Captive Portal

Captive Portal in pfSense® software forces users on an interface to authenticate before granting access to the Internet. Where possible, the firewall automatically presents a login web page in which the user must enter credentials such as a username/password, a voucher code, or a simple click-through agreement.

This feature is commonly used throughout the hospitality industry (Hotels, restaurants, airports, and more) as well as in corporate and even home environments. It is primarily used for wireless hot spots or for additional authentication before allowing access to internal networks from wireless clients.

Captive Portal is configured under Services > Captive Portal.

See also

Hangouts Archive to view the April 2015 Hangout on Captive Portal.


The Captive Portal implementation in pfSense does have some limitations. This section covers those, and the common ways of working around them where possible.

Does not yet support IPv6

Currently, Captive Portal does not support IPv6.

Not capable of reverse portal

A reverse portal, requiring authentication for traffic coming into a local network from the Internet, is not possible.