Evening List,
New packetfence user here, just recently got packetfence setup for testing
in Inline mode. Hopefully I have covered the basics before e-mailing the
list, if not my apologies.
Currently when I join the inline network whatever site I hit first, (ie, if
I goto google.com first) will not work after I have been "authenticated"
through the captive portal. All other connections seem to work fine...
Ive noticed that after I authenticated (either manually approving the node
via webui or login local auth) I still cannot contact this site. This seems
to be because of some kind of caching issue with how DNS is working on the
lnline network.
For example
Launch browser to yahoo.com
Authenticate to Captive portal with uname/pass
redirection will fail.
Everything works besides yahoo.com
ping yahoo.com returns the packetfence IP for the inline network (in my
case 192.168.10.1)
This persists until I restart packetfence which resolves the issue until I
de-auth re-auth.
Any help or thoughts on the matter are appreciated, Thank you all for your
time in reading this message. I am looking to test Packetfence for
deployment in some small office wireless networks.
Thogue
I am on CentOs6.2 2.6.32-220.13.1.el6.x86_64
Version info:
Name : packetfence
Version : 3.3.2
Release : 1.el6
>From repo : PacketFence
Here are my confs:
[root@localhost ~]# cat /usr/local/pf/conf/pf.conf
[general]
#
# general.domain
#
# Domain name of PacketFence system.
domain=evilnuts.com
#
# general.hostname
#
# Hostname of PacketFence system. This is concatenated with the domain in
Apache rewriting rules and therefore must be resolvable by clients.
hostname=pf
dhcpservers=192.168.10.1
dnsservers=208.91.207.13
[trapping]
#
# trapping.range
#
# Comma-delimited list of address ranges/CIDR blocks that PacketFence will
monitor/detect/trap on. Gateway, network, and
# broadcast addresses are ignored.
range=192.168.10.0/24
registration=enabled
#detection=enabled
[database]
#
# database.pass
#
# Password for the mysql database used by PacketFence.
pass=pf@cc3ss
[servicewatch]
#
# servicewatch.restart
#
# Should pfcmd service pf watch restart PF if services are not running?
# You must make sure to call the watch command. Installing it in the cron
is the
# recommended approach:
# */5 * * * * /usr/local/pf/bin/pfcmd service pf watch
restart=enabled
[interface eth1]
ip=192.168.10.1
mask=255.255.255.0
gateway=192.168.10.1
type=internal
enforcement=inline
[interface eth0]
ip=10.0.2.251
mask=255.255.255.0
type=management
gateway=10.0.2.1
[guests_self_registration]
modes=email,sms,sponsor
[scan]
#engine=nessus
#registration=enabled
#
#Added by thogue
#
[registration]
default_auth=local
auth=local
expire_mode=window
expire_window=2W
guests_self_registration=disabled
[expire]
node=7D
[root@localhost ~]# cat /usr/local/pf/conf/networks.conf
[192.168.10.0]
type=inline
next_hop=
named=enabled
domain-name=inline.evilnuts.com
dhcpd=enabled
dhcp_start=192.168.10.10
dhcp_end=192.168.10.100
dhcp_default_lease_time=20
dhcp_max_lease_time=20
dns=208.91.207.13
netmask=255.255.255.0
gateway=192.168.10.1
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
