuitive / admin friendly options out there though.
October 02, 2020, 06:42:43 PM #2
Quote from: littlepepper on October 02, 2020, 04:33:52 PM
You can have opnsense on a private network to serve captive portal + freeradius if you wish..

There are more intuitive / admin friendly options out there though.

Okay thanks. I don't care much about admin friendliness, because whole idea is to set it up once and then just leave it alone and add / remove new user for Captive Portal, fetch updates and create backups.

Not looking for Firewall or any protection at all, just simple Guest logs on to Wifi, opens Firefox, has to type own username and password, can access internet and in theory can't watch netflix without video pausing every minute or two in case blacklists don't work and downloading new game from steam takes 8 hours if user is lucky and there's not much traffic (talking about enviroment where there are on average 199 clients connected to network which has 100/100Mb/s connection, you can imagine IT teams frustration when they have to start updating systems and backup things to cloud when 90 kids are watching netflix and downloading games).
October 02, 2020, 06:57:19 PM #3
And yes, I would agree best solution for OpnSense point of view would be using OpnSense as gateway and firewall etc. But that is not really neccessarry, since we have a firewall and NAT and also equipement what we need to block netflix, steam, origin etc. All that is lacking is something preventing people, who have no business to use are network from gaining access, just because some student is "kind" enough to tell wifi password or teacher "forgot to clean blackboard" Not kidding, teachers LITERALLY write wifi password down on blackboard for everyone to see because sending SMS or writing it on a piece of paper which passes around students is "too difficult".

Not only that, the boards can be seen from another rooms thru a window, (those things are as long and wide as class rooms are -_-, so might as well add "COME AND RAPE OUR BANDWIDTH!!!!!!")
Print
Go Up Pages1
User actions