How to Configure Captive Portal on OPNsense?
The captive portal is a network security solution that automates the control and management of user access to public and private networks. Captive portals are commonly used for guest access management in open access networks, which are found in hotels, hospitals, airports, restaurants, and corporate networks. When the captive portal is enabled, access to the Internet is restricted unless the user provides personal information such as e-mail, name, and Social Security number, or authentication via a voucher via a web-based registration form completed in a web browser.
OPNsense is a HardenedBSD-based firewall and routing platform. It is open source, easy to use, and easy to build. Most of the capabilities in pricey commercial firewalls are provided by OPNsense, plus many more. It provides a vast range of commercial products with the advantages of open and reliable sources. One of the benefits of the OPNsense is that it allows network administrators to configure a Captive Portal easily for providing Internet access to their clients in a secure way. OPNsense not only allows you to deploy a Captive Portal to provide free Internet access to your guests or employees, but it also protects them from cyber attacks with the help of the Sensei (ZENARMOR) plugin's next generation firewall capabilities.
We will cover the following topics briefly in this Captive Portal Configuration on OPNsense tutorial.
- Captive Portal Setup on OPNsense
- Captive Portal Configuration on OPNsense
- Using Custom Template for OPNsense Captive Portal
- Limiting Internet Bandwidth Usage on Guest Network
- Managing the Voucher System
- Viewing Captive Portal Sessions on OPNsense
- What are the Benefits of Configuring the OPNSense Captive Portal?
- How Does Captive Portal Work in OPNSense?
Captive Portal Setup on OPNsenseโ
As a best practice, to provide your organization's guest free Internet access you should implement network segmentation in your infrastructure by isolating the guest network from private LAN. And then, you can deploy a captive portal to let the guests access the Internet.
In this tutorial, we will enable and configure a captive portal for a guest network on OPNsense 21.7.2 with at least three network interfaces/zones:
You may set up the Captive Portal on your OPNsense firewall by following the 4 steps easily.
Step 1 - Interface Configurationโ
You can create a new interface for the Guest Network by following the instructions given below.
- Navigate to
Interfaces
โAssignments
on OPNsense Web UI - Enter a descriptive name for the interface, such as GUESTNET, in the
Description
field - Press the
+
button to add a new interface.
Figure 1. Interface assignment for GuestNetwork on OPNsense
- Click
Save
. The new interface will be calledGUESTNET
.
Figure 2. Saving newly created interfaces on OPNsense
- Click on
GUESTNET
in the interfaces list to change its settings. - Select
Enable Interface
. - You may select the
Block bogon networks
option. - Select
Static IPv4
asIPv4 Configuration Type
Figure 3. Enabling GuestNet interface on OPNsense
- Set Static IPv4 address such as
172.16.10.1
with netmask24
. - Select
Auto detect
forIPv4 Upstream Gateway
Figure 4. Setting IP address on GuestNet interface on OPNsense
- Click
Save
and thenApply changes
.
Figure 5. Applying changes
Step 2 - DHCP Server Configurationโ
You can configure a DHCP server for the Guest Network by following the instructions given below.
- Navigate to
Services
โDHCPv4
โ[GUESTNET]
. - Enable the DHCP server on the GUESTNET interface
- Set DHCP pool range, such as from
172.16.10.100
to172.16.10.200
. - You may set
DNS server
. - Set
Gateway IP address
, such as172.16.10.1
(OPNsense GuestNet interface IP) - You may leave other options as
default
. - Click
Save
Figure 6. DHCP configuration on OPNsense
Step 3 - Defining the Firewall Rulesโ
You should define the following rules in the given order after navigating Firewall
โ Rules
Allow Accessing DNS Serviceโ
Define a rule to Allow the internal DNS server(s), by following the instructions below.
Option | Value |
---|---|
Action | Pass |
Interface | GUESTNET |
Protocol | TCP/UDP |
Source | GUESTNET net |
Source Port | any |
Destination | GUESTNET address |
Destination Port | DNS (53) |
Category | GuestNet Rules |
Description | Allow DNS |
Figure 7. Allow DNS Rule-1
Select
Pass
for the allowed rule.Select
TCP/UDP
for theProtocol
.Select the
Interface
asGUESTNET
.Select the source as
GUESTNET net
. This captures all traffic on the GUESTNET interface bound for the specified destination.Select the
destination
asGUESTNET address
.Select
DNS
predefined port alias for thedestination port
.Set
GuestNet Rules
forCategory
.Set
Allow DNS
forDescription
.Click
Save
Figure 8. Allow DNS Rule-2
Allow Captive Portal Loginโ
Define a rule to allow the guest to access the Captive Portal, by following the instructions below.
Option | Value |
---|---|
Action | Pass |
Interface | GUESTNET |
Protocol | TCP |
Source | GUESTNET net |
Source Port | any |
Destination | GUESTNET address |
Destination Port | 8000/10000 |
Category | GuestNet Rules |
Description | Allow Captive Portal Login |
Figure 9. Allow Captive Portal firewall rule on OPNsense-1
Select
Pass
for the allowed rule.Select
TCP
for theProtocol
.Select the Interface
GUESTNET
.Select the source
GUESTNET net
. This captures all traffic on the GUESTNET interface bound for the specified destination.Select the destination as
GUESTNET address
.Select
Other
and set from:8000
and to:10000
for the destination port range.Set
GuestNet Rules
for Category.Set
Allow Captive Portal Login
for DescriptionClick
Save
Figure 10. Allow Captive Portal firewall rule on OPNsense-2
Block LAN Accessโ
Define a rule to block the guest to access the corporate LAN, by following the instructions below.
Option | Value |
---|---|
Action | Block |
Interface | GUESTNET |
Protocol | any |
Source | GUESTNET net |
Source Port | any |
Destination | LAN net |
Category | GuestNet Rules |
Description | Block LAN Access |
Figure 11. Blocking LAN access from GuestNet on OPNsense-1
Select
Block
for the deny rule.Select
any
for theProtocol
.Select the Interface
GUESTNET
.Select the source
GUESTNET net
.Select the destination as
LAN net
.Set
GuestNet Rules
for Category.Set Block LAN Access for Description
Click
Save
Figure 12. Blocking LAN access from GuestNet on OPNsense-2
Block Firewall Accessโ
Define a rule to block the guest to access the Firewall, by following the instructions below.
Option | Value |
---|---|
Action | Block |
Interface | GUESTNET |
Protocol | any |
Source | GUESTNET net |
Source Port | any |
Destination | GUESTNET address |
Category | GuestNet Rules |
Description | Block LAN Access |
Figure 13. Blocking Firewall access from GuestNet on OPNsense-1
Select
Block
for the deny rule.Select
any
for theProtocol
.Select the Interface
GUESTNET
.Select the source
GUESTNET net
.Select the destination as
GUESTNET address
.Set
GuestNet Rules
for Category.Set Block Firewall Access for Description
Click
Save
Figure 14. Blocking Firewall access from GuestNet on OPNsense-2
Allow Guest Accessโ
Define a rule to allow the guests to access the Internet, by following the instructions below.
Option | Value |
---|---|
Action | Pass |
Interface | GUESTNET |
Protocol | any |
Source | GUESTNET net |
Source Port | any |
Destination | any |
Destination port range | any |
Category | GuestNet Rules |
Description | Allow Guest Network |
Figure 15. Allow Guest Network to access the Internet on OPNsense-1
Select
Pass
for the allow rule.Select
any
for theProtocol
.Select the Interface
GUESTNET
.Select the source
GUESTNET net
.Select the source port
any
.Select the destination as
any
.Select the destination port range as
any
.Set
GuestNet Rules
for Category.Set Allow Guest Network for Description
Click
Save
Figure 16. Allow Guest Network to access the Internet on OPNsense-2
You may need to reorder the newly created firewall rules for the GUESTNET interface. The rule list should be similar to the figure given below. Then, you must click Apply changes
to activate the rules.
Figure 17. Firewall rules for GuestNet on OPNsense
Step 4 - Captive Portal Creationโ
You can create a Captive Portal for the Guest Network by following the instructions given below.
- Navigate to
Services
โCaptive Portal
โAdministration
.
Figure 18. Creating Captive Portal on OPNsense
- Press the
+
in the lower right corner of the form to add a new Zone.
Figure 19. Setting Zone for Captive Portal on OPNsense-1
- Enable the zone.
- Set
Interfaces
asGUESTNET
. (Unselect the LAN) - You may Set
Authenticate using
as blank for no authentication needed.. (Remove any default setting) - Set
Idle timeout
to 0. - Set
Hard timeout
to 0. - Uncheck
Concurrent user logins
so that a user may only login once. - You may select Web GUI TLS certificate for HTTPS or leave SSL certificate as
none
to use plain HTTP. - You may leave
Custom template
asnone
to use the default template. - Enter a description of the zone such as Guest Network in the Description field.
- You may leave other options as default.
- Click
Save
. - Click
Apply
.
Figure 20. Setting Zone for Captive Portal on OPNsense-2
Captive Portal installation on OPNsense is completed and ready to use.
Figure 21. Guest Network Captive Portal is created on OPNsense Firewall
Accessing the Internet From the Guest Networkโ
When you connect your device to the guest network and open your favorite browser, you will be redirected to the captive portal splash page similar to figure below. Since we did not configure any authentication method in our example above, you can start to surf by clicking on the Sign in
button without any authentication.
Figure 22. OPNsense Captive Portal default Splash Page without any authentication
info
OPNsense Captive Portal supports a variety of authentication methods, such as local, LDAP. Radius, Vouchers, or multiple of them. It is strongly recommended to use at least one of the authentication methods on Captive Portal. In this tutorial, you can find information about configuring the OPNsense Voucher system in the following section.
Verification of the Captive Portal Firewall Rulesโ
If you can access the Internet from the guest network, it means that related firewall rules which allow the GUESTNET to access the Internet and DNS server are working. You may test the blocking rules which deny access to the firewall and LAN from the GUESTNET. To verify these Captive Portal firewall rules, you can run the following command from a device connected to the guest network. If your ping requests are timeout for both firewall and LAN access, your firewall rules are correct and work properly.
- Try to ping to the firewall GuestNet address
ping 172.16.10.1
Pinging 172.16.10.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
- Try to ping to a device on LAN or the firewall LAN address
ping 10.10.10.1
Pinging 10.10.10.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Captive Portal Configuration on OPNsenseโ
You may also optionally configure the Captive Portal by following the instructions given below.
Using Custom Template for OPNsense Captive Portalโ
One of the most powerful features of OPNsense's Captive Portal solution is the template feature, which is also very simple to use.
To make a custom landing page, you may follow the steps given below.
- Navigate to the
Services
โCaptive Portal
โTemplates
tab. - Click on the download icon in the lower right corner to download the default template.
Figure 23. Downloading Captive Portal default template on OPNsense
- Unzip the downloaded template file.
Figure 24. Unzip default template file
- Open the
index.html
file with your favorite editor. - Change the default logo(default-logo.png) to your logo file name such as company-logo.png
- Remove the navigation bar on the top
- Remove the height and width from the
< img >
tag - Include a welcome message.
- Include a link to your company's website.
- Find the following snippet
<header class="page-head">
<nav class="navbar navbar-default" >
<div class="container-fluid">
<div class="navbar-header">
<a class="navbar-brand" href="#">
<img class="brand-logo" src="images/default-logo.png" height="30" width="150">
</a>
</div>
</div>
</nav>
</header>
- change the above snippet to the similar snippet given below. Don't forget to replace the related fields with your own
<header class="page-head">
<div align="center">
<a href="#">
<img class="brand-logo" src="images/company-logo.png">
</a>
<h1>Welcome to Sunny Valley Networks Guest Network.</h1>
<h2>Please feel free to use the guest network for professional purposes.</h2>
<h3>See our website for more details: <a href="https://www.sunnyvalley.io">Sunny Valley Networks</a></h3>
</div>
</header>
- Copy the company logo(company-logo.png) to the image(images) directory.
- zip the template directory.
- upload the newly created template zip file by pressing the
+
on the Template tab. - Enter a
Template Name
, for example, MyCompany. - Click the
Upload
icon.
Figure 25. Uploading new Captive Portal template on OPNsense
- To enable the new Captive Portal template on the GUESTNET interface just click on
Apply
.
Figure 26. Applying new template on Captive Portal
To enable the newly uploaded template you can follow the next steps given below.
- Navigate to the
Services
โCaptive Portal
โZones
tab. - Select the
Guest Network
by clicking on the pencil icon right next to it.
Figure 27. Editing Guest Network Captive Portal
- Change
Custom template
field fromnone
toMyCompany
.
Figure 28. Setting captive portal template on OPNsense
- Click
Save
and thenApply
to apply the new settings.
Now you can test your new captive portal template by opening a browser. Splash page should look similar to the page given below.
Figure 29. Customized captive portal login page on OPNsense
Limiting Internet Bandwidth Usage on Guest Networkโ
Captive portal can be used in conjunction with the traffic shaper to fully utilize its shaping capabilities.
You can limit the Internet bandwidth usage on the guest network by following the steps given below. For this example, we will allow maximum 10 Mbps download and 1 Mbps upload bandwidth for the visitors Internet access. This bandwidth will be shared among all connected guests.
Creating Pipes for Download and Upload Bandwidth Limitationsโ
You may add pipes for Download and Upload Bandwidth Limitations by following the next steps given below.
- Navigate to
Firewall
โShaper
โPipes
.
Figure 30. Creating Traffic Shaper Pipe on OPNsense
- Click the
+
in the lower right corner of the form to create a pipe for the Download - Enable it by clicking the checkbox.
- Set bandwidth to
10
. - Set bandwidth Metric to
Mbit/s
- Set mask to
Destination
to let each client use 10 Mbps download bandwidth. - Enter a description such as
10Mbps_download
- Click
Save
.
Figure 31. Creating a pipe for 10 Mbps download bandwidth limitation
- Click the + in the lower right corner of the form to add another pipe for the upload traffic.
- Enable it by clicking the checkbox.
- Set bandwidth to
1
. - Set bandwidth Metric to
Mbit/s
- Set mask to
Destination
- Enter a description such as
1Mbps_upload
- Click
Save
.
Figure 32. Creating a pipe for 1 Mbps upload bandwidth limitation
- Click
Apply
to apply the changes.
Creating the Traffic Shaper Rules for Download and Upload Bandwidth Limitationsโ
You may follow the instructions given below to create the traffic shaper rules for Download and Upload Bandwidth Limitations on the guest network.
- Click on the tab Rules to Create the traffic shaper rules.
Figure 33. Creating the traffic shaper rules on OPNsense
Figure 34. Creating traffic shaper rule for download-1
- Click the
+
icon. - Toggle the advanced mode on the upper left corner of the form.
- Set interface to
WAN
- Set interface 2 to
GUESTNET
- Set direction to
in
- Set target to
10Mbps_download
- Set description to
Limit Guests download to 10 Mbps
. - Leave other settings as defaults.
- Click
Save
.
Figure 35. Creating traffic shaper rule for download-2
Figure 36. Creating traffic shaper rule for upload-1
- Click the
+
icon. - Toggle the advanced mode on the upper left corner of the form.
- Set interface to
WAN
- Set interface 2 to
GUESTNET
- Set direction to
out
- Set target to
1Mbps_upload
- Set description to
Limit Guests upload to 1 Mbps
- Leave other settings as defaults.
- Click
Save
.
Figure 37. Creating traffic shaper rule for upload-2
- Click on
Apply
to apply the changes.
Figure 38. Applying traffic shaper rules on OPNsense
Verifying the Bandwidth Limit on Guest Networkโ
To test the traffic shaping policies to limit the bandwidth on Guest Network, follow the instructions given below.
- Connect your device to the Guest Network
- Open your favorite browser.
- Enter an address to browse to and you will be presented with the Login form.
- Click on Sign in.
- Go to a speed test site such as
https://www.speedtest.net
to test your traffic shaper. After the test is completed, your results should be similar to this:
Figure 39. Bandwidth limitation test results after applying traffic shaping on guest network
You may also compare bandwidth speed test results before applying the traffic shaping.
Figure 40. Comparison of speed test results for download(before and after traffic shaping)
Figure 41. Comparison of speed test results for upload(before and after traffic shaping)
Managing the Voucher Systemโ
OPNsense's Captive Portal provides a simple voucher creation system that is especially useful for Hotel Networks. You may manage your voucher system on the OPNsense firewall by following the steps below.
Adding a Voucher Serverโ
To add a Voucher Server you can follow the next steps.
- Navigate to
System
โAccess
โServers
Figure 42. Adding access server on OPNsense
- Click on
+
button in the top right corner of the screen to add a server. - Enter Descriptive name, such as
Vouchers
name of the voucher server - Set Type to
Voucher
. - You may leave other options as default or set as you wish.
- Click on
Save
.
Figure 43. Adding a Voucher Server on OPNsense
Creating Vouchersโ
To create vouchers for your guest network you can follow the next steps.
- Navigate to
Services
โCaptive Portal
โVouchers
. - Click on
Create Vouchers
in the lower right corner of the form.
Figure 44. Creating vouchers for the captive portal on OPNsense
- Select the Validity duration such as
1 day
.
Figure 45. Setting Vouchers Validity duration on OPNsense
- Select the
Expiration time
as you wish.
Figure 46. Setting voucher expiration on OPNsense
- Select the number of Vouchers to generate, such as
10
.
Figure 47. Setting the number of vouchers to generate on OPNsense
- Set a Groupname such as
Wi-Fi daily pass
.
Figure 48. Setting the name of vouchers group to generate on OPNsense
- Click on
Generate
.
Figure 49. Vouchers CSV file generation
A file will be generated called Wi-Fi daily pass.csv
.
note
Vouchers' passwords are not kept on the OPNsense firewall for security reasons.
The content is:
Field | Description |
---|---|
username | The username that the guest must use to log in |
password | The password that the guest must use to log in |
vouchergroup | The name of the group |
validity | The time the voucher will be valid in seconds |
Enabling Voucher Authenticationโ
To enable the voucher authentication on the OPNsense firewall, you may follow the next steps given below.
- Navigate to the
Services
โCaptive Portal
โZones
tab. - Select the
Guest Network
by clicking on the pencil icon right next to it.
Figure 50. Editing Guest Network Captive Portal
- Change
Authenticate using
from an empty field toVouchers
.
Figure 51. Setting captive portal authentication using Vouchers
- Click
Save changes
andApply
to apply the new settings.
Checking the Voucher Statusโ
To check the validity and active status of a voucher, navigate to Services
โ Captive Portal
โ Vouchers
. And select the correct database, such as Wi-Fi daily pass
in our example.
Figure 52. Viewing the Vouchers Status on OPNsense
Viewing Captive Portal Sessions on OPNsenseโ
To check the active sessions navigate to Services
โ Captive Portal
โ Sessions
on OPNsense Web UI. And then, select the proper zone from the selection box at the upper right corner.
Current session looks like this:
Figure 53. Checking the active captive portal sessions on OPNsense
tip
To drop an active session you may click on the trash icon.
Figure 54. Dropping an active Captive Portal session on OPNsense
OPNsense provides a very powerful CLI that is especially useful for debugging. And, you may also use the CLI to get a list of all active sessions' statuses.
Type the following command on the OPNsense command line to see the active sessions on zone id 0
:
[email protected]:~ # configctl captiveportal list_clients 0
sessionid username ip_address mac_address total_bytes idletime totaltime acc_session_timeout
ivN8tfSozem614bkXzeZXQ== Q$)49ZHm 172.16.10.100 8c:16:45:6d:76:28 2086815 2 240 86400
What are the Benefits of Configuring the OPNSense Captive Portal?โ
The main advantages of the OPNsense Captive Portal are explained below.
Securityโ
The implementation of a captive portal can help you keep your business in accordance with regulatory standards and good practices in providing Internet access to users via hotspots.
A captive portal typically displays terms of service to the user, which they must accept before using the company's Wi-Fi hotspot. Administrators often do this to ensure that their own users take responsibility for their acts and that they are not held legally liable. Property owners can protect themselves from legal liability by requiring their users to agree to a Terms of Service (ToS) page before getting access to the network via a Captive Portal. The Captive Portal operates by "redirecting" any Web request to a specific page until the user clicks I Agree to the Terms of Service. As a result, regardless of what URL your browser asks, the Captive Portal page will appear first when you start a Web browser. The captive portal may, in some situations, need a password. This type of safeguard protects you from legal liability in the event of illegal or otherwise harmful online behavior, while similar security features safeguard company assets.
Bandwidth Managementโ
Some users always misuse Internet services, for instance by remaining online many hours a day, accessing multiple times a day, or even connecting to them over several terminals. And depending on the sort of activity performed on your connection, it might also occupy a bandwidth.
The Captive Portal provides a number of measures for ensuring sufficient access to all users: connection time can be controlled, the number of terminals per user, bandwidth use.
You can regulate your bandwidth using a captive portal and create configurable time limitations as far as each user can stay connected to your network.
User-based Web Filtering and Application Controlโ
Sensei (ZENARMOR) allows you to define user-based policies for content filtering and application control. Therefore, you can not only provide your clients free Internet access but also protect them against cyberthreats, such as malwares, phishing, etc.
Marketingโ
In commercial terms, captive portals offer an ideal chance for seamless marketing๏ฟฝthat makes it possible for users to become involved during their internet experience at a vital time and is a powerful medium for a wide variety of business demands. To fill in a survey, watch a sponsored ad or highlight current promotions, you may use a captive portal.
This means that the provider of this service can display or send ads to people connecting to the Wi-Fi connection. This type of service is frequently called "social WiFi" because it can prompt you to log in to a social network account. These social wireless Internet portals have been prevalent over the last several years with several companies offering marketing focusing on Wi-Fi data collection.
How Does Captive Portal Work in OPNSense?โ
OPNsense provides a Captive Portal to force clients who request network access to authenticate or redirect them to a click-through page. This solution is generally used on hotspot networks, but it is also broadly used in enterprise networks to provide an extra layer of security for Internet or wireless access.
OPNsense Captive Portal has the following features.
- Category-based Web Filtering: By combining the Captive Portal and the caching proxy, you may use category web filtering and block specific content for users, as well as reduce Internet bandwidth usage and improve response times by enabling the cache.
- User-based NGFW Policy Management: Sensei (ZENARMOR) OPNsense next-generation firewall plugin supports the integration with OPNsense Captive Portal. This feature allows you to define user-based policies for web content filtering and application control.
- Timeouts & Welcome Back: Connections can be terminated after a set amount of time (idle timeout) and/or forced to disconnect after a set number of minutes, even if the user is still active (hard timeout). If a user reconnects within the idle and/or hard timeouts, no login is required, and the user's active session can be resumed.
- Bandwidth Management: OPNsense firewall has a traffic-shaping feature. Its built-in traffic shaper can be used to do the following:
- Priority can be given to protocol port numbers and/or IP addresses.
- Distribute bandwidth evenly.
- Portal Bypass: You can use the whitelisting option to allow some IP addresses or MAC addresses to bypass the portal.
- Template Management: The unique template manager in OPNsense makes creating your own login page effortless. At the same time, it provides additional features such as:
- Option for creating your own Pop-up
- URL redirection: After authenticating or clicking through the captive portal, users can be forcibly redirected to the specified URL.
- Start page customization
- Zone Management: Different zones may be configured on each interface, or multiple interfaces may share a single zone configuration. Each zone can use its own unique Captive Portal Template or share one with another.
- Authentication: OPNsense Captive Portal provides HTTPS-secured authentication or a splash-only portal with URL redirection to a specific page. To authenticate a user in a zone, the following sources can be used:
- Local user manager
- Vouchers / Tickets
- Radius
- LDAP [Microsoft Active Directory]
- No authentication (Splash Page Only)
- Multiple (a combination of the preceding)
- Voucher Manager: OPNsense's Captive Portal includes a simple voucher creation system that exports vouchers to a `CSV file for use with your preferred application. The export allows you to print vouchers by combining them with your LibreOffice or Microsoft Word template, resulting in a professional-looking handout that includes your company logo and style.
- Platform Integration: The captive portal application can be integrated with other services using the integrated REST API.
- Real-Time Reporting: OPNsense Captive Portal has basic real-time reporting capabilities, such as:
- Active Sessions
- Time left on Vouchers
- Top IP Bandwidth usage(Live Graph)
Why Need a Captive Portal in OPNSense?โ
It is becoming increasingly popular for public and private locations to provide users with free Internet access, delivering convenience, connecting organizations and people, and serving a variety of objectives. However, certain formalities must be observed for providing an Internet connection. Free Internet access should be provided in public and private spaces following a variety of safety standards to minimize the usage of harmful people for illegal activities. Captive Portal is one of the most common security solutions for this problem.
Typical applications of Captive Portal on OPNsense are listed below.
- Camping & Hotel Wi-Fi
- Bring Your Own Device (BYOD)
- Guest Network
- Wifi Internet access in public areas, such as cafes
Companies generally offer their visitors internet access and show them a landing page with a welcome message and some guidelines and network access policies. At the same time, it is critical to ensure that visitors cannot access the private LAN and exhaust the Internet bandwidth.
Hotels and RV parks typically use a captive portal to provide guests with limited Internet access. Guests must log in using a voucher that can be purchased or obtained for free at the reception desk. OPNsense includes voucher support and can quickly generate them on the fly.
Hackers today steals information in one of the easiest ways by acting as a lawful wireless network. When one of your clients logs into the fake network, the hacker has a simple way to gather their information. If your company is a coffee shop or a hospital that provides your clients or patients with free Wi-Fi in the waiting area, your network should thus be identified correctly with your end customers so that they do not log in to any potential falsification. OPNsense captive portal is one of the best solutions to protect your customers from being a victim of a cybercrime.