so I tried today editing those two lines but still no success
I tried then disabling the iptables service and still the same problem
then I released the tcpdump -i eth1.2 command (eth1.2 is the registration
interface) and got this output at the moment I opened the web browser on
the client side and I´m supposed to hit the captive portal
14:39:24.171855 IP 192.168.2.10.59015 > 192.168.2.1.domain: 41910+ A?
www.google.com. (32)
14:39:24.176052 IP 192.168.2.1.domain > 192.168.2.10.59015: 41910* 1/1/1 A
192.168.2.1 (88)
14:39:24.176678 IP 192.168.2.10.objective-dbc > 192.168.2.1.http: Flags
[S], seq 3594596785, win 65535, options [mss 1460,nop,nop,sackOK], length 0
14:39:24.176896 IP 192.168.2.1.http > 192.168.2.10.objective-dbc: Flags
[S.], seq 4272748915, ack 3594596786, win 5840, options [mss
1460,nop,nop,sackOK], length 0
14:39:24.177381 IP 192.168.2.10.objective-dbc > 192.168.2.1.http: Flags
[.], ack 1, win 65535, length 0
14:39:24.177394 IP 192.168.2.10.objective-dbc > 192.168.2.1.http: Flags
[P.], seq 1:653, ack 1, win 65535, length 652
14:39:24.177532 IP 192.168.2.1.http > 192.168.2.10.objective-dbc: Flags
[.], ack 653, win 6520, length 0
14:39:24.183245 IP 192.168.2.1.http > 192.168.2.10.objective-dbc: Flags
[P.], seq 1:581, ack 653, win 6520, length 580
14:39:24.184161 IP 192.168.2.10.objective-dbc > 192.168.2.1.http: Flags
[F.], seq 653, ack 581, win 64955, length 0
14:39:24.184521 IP 192.168.2.10.iclpv-dm > 192.168.2.1.http: Flags [S], seq
289044139, win 65535, options [mss 1460,nop,nop,sackOK], length 0
14:39:24.184592 IP 192.168.2.1.http > 192.168.2.10.iclpv-dm: Flags [S.],
seq 4278928276, ack 289044140, win 5840, options [mss 1460,nop,nop,sackOK],
length 0
14:39:24.184922 IP 192.168.2.10.iclpv-dm > 192.168.2.1.http: Flags [.], ack
1, win 65535, length 0
14:39:24.185210 IP 192.168.2.10.iclpv-dm > 192.168.2.1.http: Flags [P.],
seq 1:623, ack 1, win 65535, length 622
14:39:24.185265 IP 192.168.2.1.http > 192.168.2.10.iclpv-dm: Flags [.], ack
623, win 6842, length 0
14:39:24.190726 IP 192.168.2.1.http > 192.168.2.10.objective-dbc: Flags
[F.], seq 581, ack 654, win 6520, length 0
14:39:24.190946 IP 192.168.2.10.objective-dbc > 192.168.2.1.http: Flags
[.], ack 582, win 64955, length 0
14:39:24.453054 IP 192.168.2.1.http > 192.168.2.10.iclpv-dm: Flags [.], seq
1:1461, ack 623, win 6842, length 1460
14:39:24.453363 IP 192.168.2.1.http > 192.168.2.10.iclpv-dm: Flags [.], seq
1461:2921, ack 623, win 6842, length 1460
14:39:24.453504 IP 192.168.2.1.http > 192.168.2.10.iclpv-dm: Flags [.], seq
2921:4381, ack 623, win 6842, length 1460
14:39:27.453316 IP 192.168.2.1.http > 192.168.2.10.iclpv-dm: Flags [.], seq
1:1461, ack 623, win 6842, length 1460
14:39:33.453327 IP 192.168.2.1.http > 192.168.2.10.iclpv-dm: Flags [.], seq
1:1461, ack 623, win 6842, length 1460
14:39:45.453211 IP 192.168.2.1.http > 192.168.2.10.iclpv-dm: Flags [.], seq
1:1461, ack 623, win 6842, length 1460
14:39:47.654597 IP 192.168.2.10.netbios-dgm > 192.168.2.255.netbios-dgm:
NBT UDP PACKET(138)
14:39:50.624802 IP 192.168.2.10.bootpc > 192.168.2.1.bootps: BOOTP/DHCP,
Request from 00:14:22:fd:cd:5f (oui Unknown), length 319
14:39:50.632697 IP 192.168.2.1.bootps > 192.168.2.10.bootpc: BOOTP/DHCP,
Reply, length 300
14:40:09.453231 IP 192.168.2.1.http > 192.168.2.10.iclpv-dm: Flags [.], seq
1:1461, ack 623, win 6842, length 1460
now it gets stuck there
do you find something there?
thanks again in advance
2011/12/2 clf <[email protected]>
> Hi François,
>
> that's a good tip, I won't be able to try this until monday since today
> I'm out of office, but I will post the results as soon as I make this
>
> thanks again and have a nice weekend
>
> 2011/12/2 Francois Gaudreault <[email protected]>
>
>> **
>> OK try this. In pf/conf/httpd.conf.apache22, change :
>> RewriteRule ^.*$
>> https://%%hostname%%.%%domain%%/captive-portal?destination_url=http://%{HTTP_HOST}%{REQUEST_URI}
>> [R=307,L]
>> to
>> RewriteRule ^.*$
>> http://%%hostname%%.%%domain%%/captive-portal?destination_url=http://%{HTTP_HOST}%{REQUEST_URI}
>> [R=307,L]
>>
>> You will need to change it two times. Next, restart packetfence and
>> retry. This will prevent the redirect to https, and will use plain http.
>> Let's see if it works that way.
>>
>> My other question, do you have a proxy configured for your browser?
>>
>>
>> On 11-12-02 3:44 AM, clf wrote:
>>
>> I have to add something, the PF is a virtual machine running on Virtual
>> Box, this is configured with tho NICs and the NIC configured to use with PF
>> is a trunk with all VLANs needed, is set as follows
>>
>> eth1management
>> eth1.10 normal vlan
>> eth1.2 registration
>> eth1.3 isolation
>> eth1.5 normal vlan guests
>>
>> the other NIC is connected to a management switch
>>
>> 2011/12/1 Raül González <[email protected]>
>>
>>> yes, I tried two computers both with firefox and explorer
>>>
>>> when I check the access_log I can see the attempts from explorer and
>>> firefox, I can also see the attempts from the antivirus trying to update
>>>
>>> something is wrong loading the certificate or the reg page
>>>
>>> Am 01/12/2011 um 20:47 schrieb Francois Gaudreault <
>>> [email protected]>:
>>>
>>> Hi,
>>>
>>> Yes the nslookup is fine, as long as the PC also have a 192.168.2.x IP
>>> Address, and that you can ping 192.168.2.1.
>>>
>>> Again, you are reaching the server if you get the SSL warning. Did you
>>> test using another PC?
>>>
>>> On 11-12-01 2:14 PM, clf wrote:
>>>
>>> thanks again
>>>
>>> François, I didn't change any of the templates, no html files were
>>> modified
>>>
>>> Damian, restarting service doesn't help at this moment
>>>
>>> can you tell me if the nslookup is correct? where should I have a look?
>>>
>>> 2011/12/1 Damian Mendoza <[email protected]>
>>>
>>>> If you start and stop the PF service does the registration page work?
>>>>
>>>>
>>>>
>>>> That’s the problem I’m having – works one time after starting and
>>>> stopping the service
>>>>
>>>>
>>>>
>>>> *From:* clf [mailto:[email protected]]
>>>> *Sent:* Thursday, December 01, 2011 6:42 AM
>>>> *To:* [email protected]
>>>> *Subject:* Re: [Packetfence-users] Registration page doesn´t show up,
>>>> certificate?
>>>>
>>>>
>>>>
>>>> Hi Francois,
>>>>
>>>>
>>>>
>>>> thanks for your reply, I´ve tried both mozilla and explorer and
>>>> I´m still not able to see the registration page...
>>>>
>>>>
>>>>
>>>> I´ve solved those errors on the access_log creating new cert files with
>>>> openssl with the right server name and replacing the old ones. Now I only
>>>> get this on access_log:
>>>>
>>>>
>>>>
>>>> [notice] caught SIGTERM, shutting down
>>>>
>>>> [Thu Dec 01 10:38:18 2011] [notice] Apache/2.2.15 (Unix)
>>>> mod_ssl/2.2.15 OpenSSL/1.0.0-fips PHP/5.3.2 mod_perl/2.0.4 Perl/v5.10.1
>>>> configured -- resuming normal operations
>>>>
>>>> I realized that if i release the nslookup command on the client side I
>>>> get this output:
>>>>
>>>>
>>>>
>>>> server: packetfence
>>>>
>>>> address: 192.168.2.1
>>>>
>>>>
>>>>
>>>> name: www.google.com.registration.mydomain.com
>>>>
>>>> address: 192.168.2.1
>>>>
>>>>
>>>>
>>>> is something wrong with dns?
>>>>
>>>>
>>>>
>>>> thanks again
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Hi,
>>>>
>>>> What if you try with another browser (ie. Chrome/Firefox)? Do you have
>>>> the same thing?
>>>>
>>>> On 11-12-01 4:53 AM, clf wrote:
>>>> > Hi All,
>>>> > I just set up a new PF server yesterday, everything went fine and I
>>>> > could start the service and access the GUI.
>>>> > The server is set up in VLAN enforcement mode so when a new device is
>>>> > connected to the switch, PF changes the VLAN (MAC detection) to the
>>>> > registration VLAN and when the client opens the web browser it comes
>>>> > up the classic "Certificate Error" in Internet Explorer but when I
>>>> > click the link to ignore the message it just hangs and the reg page
>>>> > doesn´t
>>>> > I can see PF knows the client is trying to access to the Internet as
>>>> I
>>>> > see this in the access_log
>>>> > 192.168.2.10 - - [01/Dec/2011:10:50:30 +0100] "GET
>>>> > /captive-portal?destination_url=http://www.google.com/ HTTP/1.1" 200
>>>> > 7093 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1;
>>>> > Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
>>>> > 3.5.30729; .NET CLR 1.1.4322; InfoPath.2)"
>>>> > Having a look at the logs I see nothing strange but this on the
>>>> error_log
>>>> > [Thu Dec 01 10:36:37 2011] [notice] caught SIGTERM, shutting down
>>>> > [Thu Dec 01 10:38:12 2011] [warn] RSA server certificate is a CA
>>>> > certificate (BasicConstraints: CA == TRUE !?)
>>>> > [Thu Dec 01 10:38:12 2011] [warn] RSA server certificate CommonName
>>>> > (CN) `packetfence' does NOT match server name!?
>>>> > [Thu Dec 01 10:38:12 2011] [warn] RSA server certificate is a CA
>>>> > certificate (BasicConstraints: CA == TRUE !?)
>>>> > [Thu Dec 01 10:38:12 2011] [warn] RSA server certificate CommonName
>>>> > (CN) `packetfence' does NOT match server name!?
>>>> > [Thu Dec 01 10:38:13 2011] [warn] RSA server certificate is a CA
>>>> > certificate (BasicConstraints: CA == TRUE !?)
>>>> > [Thu Dec 01 10:38:13 2011] [warn] RSA server certificate CommonName
>>>> > (CN) `packetfence' does NOT match server name!?
>>>> > [Thu Dec 01 10:38:13 2011] [warn] RSA server certificate is a CA
>>>> > certificate (BasicConstraints: CA == TRUE !?)
>>>> > [Thu Dec 01 10:38:13 2011] [warn] RSA server certificate CommonName
>>>> > (CN) `packetfence' does NOT match server name!?
>>>> > [Thu Dec 01 10:38:18 2011] [notice] Apache/2.2.15 (Unix)
>>>> > mod_ssl/2.2.15 OpenSSL/1.0.0-fips PHP/5.3.2 mod_perl/2.0.4
>>>> > Perl/v5.10.1 configured -- resuming normal operations
>>>> > Any advice?
>>>> > Thanks in advance
>>>> > clf
>>>> >
>>>> >
>>>> >
>>>> ------------------------------------------------------------------------------
>>>> > All the data continuously generated in your IT infrastructure
>>>> > contains a definitive record of customers, application performance,
>>>> > security threats, fraudulent activity, and more. Splunk takes this
>>>> > data and makes sense of it. IT sense. And common sense.
>>>> > http://p.sf.net/sfu/splunk-novd2d
>>>> >
>>>> >
>>>> > _______________________________________________
>>>> > Packetfence-users mailing list
>>>> > Packetfence-users@...
>>>> > https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>
>>>>
>>>> --
>>>> Francois Gaudreault, ing. jr
>>>> fgaudreault@... :: +1.514.447.4918 (x130) :: http://www.inverse.ca
>>>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (
>>>> www.packetfence.org)
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> All the data continuously generated in your IT infrastructure
>>>> contains a definitive record of customers, application performance,
>>>> security threats, fraudulent activity, and more. Splunk takes this
>>>> data and makes sense of it. IT sense. And common sense.
>>>> http://p.sf.net/sfu/splunk-novd2d
>>>> _______________________________________________
>>>> Packetfence-users mailing list
>>>> [email protected]
>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>
>>>>
>>>
>>> ------------------------------------------------------------------------------
>>> All the data continuously generated in your IT infrastructure
>>> contains a definitive record of customers, application performance,
>>> security threats, fraudulent activity, and more. Splunk takes this
>>> data and makes sense of it. IT sense. And common
>>> sense.http://p.sf.net/sfu/splunk-novd2d
>>>
>>>
>>> _______________________________________________
>>> Packetfence-users mailing
>>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>>
>>>
>>> --
>>> Francois Gaudreault, ing. [email protected] :: +1.514.447.4918
>>> (x130) :: www.inverse.ca
>>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
>>> (www.packetfence.org)
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> All the data continuously generated in your IT infrastructure
>>> contains a definitive record of customers, application performance,
>>> security threats, fraudulent activity, and more. Splunk takes this
>>> data and makes sense of it. IT sense. And common sense.
>>> http://p.sf.net/sfu/splunk-novd2d
>>>
>>> _______________________________________________
>>> Packetfence-users mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>>
>>
>> ------------------------------------------------------------------------------
>> All the data continuously generated in your IT infrastructure
>> contains a definitive record of customers, application performance,
>> security threats, fraudulent activity, and more. Splunk takes this
>> data and makes sense of it. IT sense. And common
>> sense.http://p.sf.net/sfu/splunk-novd2d
>>
>>
>> _______________________________________________
>> Packetfence-users mailing
>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>>
>> --
>> Francois Gaudreault, ing. [email protected] :: +1.514.447.4918
>> (x130) :: www.inverse.ca
>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
>> (www.packetfence.org)
>>
>>
>>
>> ------------------------------------------------------------------------------
>> All the data continuously generated in your IT infrastructure
>> contains a definitive record of customers, application performance,
>> security threats, fraudulent activity, and more. Splunk takes this
>> data and makes sense of it. IT sense. And common sense.
>> http://p.sf.net/sfu/splunk-novd2d
>> _______________________________________________
>> Packetfence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
