WireGuard VPN - OpenID Connect - Captive Portal

Started by paulo.pereira, January 12, 2026, 10:53:20 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 12, 2026, 10:53:20 PM Last Edit: January 13, 2026, 11:00:16 AM by paulo.pereira
Hi,

We have bought a DEC4280 firewall to replace our current Cisco one.
We have configured WireGuard as our VPN with OpenID Connect as authentication on Captive Portal.
We have Unbound DNS disabled, we have internal DNS server.

The issue we have is that, in order to the Captive Portal to redirect to the right Microsoft Endpoints (ex. login.microsoft.com) I have to put the Microsoft Endpoints ip's addresses to the Captive Portal field "Allowed addresses", and this is unfeasible because of the many ip's that Microsoft uses.

We have tried to "Disable firewall rules" on the Portal and create them manually according to the Opnsense Docs on the Wireguard Interface, but with no luck.

Any help with this will be appreciated, thanks!


Best Regards,

Paulo Pereira


January 14, 2026, 01:31:06 PM #1
Anyone that can help us with this?
At least can anyone tell me if the ability to put firewall aliases on the Captive Portal "Allowed Addresses" will be possible?


Thank you.

Paulo Pereira
January 14, 2026, 01:41:35 PM #2
Troubleshooting this could involve checking the current firewall ruleset (policy and NAT), routes, aliases, wireguard configuration and more.

When disabling firewall rules for a captive portal zone, all needed configuration should work on the interface receiving the traffic (in your case the wireguard interface). Allowing microsoft endpoints could then be done via a json alias for example: https://docs.opnsense.org/manual/aliases.html#url-table-in-json-format-ips

If you need professional help with such a setup, we also offer business support:
https://shop.opnsense.com/product-categorie/support/
Hardware:
DEC740
January 15, 2026, 10:24:52 AM #3
Hi Cedrik,

Thank you for your resposnse. We will acquire then a business support subscription.

Best Regards,

Paulo Pereira

January 15, 2026, 10:53:03 AM #4
Hello Paulo,

thank you for understanding. This is a highly specific configuration, the functionality in the business edition to use OIDC is rather new. I do not think community wise there can be done much here.

See you in business support :)

~Cedrik
Hardware:
DEC740
Print
Go Up Pages1
User actions