Deciso's OPNsense Tour


Captive Portal allows you to force authentication, or redirection to a click through page for network access. This is commonly used on hot spot networks, but is also widely used in corporate networks for an additional layer of security on wireless or Internet access.


Different sources can be used to authenticate a user in a zone:
LDAP (incl. Microsoft Active Directory) [as of 16.1]
Local user manager
Vouchers [as of 16.1]
No authentication
Multiple (a combination of above) [as of 16.1]


Connection can be terminated after the user has been idle for a certain amount of time (idle timeout) and/or force a disconnect when a number of minutes have passed even if the user is still active (hard timeout).

URL redirection

Users can be forcefully redirected to the defined URL after authenticating or clicking through the captive portal.


Accounting [as of 16.1]

Support for Radius based accounting.

Traffic Shaping

Captive portal can be combined with the traffic shaper and take full advantage of its shaping features.

Zones & Multi interface

Multiple zones can be created with each their own configuration including different authenticators (such as own LDAP server). A zone can be used with one or multiple interfaces.

Pass-through MAC and IP addresses

MAC and IP addresses can be white listed to bypass the portal.

Template Manger

Setting up your own login page is simple with the integrated template manager.


Screenshot OPNsense Captive Portal

Your Next Firewall is Open Source !

OPNsense is an open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform.

OPNsense is licensed under an Open Source Initiative approved license. OPNsense is and will be available with the simple 2-clause BSD license.