Access Point Instructions for OPNsense

This page describes the necessary configuration of the OPNsense firewall with RADIUS authentication using the Captive Portal.

IronWiFi Console Configuration

  1. Log into the IronWiFi console or register for free
  2. Create a new network
  3. After that, create a new captive portal, with vendor OPNsense
  4. Click on Auth_page, rename downloaded file to index.html and create a zip archive containing this file

Access Point Configuration

Log in to the OPNsense administration console and navigate to Systems -> Access -> Servers.

  1. Click on the Add button and configure with:
  • Descriptive name - radius1 (or whatever you wish)
  • Type - Radius
  • Hostname or IP address - get this value from the IronWiFi console
  • Shared Secret - get this value from the IronWiFi console
  • Services offered - Authentication and Accounting
  • Authentication port value - get this value from the IronWiFi console
  • Accounting port value - get this value from the IronWiFi console
  • Authentication Timeout - 3
  1. Navigate to Services -> Captive Portal -> Administration and switch to the Templates tab. Click the + button, enter a Template name, and upload the zip archive.
  2. Switch to the Zones tab and click the + button to create a new zone. Configure with:
  • Interfaces - LAN
  • Authenticate using - radius1
  • Allowed addresses -

To prevent SSL warnings, select a hostname for your firewall, create a valid SSL certificate, and upload it to the firewall.

Review your firewall settings to make sure access to the internet is allowed.

! You must also install a valid SSL certificate on your controller/AP, in order to avoid authentication issues !