How to configure Captive Portal on PFSense Firewall 

Great video, been in the IT business for the past 20 years, really enjoy your videos!!!!

Holy shit dude! Thank you so much for this! I am wanting to set up a captive portal for a shared internet connection with some renters I have rented rooms in the house next door. This is exactly the demonstration of the configuration I was looking for. Looks like it will be time to start dusting off the old HTML skills. My intention is to have links that go right to an FTP server that will have the whole backlog of receipts for each tenant and to also have major house announcements and such right there on the portal page. This is just perfect. I only wish you had shown what happens when you don't have your own legit cert. I will have to get one, though. VERY interesting video and I appreciate it very much!

To clarify, you're getting the untrusted certificate warning because the captive portal is decrypting the connection. When a client makes a TLS connection request to www.google.com, for example, it expects the server to return its (trusted) certificate with "www.google.com" in the subject and/or subjectAltName fields. But that isn't happening here because it's now pfSense decrypting the connection, thus sending the client a server certificate with "portal.lab.vmnerd.com". And it's doing this because it needs to decrypt the TLS session to insert an HTTP redirect to the captive portal. In other words, pfSense needs to inject an HTTP redirect, but you can't see or manage layer 7 HTTP data inside an encrypted session, so you have to decrypt it first. HSTS, or "HTTP Strict Transport Security", doesn't really have anything to do with this. HSTS tells the browser, for a given site, to always use HTTPS. If a user initially goes to www.google.com, Google will first redirect him to www.google.com, then inside that HTTPS session also send a Strict-Transport-Security header. The browser will store this information for this site, almost indefinitely, so that the next time the user opens the browser and types www.google.com, the browser will automatically switch it to www.google.com without Google having to send the HTTPS redirect.

Hi VMNerd, thank you very much for sharing your great and great video on how to set up captive portal etc. one more thing that I want to know with you is that I need first to set up the cert on my pfsense then followed by captive portal that like showed on your video, and is there any possible problem if I mix my bandwidth limit and mac filtering? hoping on your useful answer THANK YOU AND GOD BLESS

Saludos amigo y Gracias por el video, tengo una pregunta, como le coloco el tiempo restante que lleva conectado un amigo en portal cautivo, en pfsense (claves wifi pero con VOUCHERS) que les muestre, (Ejemplo: su tiempo restante es: 8minutos y 10segundos.) No encuentro solucion en los foros pfsense, Espero me ayuden, se los agradeceria inmensamente. (yo uso pfsense version 2.4.4 p3)

I wanted to set up a captive portal that shows terms of service and an agree button, no user name/password required. I also wanted to keep track of how many people connect and agree to the terms. Any advice would be awesome!

you could juest creat a group and apply the User - Services: Captive Portal login on the group insted of adding it to useres everytime and then you can add the new user to that group

I only have two interfaces. Is there a way I can program it to only send people on DHCP to the portal? I am renting our house out and want people to have to agree to a terms of service.

Do you know how can I get more than 1023 key per voucher without create too much vouchers?, I need it for a hotel with more than 1000 users per day. Thanks!!

Would it be possible for you to show us how you implemented the real certificate? I've been on a tangent with SSL providers with no luck! Thanks!

Hi. Thanks for the great video. I have a pfsense setup with only 2 NIC's WAN & Lan. Lan is configured as a proxy to use by few users. And I cannot add another NIC as my MOBO only support 2 PCI slots. Is there any way that I could set up a captive portal under the same setup.?

thank for this video but im just asking if it possible that the CA use in captive portal is the pf sense own certificate

How did you Import an existing Certificate private key? I have the cert but no idea where the private key comes from

Hey! You are using portal.lab.vmnerd.com as a domain, but what if I don't have a website? What do I have to put there? My external IP?

Congratulation for this nice video . I added www.google.com to Allowed Hostnames , but still this page is blocked . I can not access it without login to Captive Portal , any recommendations ?

I have a problem,i am trying to configure a captiveportal very similar to yours but there is a prblem,i have 2 netowrking cards (external 192.168.168.254) and internal 192.168.5.4 so once i have co figured my captive portal it doesn't makes any redirection to the login pagecan you help me please?

Hi, thanks so much for your great video. I need a help: how can I get the certificate for Captive?

Hello! VMNerd I found a probleme by installing pfSense . system prompted that CPU does not support for a long mode. what can you do 4 me?

thankyou for making this awesome video guide sir could you please guide us how to install free ssl certificate in pfsense

followed the configuration but it doesn't work in pfsense virtual machine. My traffic shapping configuration too from pfsense virtual doesn't work on a physical pfsense box. Just totally lost my interest right now.

hello , i'm unable to get the captive portal working . A little help would be appreciated . do i need to setup a dhcp server ?

Please can do video on captive portal with freeradius in pfsense? I will be glad thanks

Great video! I'm looking for information about how I could sell vouchers for a period of time and deliver Internet without contracts, do you can give me some information how to achieve this? Best regards from Chile!!

how do you make the vouchers short? Maybe 5 characters only instead of 13?

This is mi network I want to put behind : * router Router ZTE F660 *Access point TP-LINK AP500 *TP-link RE 580 repeater that extends the wifi network of the access point '' TP-LINK AP500 '' How to configure pfSens to make the captive portal operational for my entire network I want to generate access codes with a limited time for each client how can I do thank you