OPNsense
OPNsense open-source firewalls authenticate WiFi and wired-guest users through their built-in captive portal against IronWiFi cloud RADIUS (PAP/MSCHAPv2), with the IronWiFi splash page delivered as the external portal URL. Configuration is done under Services > Captive Portal, where you add IronWiFi as the RADIUS authentication server and enable the zone.
Prerequisites
In IronWiFi Console (complete these first):
- Create a Network in IronWiFi Console
- Create a Captive Portal with the appropriate vendor
- Note your RADIUS settings and Splash Page URL
In OPNsense:
- Administrative access to OPNsense device
- Network connectivity to IronWiFi RADIUS servers
Device Configuration
RADIUS Settings
Configure your device with:
| Setting | Value |
|---|---|
| Primary Server | |
| Auth Port | |
| Acct Port | |
| Shared Secret | |
Captive Portal
- Enable external captive portal
- Set splash page URL from IronWiFi
- Configure walled garden to include
107.178.250.42
Walled Garden
Add these entries for pre-authentication access:
Required for IronWiFi:
- (IronWiFi splash page)
107.178.250.42 - DNS servers
Authentication Provider Domains:
If using social login providers, add the following domains to your walled garden:
| Provider | Required Entries |
|---|---|
| |
| |
| |
| |
| Microsoft | |
WPA-Enterprise
For 802.1X authentication:
- Set security to WPA2-Enterprise
- Configure RADIUS server details
- Test with a known user
Troubleshooting
| Issue | Possible Cause | Solution |
|---|---|---|
| Portal not appearing | Walled garden misconfigured | Check walled garden includes |
| Authentication failing | RADIUS settings incorrect | Verify RADIUS IP, ports, and shared secret match IronWiFi Console |
| No internet after auth | Firewall or VLAN issue | Check firewall rules and VLAN settings |
Getting Help
For device-specific questions:
- Check manufacturer documentation
- Contact IronWiFi support at support@ironwifi.com
Related Topics
Shared configuration
Was this page helpful?