In this example, a business wants to provide wireless internet access to its customers, but it wants to present a page with the EULA, which the user must accept before being granted access. It also wants to segregate captive portal traffic from the rest of the network, so a separate interface must be set up first:
- To set up the guest network interface, navigate to Interfaces | Assignments. You need to have at least one interface in your pfSense system that has not yet been assigned. There are two ways you can go about creating the interface for the guest network:
- You can select the unassigned interface in the last drop-down box on the page and click on the Add button. Then follow the instructions in the section on adding interfaces in Chapter 3, Configuring pfSense. Name this interface something that will make its function easy to remember, for example, GUEST.
- You can set up your guest network as a VLAN. This has the advantage of allowing you to set up more networks later on with the same parent interface. To do so, click on the VLANs tab, and click on the Add button on that tab. Follow the instructions in the VLANs section of Chapter 3, Configuring pfSense. Make sure the unassigned interface is the parent interface. In addition, you will need hardware that is compatible with VLANs in order for this option to work. If you are setting up a wireless network, this means acquiring a wireless access point that supports VLANs.
- Once you have configured the GUEST interface, you must enable the DHCP server on it so captive portal users will have an IP address assigned to them automatically. How to enable DHCP on an interface is described in the section on Adding a DHCP server in Chapter 3, Configuring pfSense.
- Now that the preconditions for setting up a captive portal are out of the way, we can navigate to Services | Captive Portal and begin setting it up. Click on the Add button to add a new captive portal, enter a Zone name and Zone description into the appropriate fields, and click on the Save and Continue button.
- Check the Enable Captive Portal checkbox, which will cause the captive portal options to appear. In the Captive Portal Configuration section, you must at least select an interface in the Interfaces list box. In this case, you should select the interface created in step 1 (GUEST). Note that you may select more than one interface.
- You may skip past the other options in this section, as it is not necessary to set them; you should, however, at least give them a look to see which ones you might want to set in order to better manage captive portal usage. In particular, you might consider setting Idle Timeout (the amount of time users may stay idle before being disconnected) and Traffic quota (the total amount of data users can upload and download before being disconnected).
- Scroll down to the Authentication section and make sure No Authentication is selected as the authentication method.
- Scroll down to the HTML Page Contents section and add a page for Portal page contents, Auth error page contents, and Logout page contents (remember, the logout page displays upon proper authentication if the logout popup is enabled). The most important of these pages is Portal page contents. Since we are not doing any authentication, the form need only have the following fields:
- <form method="post" action="$PORTAL_ACTION$">
- <input name="redirurl" type="hidden" value="$PORTAL_REDIRURL$">
- <input name="zone" type="hidden" value="$PORTAL_ZONE$">
- There must also be an <input> tag with the type set to submit (this will be the button the user clicks on to go through the portal).
- When you are done, click on the Save button. The captive portal should now be enabled on the GUEST network.