Access Point Instructions for OPNsense
This page describes the necessary configuration of the OPNsense firewall with RADIUS authentication using the Captive Portal.
IronWiFi Console Configuration
- Log into the IronWiFi console or register for free
- Create a new network
- After that, create a new captive portal, with vendor OPNsense
- Click on Auth_page, rename downloaded file to index.html and create a zip archive containing this file
Access Point Configuration
Log in to the OPNsense administration console and navigate to Systems -> Access -> Servers.
- Click on the Add button and configure with:
- Descriptive name - radius1 (or whatever you wish)
- Type - Radius
- Hostname or IP address - get this value from the IronWiFi console
- Shared Secret - get this value from the IronWiFi console
- Services offered - Authentication and Accounting
- Authentication port value - get this value from the IronWiFi console
- Accounting port value - get this value from the IronWiFi console
- Authentication Timeout - 3
- Navigate to Services -> Captive Portal -> Administration and switch to the Templates tab. Click the + button, enter a Template name, and upload the zip archive.
- Switch to the Zones tab and click the + button to create a new zone. Configure with:
- Interfaces - LAN
- Authenticate using - radius1
- Allowed addresses - 188.8.131.52
To prevent SSL warnings, select a hostname for your firewall, create a valid SSL certificate, and upload it to the firewall.
Review your firewall settings to make sure access to the internet is allowed.
! You must also install a valid SSL certificate on your controller/AP, in order to avoid authentication issues !