Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Captive Portal two LAN subnets, how to capture just one?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Captive Portal two LAN subnets, how to capture just one? (Read 3201 times)
unixabg
Newbie
Posts: 3
Karma: 5
Captive Portal two LAN subnets, how to capture just one?
«
on:
August 04, 2017, 09:08:09 pm »
Greetings,
I am somewhat of a newbie with OPNSense and I am running the below:
OPNsense 17.7-amd64
FreeBSD 11.0-RELEASE-p11
OpenSSL 1.0.2l 25 May 2017
with two network cards so WAN and LAN. I have two subnets that need to to be available for the LAN of 172.16.0.1/16 and 172.17.0.1/24. I looked for a way to create a virtual adapter to isolate the 172.17.0.1/24, but only found Firewall/Virtual IP's to add the second subnet of 172.17.0.1/24 to LAN. I have created the captive portal with interface LAN and on allowed addresses I put 172.16.0.1/16. So I would think that the captive portal should only capture (splashed for authentication) 172.17.0.1/24, however it is still capturing the 172.16.0.1/16 address subnet.
Thanks in advance for any ideas.
Logged
unixabg
Newbie
Posts: 3
Karma: 5
Re: Captive Portal two LAN subnets, how to capture just one?
«
Reply #1 on:
August 06, 2017, 06:53:09 pm »
Greetings,
I am going to reply to my own questions since I at this point do not understand what is wrong. Should someone know how to solve the original question please do not hesitate to share.
As for my solution to the problem, well I just added another physical adapter to the system. Assigned the guest network range to the new adapter and followed the steps in the documentation. I am happy to say everything is working perfect.
Logged
franco
Administrator
Hero Member
Posts: 17660
Karma: 1611
Re: Captive Portal two LAN subnets, how to capture just one?
«
Reply #2 on:
August 07, 2017, 07:08:52 am »
Hi there,
I think that was the right choice if you want to separate a network using a captive portal it should run on a separate, dedicated network port or at least a VLAN if you need to share the port.
Otherwise, there is no guarantee someone won't be able to sidestep authentication by pretending to be from the other unauthenticated network.
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Captive Portal two LAN subnets, how to capture just one?