Airport Express Guest Network and pfSense

UPDATE: See my additional comments at the end regarding problems with Captive Portal!

I put an Airport Express device on my network this weekend, and was toying around with the Guest network that is available. It didn’t work–turns out your supposed to have an Airport device be the main router in your network to get this working; something about the DHCP being managed by an apple router for it to work.

I was able to find a way to get the Guest network working using pfSense, which is what I use for my main router/firewall.

This blog post by Steve Keiser has great steps on how to get this working with an Airport Express (on bridge mode), and pfSense.

AirPort Extreme guest network with pfSense

The post is nearly two years old (as of the time of this post), but the info is still relevant–check it out, it was a total lifesaver for me. Previous to finding this, I found other write-ups that didn’t work. They seemed to leave out the all important step (at the end) of setting up outbound NAT rules.

One thing I found to help is found in the first comment (only one at the time of this post). I found what they said to be true and helpful.

Anyway, hope that helps.

UPDATE. I have a captive portal on my LAN, and in order to get the Guest network able to hit the internet, I had to put the Guest DHCP Range into the “Allowed IP Addresses” in the Captive Portal admin area. Without doing that, devices on the Guest network could not hit the internet.