can you check which ip is being returned once you're outside the registration network? (Im asuming you're using dns / fqdn to access the portal after login)
from what i understand you're using inline enforcement, is that correct? On Mon, May 13, 2024 at 12:36 PM Nate Tremmel <n...@nathantremmel.com> wrote: > > This doesn’t sound like the issue I have, seeing as the preregistration > doesn’t work outside of the registration network (NAT to Public IP). I sign > in with username and password and then the portal times out on the public IP. > > > On May 13, 2024, at 10:07 AM, Diego Garcia del Rio <garc...@gmail.com> > > wrote: > > > > so.. after troubleshooting a bit more.. somehow pfdns is not > > responding the the 66.x ip for the fqdn of the portal. If you ask > > pfdns for google.com or any other (while captive) it will reply with > > the 66.x ip .. but for the fqdn of the portal itself, it fails. > > > > see here for more details > > https://github.com/inverse-inc/packetfence/issues/8043 > > > > in particular this comment: > > https://github.com/inverse-inc/packetfence/issues/5765#issuecomment-681194433 > > where you create a hosts.pf file and point to it via pfdns > > > > On Tue, May 7, 2024 at 3:10 PM Diego Garcia del Rio <garc...@gmail.com> > > wrote: > >> > >> I was having similar issues on a fresh install of packetfence 13.1 on > >> rocky linux using the RPMs. > >> > >> I had trouble creating the isolation and registration sub-interfaces > >> (vlans), with the config not sticking on the configurator.. as such, > >> the haproxy-portal config was not having the correct interface > >> settings / the redirect.lua script seems to have been missing options. > >> Im still troubleshooting.. but its very weird. > >> > >> On Tue, May 7, 2024 at 11:50 AM Nate Tremmel via PacketFence-users > >> <packetfence-users@lists.sourceforge.net> wrote: > >>> > >>> I’m running Packetfence 13.1 from ISO and have a registration VLAN. I am > >>> using Merakis APs with radius role by VLAN. My test computer joins the > >>> network, get a registration VLAN IP from the packet fence server, and it > >>> tries to open the fqdn of the packetfence server and get a connection > >>> timed out error. On the computer, the fqdn is resolving to 66.70.255.147 > >>> which seems to be what is supposed to happen in the admin settings and I > >>> can ping that IP. I have allowed access to the management IP through the > >>> firewall for HTTPS from the registration VLAN. > >>> > >>> Any advice would be welcome. > >>> _______________________________________________ > >>> PacketFence-users mailing list > >>> PacketFence-users@lists.sourceforge.net > >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users > _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
