[{"data":1,"prerenderedAt":725},["ShallowReactive",2],{"navigation":3,"search":103,"/plugin":594,"/plugin-surround":722},[4,12,52,71],{"title":5,"path":6,"stem":7,"children":8,"icon":11},"System Overview","/system-overview","1.system-overview/index",[9],{"title":10,"path":6,"stem":7},"WiZone Overview",false,{"title":13,"icon":11,"path":14,"stem":15,"children":16},"WiZone Portal","/wizone-portal","2.WiZone-portal",[17,20,24,28,32,36,40,44,48],{"title":18,"path":14,"stem":19},"WiZone Dashboard Overview","2.WiZone-portal/index",{"title":21,"path":22,"stem":23},"User Management","/wizone-portal/user","2.WiZone-portal/1.user",{"title":25,"path":26,"stem":27},"Online Users","/wizone-portal/online-user","2.WiZone-portal/2.online-user",{"title":29,"path":30,"stem":31},"Network Access Server (NAS)","/wizone-portal/nas","2.WiZone-portal/3.nas",{"title":33,"path":34,"stem":35},"Firewall Logs","/wizone-portal/firewall","2.WiZone-portal/4.firewall",{"title":37,"path":38,"stem":39},"Audit Logs & User History","/wizone-portal/audits","2.WiZone-portal/5.audits",{"title":41,"path":42,"stem":43},"Settings","/wizone-portal/general","2.WiZone-portal/6.general",{"title":45,"path":46,"stem":47},"Administrator Management","/wizone-portal/admin","2.WiZone-portal/7.admin",{"title":49,"path":50,"stem":51},"Reports Page","/wizone-portal/report","2.WiZone-portal/8.report",{"title":53,"icon":11,"path":54,"stem":55,"children":56},"pfSense Setup","/plugin","3.plugin",[57,59,63,67],{"title":53,"path":54,"stem":58},"3.plugin/index",{"title":60,"path":61,"stem":62},"Install Plugin + WZ Logger","/plugin/install","3.plugin/1.install",{"title":64,"path":65,"stem":66},"ACME SSL Certificate Setup","/plugin/acme","3.plugin/2.acme",{"title":68,"path":69,"stem":70},"Captive Portal Setup","/plugin/captive-portal","3.plugin/3.captive-portal",{"title":72,"path":73,"stem":74,"children":75},"Mikrotik Setup","/mikrotik-setup","4.mikrotik-setup",[76,79,83,87,91,95,99],{"title":77,"path":73,"stem":78},"MikroTik Setup","4.mikrotik-setup/index",{"title":80,"path":81,"stem":82},"Prerequisites","/mikrotik-setup/basic-network","4.mikrotik-setup/1.basic-network",{"title":84,"path":85,"stem":86},"WireGuard Tunnel","/mikrotik-setup/wireguard","4.mikrotik-setup/2.wireguard",{"title":88,"path":89,"stem":90},"Routing & Firewall","/mikrotik-setup/routing-firewall","4.mikrotik-setup/3.routing-firewall",{"title":92,"path":93,"stem":94},"HTTPS Certificate","/mikrotik-setup/https-cert","4.mikrotik-setup/4.https-cert",{"title":96,"path":97,"stem":98},"Hotspot + RADIUS","/mikrotik-setup/hotspot-radius","4.mikrotik-setup/5.hotspot-radius",{"title":100,"path":101,"stem":102},"Remote Logging","/mikrotik-setup/remote-logging","4.mikrotik-setup/6.remote-logging",[104,108,114,120,125,128,133,139,144,149,152,155,160,165,170,175,178,183,186,191,196,199,204,207,212,217,220,225,230,233,238,243,248,253,258,263,266,271,276,281,286,291,296,301,306,310,315,320,323,328,333,338,343,348,353,358,363,366,371,376,381,386,391,396,401,406,411,416,419,424,428,432,435,440,445,448,453,458,463,468,471,476,481,486,489,494,499,504,509,514,518,521,526,531,536,541,546,551,556,561,565,568,573,578,582,585,589],{"id":6,"title":10,"titles":105,"content":106,"level":107},[],"WiZone Platform is an integrated authentication and management framework that bridges local Wi-Fi access systems with centralized cloud-based services.  It is built to support secure access, user verification, real-time logging, and analytics across heterogeneous network environments such as Cisco,Mikrotik, Zyxel, Fortinet, and pfSense. WiZone transforms ordinary Wi-Fi into a secure, compliant, and effortlessly managed network — all without adding new hardware. Built for organizations that value reliability and data protection, WiZone brings enterprise-grade security, cloud intelligence, and zero-friction management together in one unified platform.",1,{"id":109,"title":110,"titles":111,"content":112,"level":113},"/system-overview#why-organizations-choose-wizone","Why Organizations Choose WiZone",[10],"AdvantageWhat It DoesWhy It MattersTrue Network SecurityEncrypts every connection using WireGuard / IPSec VPNKeeps users safe and traffic invisible to outsidersPlug & Play DeploymentWorks instantly with existing firewalls — pfSense, Mikrotik, Cisco, Fortinet, ZyxelNo new hardware. No downtime. Just results.Hybrid Cloud ControlCombines local performance with centralized cloud managementPerfect for multi-branch networks and schoolsCompliant by DesignIntegrated FreeRadius, Graylog, and Prometheus for full visibilityMeets Thailand’s Computer Crime Act and IT governance standardsOne Unified DashboardReal-time user management, usage reports, and network insightsSimplifies operations and empowers decision-makingFuture-Ready Integrationlogin via Thai ID, multilingual captive portal, scalable clustersReady for digital-first organizations",4,{"id":115,"title":116,"titles":117,"content":118,"level":119},"/system-overview#the-wizone-difference","The WiZone Difference",[10],"Other captive portals stop at authentication.WiZone goes further — creating a secure VPN bridge between your firewall and the cloud.\nEvery session is protected, every site is connected, and every admin stays in control.",2,{"id":121,"title":122,"titles":123,"content":124,"level":119},"/system-overview#built-for-real-world-networks","Built for Real-World Networks",[10],"Designed for universities, enterprises, government offices, and hospitality networksGrows with your organization through automatic load balancing and clusteringFully compliant with local data laws and privacy requirementsBrings a clean, branded login experience your users will actually trust WiZone = Security you can trust. Simplicity you can feel. Scalability you can rely on. From small campuses to nationwide networks, WiZone helps you deliver Wi-Fi that’s not just connected —  but protected, intelligent, and ready for the future.",{"id":22,"title":21,"titles":126,"content":127,"level":107},[],"Overview of the Users page in the WiZone dashboard, including account details, authentication types, and management options.",{"id":129,"title":130,"titles":131,"content":132,"level":107},"/wizone-portal/user#wizone-user-management","WiZone User Management",[],"The Users page provides administrators with a centralized view of all Wi-Fi users, their connection details, and access status. It helps manage authentication, speed limits, and device quotas with full visibility and control. ColumnDescriptionUsernameThe unique ID or name assigned to each user. Used for login or identification.LocationIndicates where the user registered or connected from (e.g., Yala, Lumphun).Created / Expire DateShows when the account was created and when it expires. Expired accounts are automatically marked as inactive.Speed LimitDefines upload and download bandwidth allocated per user.Device QuotaNumber of devices allowed to connect under the same user account.StatusDisplays current connection state — Active (online) or Expired (access disabled).Auth TypeShows the login method — PIN, MAC Addr, or User Auth.ActionsQuick tools to edit or delete a user directly from the table.",{"id":134,"title":135,"titles":136,"content":137,"level":138},"/wizone-portal/user#tips","Tips",[130],"Use the search bar to filter users by name or authentication type.Click a row to expand details such as session history and bandwidth usage.Double-click a row to edit user details instantly.",3,{"id":140,"title":141,"titles":142,"content":143,"level":107},"/wizone-portal/user#create-user","Create User",[],"The Create User form allows administrators to manually add Wi-Fi users to the WiZone platform. Each user can be assigned custom authentication types, network limits, and access durations. SectionDescriptionAuthentication TypeChoose between Username, MAC Address, or PIN Code authentication methods.NASSelect which NAS (router or access point) this user will connect through.Device QuotaSet the number of devices allowed per account (default: 1).Username / PasswordGenerate or manually input login credentials.Expired DateDefine the access duration.User StatusToggle between Active (enabled) or Inactive (disabled) states.Identity InformationOptionally fill in Thai ID, Passport, First & Last Name, Mobile Number, and Email for record keeping.Speed ControlAdjust Max Download and Max Upload speeds (10–100 Mbps or Unlimited).TimeoutsConfigure Idle Timeout (disconnect when inactive) and Session Timeout (max session duration).DescriptionAdd notes or usage remarks for internal reference.",{"id":145,"title":146,"titles":147,"content":148,"level":138},"/wizone-portal/user#example","Example",[141],"Pro Features\nFeatures labeled with the Pro tag (e.g., advanced timeouts, custom quotas) are available for Premium-tier administrators.",{"id":26,"title":25,"titles":150,"content":151,"level":107},[],"Monitor all currently active users connected to your network in real time. View session details, bandwidth usage, and connection information. ColumnDescriptionUsernameDisplays the active user’s login ID. Supports sorting for quick lookup.LocationShows which location or device the user is connected through.IP AddressIndicates the IP address assigned to the user’s current session.MAC AddressLists the physical address of the connected device for identification.Download / UploadTracks real-time data transfer during the session.Login TimeDisplays when the user session started.DurationShows how long the session has been active.ActionAllows admin to view more details or disconnect the session. Tip:\nWhen no active sessions are displayed, it means no users are currently connected to WiZone.",{"id":30,"title":29,"titles":153,"content":154,"level":107},[],"NAS page lists all connected authentication servers (pfSense or Mikrotik) registered under your organization. Administrators can monitor each device’s connection health, authentication performance, and session timeout policies.",{"id":156,"title":157,"titles":158,"content":159,"level":119},"/wizone-portal/nas#overview-table","Overview Table",[29],"ColumnDescriptionNAS NameThe name assigned to the NAS (e.g., mospan, jusemp, stroc).ModelNAS type — typically pfSense or Mikrotik.LocationSite or physical location of the installed NAS.IPShows NAS IP.BandwidthShows current upload/download capacity.PIN SettingsDefines PIN length and validity period for temporary user logins.Expire SettingsDisplays timeout configuration for users, sessions, and idle connections.StatusIndicates live connection state — Up for online, Down for offline.ActionsOptions to edit or delete the NAS configuration.",{"id":161,"title":162,"titles":163,"content":164,"level":119},"/wizone-portal/nas#create-nas","Create NAS",[29],"Click + Add NAS to register a new NAS with WiZone.",{"id":166,"title":167,"titles":168,"content":169,"level":138},"/wizone-portal/nas#_1-basic-settings","1. Basic Settings",[29,162],"NAS Name & Location – Identify where the NAS is deployed.Model Type – Choose between pfSense or Mikrotik.Bandwidth Control – Adjust Max Download/Upload Speed.Timeouts – Define Idle Timeout and Session Timeout durations.",{"id":171,"title":172,"titles":173,"content":174,"level":138},"/wizone-portal/nas#_2-captive-portal-settings","2. Captive Portal Settings",[29,162],"Authentication Method – Choose between:\nUsername & PasswordPIN Codeor Username & Password + PIN CodeDefault Authentication – Select which method is used by default.Language Tabs – Customize login messages in English and Thai.",{"id":34,"title":33,"titles":176,"content":177,"level":107},[],"The Firewall Logs page provides detailed visibility into log files collected from connected NAS (Network Access Servers), including pfSense and Mikrotik devices. It helps administrators monitor security events, and download archived logs. SectionDescriptionLocationDisplays the site or device where the log was generated (e.g., pfSense, Mikrotik, etc.).DateIndicates when the log entry was created.Size / RecordsShows file size and total record count within each log. Useful for tracking traffic volume.Expiration DateDefines how long each log file is stored before automatic deletion.StatusReflects log generation progress — No Records, Processing, or Completed.Download / DeleteAllows users to export or remove log files as needed.Test ExportA quick feature to manually export the latest logs by selecting a location and time range (e.g., last 5–30 minutes).",{"id":179,"title":180,"titles":181,"content":182,"level":138},"/wizone-portal/firewall#usage-example","Usage Example",[33],"Administrators can: Select a location and date range to view logs.Click Test Export to generate real-time exports for troubleshooting.Monitor export progress and verify completion before downloading logs.",{"id":38,"title":37,"titles":184,"content":185,"level":107},[],"WiZone keeps a complete record of system activities to help administrators track actions, user events, and security logs efficiently.",{"id":187,"title":188,"titles":189,"content":190,"level":113},"/wizone-portal/audits#audit-logs","Audit Logs",[37],"The Audit Logs section provides detailed tracking of administrative actions within the WiZone dashboard. FieldDescriptionTimeShows the exact timestamp when an action occurred.User NameIdentifies the admin or system user who performed the action.IPDisplays the IP address used to access the dashboard.OperationIndicates the performed action (e.g., Login, Logout).StatusDisplays the outcome of the operation (Success, Failed).DescriptionProvides additional details related to the activity. Use this section to: Monitor admin logins and logouts.Detect unusual access patterns or failed attempts.Verify system actions across different users.",{"id":192,"title":193,"titles":194,"content":195,"level":113},"/wizone-portal/audits#user-history","User History",[37],"The User History tab records the life cycle of end-user accounts created through NAS or hotspot systems. FieldDescriptionTimeDate and time of the recorded user event.UsernameThe user’s login name or assigned identifier.Full Name / IDDisplays user’s full name and partial ID or passport number.Mobile / EmailShows the user’s registered contact information.NASIndicates which NAS the user was registered under.Expire DateDisplays when the account will expire.ActionDescribes the event (e.g., User Created, User Deleted). Click on a User ID to view more details, including NAS registration, session data, and expiration settings.",{"id":42,"title":41,"titles":197,"content":198,"level":107},[],"Settings page allows administrators to configure company information, default network behavior, and account policies for all connected devices and users.",{"id":200,"title":201,"titles":202,"content":203,"level":113},"/wizone-portal/general#general-settings","General Settings",[41],"SectionDescriptionCompany InformationDisplays your registered company name and allows you to upload a logo for captive portal branding. Supported formats: JPG, PNG, GIF, WebP (max 5MB).Network ConfigurationDefines default network performance and timeout rules for new devices. - Bandwidth Limits: Set max upload/download speeds. - Timeouts: Configure idle and session timeouts for users. - Default Expiration: Automatically deactivate users after the set number of hours.Terms and ConditionsCreate and edit bilingual (English/Thai) Wi-Fi service terms shown to users before registration. Markdown and formatting tools are supported.API IntegrationGenerate and manage an API Key to connect the WiZone dashboard with external systems for data synchronization.",{"id":46,"title":45,"titles":205,"content":206,"level":107},[],"The Administrator tab allows the system owner or super admin to manage user roles and permissions for accessing the WiZone dashboard.",{"id":208,"title":209,"titles":210,"content":211,"level":138},"/wizone-portal/admin#overview","Overview",[45],"MetricDescriptionTotal AdminsTotal number of admin accounts registered in the system.Super AdminsHighest-level administrators with full access to all settings, devices, and users.AdminsStandard administrators who can manage users and reports but not system-wide configurations.OperatorsLimited-access users who can monitor connections or assist in customer support roles. Use the Add Administrator button to register a new management account.",{"id":213,"title":214,"titles":215,"content":216,"level":138},"/wizone-portal/admin#access-hierarchy","Access Hierarchy",[45],"RoleAccess LevelKey PermissionsSuper AdminFull......AdminHigh......OperatorBasic......",{"id":50,"title":49,"titles":218,"content":219,"level":107},[],"Reports page provides a full overview of WiZone network performance and user activity over time.",{"id":221,"title":222,"titles":223,"content":224,"level":113},"/wizone-portal/report#configuration-panel","Configuration Panel",[49],"FieldDescriptionPeriodChoose the data range (Last 7 days, 30 days, or custom).Start / EndManually set the report duration.LocationFilter reports by specific hotspot or branch.Generate Activity ReportCreates a new summary report for the selected period.",{"id":226,"title":227,"titles":228,"content":229,"level":113},"/wizone-portal/report#exporting-your-report","Exporting Your Report",[49],"To download as a PDF ypu can click Generate Activity Report.",{"id":14,"title":18,"titles":231,"content":232,"level":107},[],"Understand each section of the WiZone Dashboard and how to interpret real-time data for your connected network.",{"id":234,"title":235,"titles":236,"content":237,"level":119},"/wizone-portal#dashboard-summary-cards","Dashboard Summary Cards",[18],"The top section displays four key status cards representing high-level metrics from your WiZone deployment. CardDescriptionActive in Last 24HShows the number of users who connected to Wi-Fi or authenticated within the past 24 hours compared to yesterday’s performance.Data UsageDisplays total upload, download, and data usage for all users across all devices.New UsersTracks new users registered within the last 24 hours.Connected DevicesShows total number of devices connected.",{"id":239,"title":240,"titles":241,"content":242,"level":119},"/wizone-portal#sessions-activity","Sessions Activity",[18],"This section visualizes the number of authentication sessions and their time distribution. Displays connection peaks, session counts, and activity patterns over selectable time periods (Latest, 7 Days, 30 Days).Useful for observing connection frequency, peak hours, or downtime periods. No session data available indicates there are currently no authenticated sessions being reported to the WiZone server.",{"id":244,"title":245,"titles":246,"content":247,"level":119},"/wizone-portal#top-users-by-bandwidth","Top Users by Bandwidth",[18],"This table highlights the users or devices consuming the most bandwidth. Shows total upload/download volume for the last 24 hours.Helps identify top consumers or possible misconfigurations.Data updates automatically as users access the network.",{"id":249,"title":250,"titles":251,"content":252,"level":119},"/wizone-portal#authentication-stats","Authentication Stats",[18],"Displays overall login success rates and authentication attempts from all connected systems. MetricMeaningSuccess RatePercentage of successfully authenticated users within the selected time period.Successful / FailedTotal count of login attempts with pass/fail outcomes.Total AttemptsSum of all authentication requests received by the WiZone RADIUS or Captive Portal. Successful: Users authenticated correctly through RADIUS or portal.Failed: Login attempts rejected due to incorrect credentials or configuration errors.",{"id":254,"title":255,"titles":256,"content":257,"level":119},"/wizone-portal#key-insights-for-admins","Key Insights for Admins",[18],"Use Active Users and Data Usage to assess daily performance load.New Users helps track growth or user acquisition through portals.Session Activity helps verify uptime and connection stability.Top Bandwidth Users assists in managing fair usage policies.Authentication Stats provide real-time visibility into login issues or RADIUS server connectivity.",{"id":259,"title":260,"titles":261,"content":262,"level":119},"/wizone-portal#dashboard","Dashboard",[18],"",{"id":61,"title":60,"titles":264,"content":265,"level":107},[],"Install WiZone Plugin on pfSense via one-command install, then configure WiFi interface, DHCP, and WZ-Logger.",{"id":267,"title":268,"titles":269,"content":270,"level":138},"/plugin/install#step-1-get-install-command-from-wizone-portal","Step 1 – Get Install Command from WiZone Portal",[60],"Log in to WiZone Portal → NAS and select the target NAS.Click NAS Configuration to open the device setup panel.Copy the Install Command — it's a one-time token valid for 15 minutes. The install command expires after 15 minutes. Click Regenerate if it expires before you can run it. Download the Portal login page files now.\nOn the same page, click Download under Portal login page files. You'll need this in Stage 3 (Captive Portal setup).",{"id":272,"title":273,"titles":274,"content":275,"level":138},"/plugin/install#step-2-run-the-install-command-on-pfsense","Step 2 – Run the Install Command on pfSense",[60],"In pfSense, go to Diagnostics → Command Prompt.Paste the install command into the Execute Shell Command field.Click Execute. Do not navigate away from this page until the script finishes. The installation log will appear below — wait until you see ✓ Installation complete! before proceeding.",{"id":277,"title":278,"titles":279,"content":280,"level":138},"/plugin/install#step-3-verify-installation-output","Step 3 – Verify Installation Output",[60],"The shell will output a full installation log. Wait for ✓ Installation complete! before continuing. The installer auto-configures the following: ComponentDetailsWireGuardTunnel, peer, interface assignment, gateway, routes, firewall rulesRADIUSAuth server RAD_WiZone with IP and shared secretCore Filesapi-pfsense-lib.php, utils_captive.php, captiveportal.incWZ-LoggerLogger script and cron jobRemote SyslogSyslog forwarding to WiZone Portal",{"id":282,"title":283,"titles":284,"content":285,"level":138},"/plugin/install#step-4-check-plugin-status","Step 4 – Check Plugin Status",[60],"Go to Services → WiZone → Overview to verify the installation state. SectionStatusNotesWIREGUARD✅ ReadyAuto-configured by installerCAPTIVE PORTAL1/7Configure in Stage 3WZ-LOGGER4/10Select WIFI interface in Step 6. Will show Ready after Stage 3CORE FILES✅ ReadyAuto-installed by installer",{"id":287,"title":288,"titles":289,"content":290,"level":138},"/plugin/install#step-5-configure-wifi-interface-and-dhcp-skip-if-already-configured","Step 5 – Configure WiFi Interface and DHCP (Skip if already configured)",[60],"Skip this step if your WiFi interface and DHCP are already configured.\nA working WiFi interface must exist before you can select it in WZ-Logger (Step 6).",{"id":292,"title":293,"titles":294,"content":295,"level":113},"/plugin/install#_51-wifi-interface","5.1 – WiFi Interface",[60,288],"Go to Interfaces → your assigned WiFi interface and configure: FieldExampleEnable✅DescriptionWIFIIPv4 Configuration TypeStatic IPv4IPv4 Address10.10.252.1/24 Click Save and Apply Changes.",{"id":297,"title":298,"titles":299,"content":300,"level":113},"/plugin/install#_52-dhcp-server","5.2 – DHCP Server",[60,288],"Go to Services → DHCP Server → WIFI, enable it, and configure: FieldExampleAddress Pool Range10.10.252.10 – 10.10.252.30DNS 110.10.252.1 (WiFi interface IP)DNS 2 / 38.8.8.8 / 1.1.1.1Gateway10.10.252.1Default/Max Lease Time86400 Click Save.",{"id":302,"title":303,"titles":304,"content":305,"level":138},"/plugin/install#step-6-configure-wz-logger","Step 6 – Configure WZ-Logger",[60,288],"Go to Services → WiZone → WZ-Logger.",{"id":307,"title":201,"titles":308,"content":309,"level":113},"/plugin/install#general-settings",[60,288,303],"FieldValueEnable✅ Enable WiZone WZ-LoggerLog Server IP(auto-filled from WiZone Portal)Log Server Port5140",{"id":311,"title":312,"titles":313,"content":314,"level":113},"/plugin/install#interface-subnet-filter","Interface / Subnet Filter",[60,288,303],"Select interfaces to monitor. At minimum, enable WIFI (configured in Step 5): InterfacePurposeWANInternet uplinkLANInternal networkWIFIGuest Wi-Fi (required)WG_WIZONEWireGuard tunnel",{"id":316,"title":317,"titles":318,"content":319,"level":113},"/plugin/install#remote-syslog-settings","Remote Syslog Settings",[60,288,303],"FieldValueSend logs to remote server✅Forward firewall events✅Forward DHCP events✅Forward captive portal events✅ Click Save. After selecting the WIFI interface, WZ-LOGGER will show Ready in the WiZone Overview.",{"id":65,"title":64,"titles":321,"content":322,"level":107},[],"Issue a Let's Encrypt SSL certificate for the Captive Portal using ACME DNS-01 challenge via WiZone's DNS API.",{"id":324,"title":325,"titles":326,"content":327,"level":138},"/plugin/acme#step-1-assign-a-subdomain-in-wizone-portal","Step 1 – Assign a Subdomain in WiZone Portal",[64],"Go to WiZone Portal → NAS and select the target NAS.Click the Secure Captive Portal icon (globe icon).Fill in the following: FieldExampleNotesCaptive Portal SubdomainjohndoeResults in johndoe.wizone.ioGateway IP Address10.10.252.1IP of your WiFi interface (configured in Stage 1, Step 5.1) Click Secure Portal.",{"id":329,"title":330,"titles":331,"content":332,"level":138},"/plugin/acme#step-2-copy-acme-credentials-from-wizone-portal","Step 2 – Copy ACME Credentials from WiZone Portal",[64],"After clicking Secure Portal, the system displays the ACME credentials needed for pfSense configuration. Copy these values — you'll need them in Step 5: FieldNotesUsernameACME DNS API usernamePasswordACME DNS API passwordSubdomainDNS challenge subdomain identifierBase URLFixed value — see below WiZone handles the DNS-01 challenge automatically via its own DNS API. No manual DNS record management required.",{"id":334,"title":335,"titles":336,"content":337,"level":138},"/plugin/acme#step-3-install-acme-package-on-pfsense","Step 3 – Install ACME Package on pfSense",[64],"Go to System → Package Manager → Available Packages.Search for acme.Click + Install. Wait for the installation to complete before continuing.",{"id":339,"title":340,"titles":341,"content":342,"level":138},"/plugin/acme#step-4-create-acme-account-key","Step 4 – Create ACME Account Key",[64],"Go to Services → Acme → Account Keys.Click + Create new account key and configure: FieldValueNotesNamecaptive_keyIdentifier for this account keyACME ServerLet's Encrypt Production ACME v2Use Production for real certificatesE-Mail Addressyour@email.comReceives expiry notifications Click Create new account key to generate the private key.Click Register ACME account key to register with Let's Encrypt.Click Save. A green ✓ next to the Register button confirms successful registration.",{"id":344,"title":345,"titles":346,"content":347,"level":138},"/plugin/acme#step-5-create-certificate-with-dns-challenge","Step 5 – Create Certificate with DNS Challenge",[64],"Go to Services → Acme → Certificates.Click + Add and set the general fields: FieldValueNamecaptive_keyAccountcaptive_key (created in Step 4) Under Domain SAN list, click + Add and configure: FieldValueNotesModeEnabledDomainnamejohndoe.wizone.ioFull Captive Portal domainMethodDNS-acme-dns.ioACME DNS challengeUsername(from WiZone Portal)Copied in Step 2Password(from WiZone Portal)Copied in Step 2Subdomain(from WiZone Portal)ACME DNS identifier from Step 2 — not the same as the portal subdomainBase URLhttps://api-acme.wizone.io Click Save.",{"id":349,"title":350,"titles":351,"content":352,"level":138},"/plugin/acme#step-6-issue-certificate","Step 6 – Issue Certificate",[64],"Go to Services → Acme → Certificates.Click Issue/Renew on the captive_key certificate.Wait 1–3 minutes for issuance to complete. If issuance fails, verify:Username, Password, Subdomain, and Base URL match exactly what's shown in the PortalpfSense has internet accessThe ACME account key was registered successfully (Step 4)",{"id":354,"title":355,"titles":356,"content":357,"level":138},"/plugin/acme#step-7-add-certificate-action-auto-restart-on-renewal","Step 7 – Add Certificate Action (Auto-restart on Renewal)",[64],"Go back to Services → Acme → Certificates and open captive_key for editing. In the Actions list section, click + Add and configure: FieldValueNotesModeEnabledCommand[your zone name]Enter the Captive Portal zone name you will create in Stage 3MethodRestart Local ServiceRestarts the portal after each cert renewal Click Save. This ensures the Captive Portal service restarts automatically after each SSL renewal, preventing HTTPS errors from stale cert files.",{"id":359,"title":360,"titles":361,"content":362,"level":138},"/plugin/acme#step-8-enable-auto-renewal-cron","Step 8 – Enable Auto-renewal Cron",[64],"Go to Services → Acme → Settings and enable Cron Entry. Click Save. Let's Encrypt certificates expire every 90 days. Cron runs a daily renewal check at 3:16 AM — no manual renewal required.",{"id":69,"title":68,"titles":364,"content":365,"level":107},[],"Configure Captive Portal Zone on pfSense via WiZone Plugin with RADIUS MAC auth, HTTPS, and allowed hosts.",{"id":367,"title":368,"titles":369,"content":370,"level":138},"/plugin/captive-portal#step-1-check-captive-portal-status","Step 1 – Check Captive Portal Status",[68],"Go to Services → WiZone → Captive Portal and review each section before proceeding. SectionInitial StateAction RequiredRADIUS AuthenticationConfigured ✅NoneWiFi NetworkWIFI (em2) ✅Verify DHCP is enabledSSL Certificate → ACME PackageNot installed ⚠️Install ACME (Stage 2)SSL Certificate → HTTPS↔SANNo HTTPS server name ⚠️Set HTTPS server name in Captive PortalSSL Certificate → CertificateNo ACME/SSL cert ⚠️Issue certificate first (Stage 2)Portal ZoneZone not created ⚠️Click Create Zone",{"id":372,"title":373,"titles":374,"content":375,"level":138},"/plugin/captive-portal#step-2-create-captive-portal-zone","Step 2 – Create Captive Portal Zone",[68],"Go to Services → WiZone → Captive Portal and click + Create Zone. Enter a zone name of your choice (e.g. WiZone). The plugin auto-provisions the zone using values pulled from WiZone Portal — including RADIUS server, interface, and login page reference.",{"id":377,"title":378,"titles":379,"content":380,"level":138},"/plugin/captive-portal#step-3-configure-zone-settings","Step 3 – Configure Zone Settings",[68],"Go to Services → Captive Portal → Zone Name → Edit and set the following: FieldValueEnable Captive Portal✅Idle Timeout (Minutes)(optional)Concurrent LoginsMultipleMAC FilteringDisable (RADIUS MAC auth handles this)Custom Portal Page✅ Enable Click Save.",{"id":382,"title":383,"titles":384,"content":385,"level":138},"/plugin/captive-portal#step-4-upload-custom-login-page","Step 4 – Upload Custom Login Page",[68],"Download the portal login page files from WiZone Portal → NAS Configuration → Portal login page files (done in Stage 1, Step 1). After unzipping, use captiveportal-login.html. Upload it to both fields in the zone editor: FieldFilePortal page contentscaptiveportal-login.htmlAuth error page contentscaptiveportal-login.html Click Save. This file contains device-specific values. Do not reuse it across different NAS devices. Always download a fresh copy from the Portal for each device.",{"id":387,"title":388,"titles":389,"content":390,"level":138},"/plugin/captive-portal#step-5-authentication-tab-radius-mac","Step 5 – Authentication Tab (RADIUS MAC)",[68],"In the zone editor, open the Authentication tab and configure: FieldValueAuthentication MethodUse RADIUS MAC AuthenticationAuthentication ServerRAD_WiZoneRADIUS MAC Secretpassword (any value works — MAC auth validates by MAC address only)Login Page Fallback✅ (redirect to login page on MAC auth failure)Session Timeout✅ (enforce RADIUS Session-Timeout attribute)Traffic Quota✅ (enforce RADIUS pfSense-Max-Total-Octets)Per-User Bandwidth Restrictions✅ (enforce RADIUS upload/download limits)MAC Address FormatDefault Click Save.",{"id":392,"title":393,"titles":394,"content":395,"level":138},"/plugin/captive-portal#step-6-accounting-tab","Step 6 – Accounting Tab",[68],"In the zone editor, open the Accounting tab and configure: FieldValueSend RADIUS Accounting Packets✅Accounting ServerRAD_WiZoneSend Accounting UpdatesInterim Click Save.",{"id":397,"title":398,"titles":399,"content":400,"level":138},"/plugin/captive-portal#step-7-https-options","Step 7 – HTTPS Options",[68],"In the zone editor, open the HTTPS Options tab and configure: FieldValueNotesEnable HTTPS Login✅Encrypts credentials in transitHTTPS Server Namejohndoe.wizone.ioReplace with your subdomain from Stage 2 Step 1SSL/TLS Certificatecaptive_keySelect the ACME cert issued in Stage 2Disable HTTPS Forwards❌Leave unchecked to allow HTTP → HTTPS redirect Click Save. HTTPS Server Name must exactly match the subdomain you chose in Stage 2 Step 1. A mismatch will cause browser security warnings for users.",{"id":402,"title":403,"titles":404,"content":405,"level":138},"/plugin/captive-portal#step-8-allowed-ip-addresses","Step 8 – Allowed IP Addresses",[68],"Go to Services → Captive Portal → Zone → Allowed IP Addresses and add the following to allow unauthenticated clients to resolve DNS:",{"id":407,"title":408,"titles":409,"content":410,"level":138},"/plugin/captive-portal#step-9-allowed-hostnames-whitelist","Step 9 – Allowed Hostnames (Whitelist)",[68],"Go to Services → Captive Portal → Zone → Allowed Hostnames and add the following with Direction = Both:",{"id":412,"title":413,"titles":414,"content":415,"level":138},"/plugin/captive-portal#step-10-verify-final-status","Step 10 – Verify Final Status",[68],"Go to Services → WiZone → Overview and confirm all sections show Ready. SectionStatusWIREGUARD✅ ReadyCAPTIVE PORTAL✅ ReadyWZ-LOGGER✅ ReadyCORE FILES✅ Ready All sections showing Ready means the WiZone Plugin installation is complete. Wi-Fi clients will now be redirected to the Captive Portal login page automatically.",{"id":54,"title":53,"titles":417,"content":418,"level":107},[],"Install and configure the WiZone Plugin for pfSense via one-command install.",{"id":420,"title":421,"titles":422,"content":423,"level":107},"/plugin#wizone-pfsense-setup","WiZone pfSense Setup",[],"The WiZone Plugin for pfSense streamlines Captive Portal, RADIUS authentication, and WZ-Logger setup — deployed with a single command from the WiZone Portal.",{"id":425,"title":209,"titles":426,"content":427,"level":119},"/plugin#overview",[421],"StageTopicDescription1Install + WZ LoggerDeploy the plugin via install command and configure WZ-Logger2ACME SSL SetupIssue an SSL certificate via Let's Encrypt + ACME DNS-01 challenge3Captive PortalConfigure the Captive Portal zone, RADIUS MAC auth, HTTPS, and allowed hosts",{"id":429,"title":80,"titles":430,"content":431,"level":119},"/plugin#prerequisites",[421],"Before starting, ensure the following are in place:pfSense is installed and operational (version 2.7.x or later)WiFi interface is assigned and active on pfSenseThe NAS device is registered in WiZone PortalYou have admin access to pfSense including Diagnostics → Command Prompt",{"id":81,"title":80,"titles":433,"content":434,"level":107},[],"What you need to have ready before configuring WiZone on MikroTik. Before starting the WiZone setup, make sure the following are already in place on your MikroTik:",{"id":436,"title":437,"titles":438,"content":439,"level":138},"/mikrotik-setup/basic-network#network-requirements","Network Requirements",[80],"#RequirementNotes✅MikroTik has internet accessDefault route to ISP gateway working✅An interface ready for the Wi-Fi APe.g. ether5, bridge-wifi, or any interface connected to your AP✅DHCP server running on that interfaceSo Wi-Fi clients receive an IP address✅Know the gateway IP of that interfacee.g. 172.16.0.1 — you will need this in Stage 4 and Stage 5",{"id":441,"title":442,"titles":443,"content":444,"level":138},"/mikrotik-setup/basic-network#note-the-values-youll-need","Note the values you'll need",[80],"Before continuing, note down: ValueExampleUsed inWi-Fi interface nameether5 / bridge-wifiStage 4 — Hotspot SetupGateway IP of Wi-Fi subnet172.16.0.1Stage 4 — Hotspot, Stage 5 — HTTPS Network design — which ports, subnets, and bridge layout to use — is up to your site. This guide does not prescribe a specific topology. Once these are ready, proceed to Stage 2 — WireGuard Tunnel.",{"id":85,"title":84,"titles":446,"content":447,"level":107},[],"Create an encrypted WireGuard VPN tunnel from MikroTik to WiZone Cloud. Important: Get your configuration from the WiZone Portal first.\nGo to Devices → NAS Configuration and keep it open — you will copy values from there in every step below.",{"id":449,"title":450,"titles":451,"content":452,"level":138},"/mikrotik-setup/wireguard#step-1-create-wireguard-interface","Step 1 – Create WireGuard Interface",[84],"Go to WireGuard → WireGuard tab → Add (+) and configure: FieldValueNamewizone-wgListen Port51820Private KeyPEER PRIVATE KEY from Portal Click Apply → OK.",{"id":454,"title":455,"titles":456,"content":457,"level":138},"/mikrotik-setup/wireguard#step-2-assign-ip-to-wireguard-interface","Step 2 – Assign IP to WireGuard Interface",[84],"Go to IP → Addresses → Add (+) and configure: FieldValueAddressWG INTERFACE IP from PortalInterfacewizone-wg Click Apply → OK.",{"id":459,"title":460,"titles":461,"content":462,"level":138},"/mikrotik-setup/wireguard#step-3-add-peer","Step 3 – Add Peer",[84],"Go to WireGuard → Peers tab → Add (+) and configure: FieldValueInterfacewizone-wgPublic KeyTUNNEL PUBLIC KEY from PortalEndpoint AddressEndpoint PortTUNNEL PORT from Portal (e.g. 51821)Allowed Address10.1.10.0/24, 10.1.200.0/24, 10.255.0.1/32 Click Apply → OK. Three Allowed Addresses are required:10.1.10.0/24 — WiZone system network (RADIUS, API)10.1.200.0/24 — WiZone support team VPN (remote debugging)10.255.0.1/32 — VPN tunnel gateway",{"id":464,"title":465,"titles":466,"content":467,"level":138},"/mikrotik-setup/wireguard#verify","Verify",[84],"Go to WiZone Portal → Devices → NAS List and check the MikroTik Status is UP",{"id":89,"title":88,"titles":469,"content":470,"level":107},[],"Add static routes for RADIUS and VPN networks, and configure firewall rules for WireGuard and RADIUS CoA.",{"id":472,"title":473,"titles":474,"content":475,"level":138},"/mikrotik-setup/routing-firewall#step-1-add-static-routes","Step 1 – Add Static Routes",[88],"Go to IP → Routes → Add (+) and configure: FieldValueDst. Address10.1.10.0/24Gatewaywizone-wg Click Apply → OK. (Optional) Add a second route with Dst. Address = 10.1.200.0/24 and the same Gateway — allows the WiZone support team to remotely access your device for troubleshooting.",{"id":477,"title":478,"titles":479,"content":480,"level":138},"/mikrotik-setup/routing-firewall#step-2-add-firewall-rule-for-wireguard","Step 2 – Add Firewall Rule for WireGuard",[88],"Go to IP → Firewall → Filter Rules tab → Add (+) and configure: TabFieldValueGeneralChaininputGeneralIn. Interfacewizone-wgActionActionacceptCommentWiZone WG Allow Click Apply → OK. Drag this rule above any existing drop/reject rules in the filter chain.",{"id":482,"title":483,"titles":484,"content":485,"level":138},"/mikrotik-setup/routing-firewall#step-3-add-firewall-rule-for-radius-coa","Step 3 – Add Firewall Rule for RADIUS CoA",[88],"Click Add (+) again and configure: TabFieldValueGeneralChaininputGeneralProtocoludpGeneralDst. Port3799ActionActionacceptCommentWiZone RADIUS CoA Click Apply → OK. What is CoA? Change of Authorization lets WiZone Portal instantly disconnect a user session — for example when an admin kicks a user or a session expires. This rule must be at the top of the filter list so it is always reachable.",{"id":93,"title":92,"titles":487,"content":488,"level":107},[],"Auto-provision a Let's Encrypt certificate for your MikroTik captive portal using WiZone ACME API. How it works: WiZone provides an ACME API that issues a Let's Encrypt certificate automatically. MikroTik fetches and renews it every 7 days via a built-in scheduler — no manual renewal needed.",{"id":490,"title":491,"titles":492,"content":493,"level":138},"/mikrotik-setup/https-cert#step-1-set-up-subdomain-in-wizone-portal","Step 1 – Set Up Subdomain in WiZone Portal",[92],"Log in to WiZone Portal → go to your NAS device page.Click Secure Captive Portal.Configure: FieldValueCaptive Portal SubdomainYour chosen name (e.g. goose)Gateway IP Address172.16.0.1 (must match your Hotspot interface IP) The Portal will show your full domain: https://[subdomain].wizone.io",{"id":495,"title":496,"titles":497,"content":498,"level":138},"/mikrotik-setup/https-cert#step-2-run-the-install-script-on-mikrotik","Step 2 – Run the Install Script on MikroTik",[92],"In the Secure Captive Portal page, click Copy or .rsc to get the script.Open WinBox → Terminal.Paste the entire script and press Enter.Wait a moment — the script will automatically:\nCreate a script named letsencrypt-update to fetch the certificateCreate a scheduler named letsencrypt-renew running every 7 days at 3:00 AMRun an initial certificate fetch immediately",{"id":500,"title":501,"titles":502,"content":503,"level":138},"/mikrotik-setup/https-cert#step-3-enable-https-in-server-profile","Step 3 – Enable HTTPS in Server Profile",[92],"Go to IP → Hotspot → Server Profiles tab → double-click hsprof1. Login tab: FieldValueHTTPS✅ CheckedSSL CertificateShould show letsencrypt (set automatically by script) Click Apply → OK.",{"id":505,"title":506,"titles":507,"content":508,"level":138},"/mikrotik-setup/https-cert#step-4-set-dns-name-in-server-profile","Step 4 – Set DNS Name in Server Profile",[92],"In the same hsprof1 profile: FieldValueDNS Name[subdomain].wizone.io (e.g. goose.wizone.io) Click Apply → OK. The DNS Name must exactly match the subdomain registered in the Portal. A mismatch will cause a certificate error in users' browsers.",{"id":510,"title":511,"titles":512,"content":513,"level":138},"/mikrotik-setup/https-cert#step-5-add-walled-garden-entry-for-acme-api","Step 5 – Add Walled Garden Entry for ACME API",[92],"Go to IP → Hotspot → Walled Garden IP List tab → Add (+): FieldValueActionacceptDst. Hostapi-acme.wizone.io Click Apply → OK. This allows the scheduler to fetch the certificate even while Hotspot is running.",{"id":515,"title":465,"titles":516,"content":517,"level":138},"/mikrotik-setup/https-cert#verify",[92],"Check certificate is installed: Open WinBox Terminal and run: /certificate print → You should see a certificate with private-key=yes and a name containing letsencrypt. Check HTTPS captive portal on a phone: Connect to Wi-Fi and open a browser. ResultMeaningRedirects to https://[subdomain].wizone.io with green padlock✅ HTTPS working correctlyShows \"Not Secure\" or certificate error❌ Check DNS Name matches subdomain Check auto-renew scheduler: /system scheduler print where name=\"letsencrypt-renew\" → Should show interval=7d and on-event=letsencrypt-update. To force an immediate certificate renewal:/system script run letsencrypt-update",{"id":97,"title":96,"titles":519,"content":520,"level":107},[],"Enable the MikroTik captive portal and connect it to WiZone RADIUS authentication.",{"id":522,"title":523,"titles":524,"content":525,"level":138},"/mikrotik-setup/hotspot-radius#step-1-add-radius-server","Step 1 – Add RADIUS Server",[96],"Get your RADIUS values from WiZone Portal → Devices → NAS Configuration Go to RADIUS → Add (+) and configure: FieldValueService✅ hotspotAddressRADIUS SERVER from PortalSecretSHARED SECRET from PortalAuthentication Port1812Accounting Port1813Require Message Authno Click Apply → OK.",{"id":527,"title":528,"titles":529,"content":530,"level":138},"/mikrotik-setup/hotspot-radius#step-2-enable-radius-incoming-coa","Step 2 – Enable RADIUS Incoming (CoA)",[96],"Go to RADIUS → Incoming button (top of window) and configure: FieldValueAccept✅ CheckedPort3799 Click Apply → OK. This enables CoA (Change of Authorization) — allows WiZone Portal to disconnect user sessions instantly when an admin kicks a user or a session expires.",{"id":532,"title":533,"titles":534,"content":535,"level":138},"/mikrotik-setup/hotspot-radius#step-3-create-hotspot-with-wizard","Step 3 – Create Hotspot with Wizard",[96],"Go to IP → Hotspot → Servers tab and click Hotspot Setup. StepValueHotspot Interfacebridge (same interface used for Wi-Fi)Local Address of Network172.16.0.1/24 (auto-filled if set in Stage 1)Address Pool of Network172.16.0.10 - 172.16.0.254Select CertificateSelect the cert issued in Stage 4 (or none if skipping HTTPS)SMTP Server0.0.0.0DNS Servers1.1.1.1DNS NameYour domain from Stage 4 (leave blank if skipping HTTPS) Click Next through each step until done.",{"id":537,"title":538,"titles":539,"content":540,"level":138},"/mikrotik-setup/hotspot-radius#step-4-configure-hotspot-server-profile","Step 4 – Configure Hotspot Server Profile",[96],"Go to IP → Hotspot → Server Profiles tab → double-click hsprof1. Login tab: FieldValueLogin By✅ MAC, ✅ HTTP PAP, ✅ HTTPS (uncheck CHAP, Cookie, Trial)MAC Auth. ModeMAC as username and passwordMAC Auth. PasswordAny value, e.g. mktom (cannot be blank)HTTP Cookie Lifetime3d 00:00:00 RADIUS tab: FieldValueUse RADIUS✅ CheckedAccounting✅ CheckedInterim Update00:01:00NAS Port Type19 (wireless-802.11) Click Apply → OK.",{"id":542,"title":543,"titles":544,"content":545,"level":138},"/mikrotik-setup/hotspot-radius#step-5-configure-hotspot-server-settings","Step 5 – Configure Hotspot Server Settings",[96],"Go to IP → Hotspot → Servers tab → double-click your hotspot server. FieldValueNamehotspot1Interfaceether5 (your Wi-Fi interface)Address Poolwifi-poolProfilefreewifiIdle Timeout00:05:00Keepalive Timeout(leave empty)Addresses Per MAC2 Click Apply → OK.",{"id":547,"title":548,"titles":549,"content":550,"level":138},"/mikrotik-setup/hotspot-radius#step-6-configure-user-profile","Step 6 – Configure User Profile",[96],"Go to IP → Hotspot → User Profiles tab → double-click default. FieldValueKeepalive Timeout(leave empty)Status Autorefresh00:01:00 Click Apply → OK.",{"id":552,"title":553,"titles":554,"content":555,"level":138},"/mikrotik-setup/hotspot-radius#step-7-configure-walled-garden","Step 7 – Configure Walled Garden",[96],"Walled Garden defines which websites users can access before logging in. Without this, users cannot reach the login portal page. Go to IP → Hotspot → Walled Garden tab and add the following entries (Action = allow for each): #Dst. Host0portal.wizone.io1static.cloudflareinsights.com2challenges.cloudflare.com",{"id":557,"title":558,"titles":559,"content":560,"level":138},"/mikrotik-setup/hotspot-radius#step-8-upload-login-page","Step 8 – Upload Login Page",[96],"In WiZone Portal → NAS Configuration, click Download next to Hotspot setup files.Extract the downloaded archive. Key files: FilePurposelogin.htmlMain login pagealogin.htmlAuto-login redirect page after successful login In WinBox, go to Files and open the hotspot folder (created by the wizard).Drag all extracted files into the hotspot/ folder on MikroTik. Go to IP → Hotspot → Server Profiles tab → double-click hsprof1.In the General tab, set HTML Directory → hotspot. Click Apply → OK.",{"id":562,"title":465,"titles":563,"content":564,"level":138},"/mikrotik-setup/hotspot-radius#verify",[96],"Connect a phone to Wi-Fi.Open a browser → it should redirect to the WiZone login page.Log in with a test account from Portal → should authenticate and access the internet. ProblemCheckNo redirect to loginVerify Hotspot server is on the correct interface; DHCP is workingRedirects but login failsVerify WireGuard tunnel (Stage 2) and RADIUS secret (Step 1 above)",{"id":101,"title":100,"titles":566,"content":567,"level":107},[],"Send MikroTik logs to WiZone Cloud for regulatory compliance under Thailand's Computer Crime Act. Sending logs to WiZone Cloud keeps your deployment compliant with Thailand's Computer Crime Act (พ.ร.บ. คอมพิวเตอร์). All hotspot, firewall, and DHCP events are stored securely in WiZone.",{"id":569,"title":570,"titles":571,"content":572,"level":138},"/mikrotik-setup/remote-logging#step-1-create-remote-syslog-action","Step 1 – Create Remote Syslog Action",[100],"Go to System → Logging → Actions tab → Add (+) and configure: FieldValueNamewizone-syslogTyperemoteRemote Address10.1.10.8Remote Port5140BSD Syslog❌ Unchecked (uses RFC 5424 format) Click Apply → OK.",{"id":574,"title":575,"titles":576,"content":577,"level":138},"/mikrotik-setup/remote-logging#step-2-add-logging-rules","Step 2 – Add Logging Rules",[100],"Go to System → Logging → Rules tab and add each rule: Rule 1 — Hotspot events: FieldValueTopicshotspotActionwizone-syslog Rule 2 — Firewall events: FieldValueTopicsfirewallActionwizone-syslog Rule 3 — DHCP events: FieldValueTopicsdhcpActionwizone-syslog",{"id":579,"title":465,"titles":580,"content":581,"level":138},"/mikrotik-setup/remote-logging#verify",[100],"Go to WiZone Portal → Firewall Logs — you should see log entries arriving. ProblemCheckNo logs appearingVerify route to 10.1.10.0/24 (Stage 3) and WireGuard handshake (Stage 2)",{"id":73,"title":77,"titles":583,"content":584,"level":107},[],"Step-by-step guide to configure MikroTik for WiZone — from WireGuard tunnel to HTTPS captive portal and remote logging.",{"id":586,"title":209,"titles":587,"content":588,"level":119},"/mikrotik-setup#overview",[77],"StageTopicDescription1Basic NetworkSet LAN IP and DHCP server for Wi-Fi clients2WireGuard TunnelCreate encrypted VPN tunnel back to WiZone Cloud3Routing & FirewallAdd static routes and allow WireGuard + CoA traffic4HTTPS CertificateAuto-issue Let's Encrypt cert for secure captive portal5Hotspot + RADIUSEnable captive portal login backed by WiZone RADIUS6Remote LoggingSend logs to WiZone Cloud for compliance",{"id":590,"title":591,"titles":592,"content":593,"level":119},"/mikrotik-setup#values-from-wizone-portal","Values from WiZone Portal",[77],"Before starting, go to NAS Configuration in the Portal and note these values: Log in to WiZone Portal → Devices → select your NAS → open NAS Configuration ValueSource in PortalUsed in StageRADIUS SERVERRADIUS SERVER field4SHARED SECRETSHARED SECRET field4WG INTERFACE IPWG INTERFACE IP field2TUNNEL PUBLIC KEYTUNNEL PUBLIC KEY field2TUNNEL PORTTUNNEL PORT field2PEER PRIVATE KEYPEER PRIVATE KEY field2wg2.wizone.io(fixed value)210.1.10.8(fixed value)6 Stage 4 (HTTPS) — no values to copy manually. The Portal generates a complete script with token included.",{"id":595,"title":53,"body":596,"description":418,"extension":716,"links":717,"meta":718,"navigation":719,"path":54,"seo":720,"stem":58,"__hash__":721},"docs/3.plugin/index.md",{"type":597,"value":598,"toc":712},"minimark",[599,603,606,610,683,686],[600,601,421],"h1",{"id":602},"wizone-pfsense-setup",[604,605,423],"p",{},[607,608,209],"h2",{"id":609},"overview",[611,612,613,629],"table",{},[614,615,616],"thead",{},[617,618,619,623,626],"tr",{},[620,621,622],"th",{},"Stage",[620,624,625],{},"Topic",[620,627,628],{},"Description",[630,631,632,651,667],"tbody",{},[617,633,634,641,648],{},[635,636,637],"td",{},[638,639,640],"strong",{},"1",[635,642,643],{},[644,645,647],"a",{"href":646},"./plugin/install","Install + WZ Logger",[635,649,650],{},"Deploy the plugin via install command and configure WZ-Logger",[617,652,653,658,664],{},[635,654,655],{},[638,656,657],{},"2",[635,659,660],{},[644,661,663],{"href":662},"./plugin/acme","ACME SSL Setup",[635,665,666],{},"Issue an SSL certificate via Let's Encrypt + ACME DNS-01 challenge",[617,668,669,674,680],{},[635,670,671],{},[638,672,673],{},"3",[635,675,676],{},[644,677,679],{"href":678},"./plugin/captive-portal","Captive Portal",[635,681,682],{},"Configure the Captive Portal zone, RADIUS MAC auth, HTTPS, and allowed hosts",[607,684,80],{"id":685},"prerequisites",[687,688,690,693],"callout",{"type":689},"info",[604,691,692],{},"Before starting, ensure the following are in place:",[694,695,696,700,703,706],"ul",{},[697,698,699],"li",{},"pfSense is installed and operational (version 2.7.x or later)",[697,701,702],{},"WiFi interface is assigned and active on pfSense",[697,704,705],{},"The NAS device is registered in WiZone Portal",[697,707,708,709],{},"You have admin access to pfSense including ",[638,710,711],{},"Diagnostics → Command Prompt",{"title":262,"searchDepth":107,"depth":119,"links":713},[714,715],{"id":609,"depth":119,"text":209},{"id":685,"depth":119,"text":80},"md",null,{},true,{"title":53,"description":418},"7-jj_vIuXtyZqWkuHbd1yhwHNP_wKoty620jlX5itd4",[723,724],{"title":49,"path":50,"stem":51,"description":219,"children":-1},{"title":60,"path":61,"stem":62,"description":265,"children":-1},1772765897825]