Hello, first check ipset -L if you see your device in the reg set.
Also in your capture the ip address is 192.168.30.11 not 192.168.10.11 and "The default gateway on the registered device is packetfence (192.168.30.67)." 192.168.30.67 ?! Regards Fabrice Le 2015-12-21 10:42, Mathieu Fourcroy a écrit : > Hello, > > Thank you for your answer. pfdns is runing. In fact, I have solved the > issue by modifying the hostname (packetfence) in the captive portal > settings, it was not matching username (user) runing packetfence on > the machine. So now I can see the registration page but the > demouser/demouser username/password is not working. I manually > register the computer in the packetfence web UI but when I try to > access a website (let's say www.packetfence.com > <http://www.packetfence.com>) then nothing happens. > > If I tcpdump on the inline interface of the packetfence machine while > trying to access a website on the registered computer (192.168.10.11): > > 15:05:49.864959 IP 192.168.30.11.47679 > 104.25.160.20.80: Flags [S], > seq 3801662405, win 29200, options [mss 1460,sackOK,TS val 1580628 ecr > 0,nop,wscale 7], length 0 > 15:05:50.114961 IP 192.168.30.11.47680 > 104.25.160.20.80: Flags [S], > seq 855267102, win 29200, options [mss 1460,sackOK,TS val 1580690 ecr > 0,nop,wscale 7], length 0 > 15:05:50.863602 IP 192.168.30.11.47679 > 104.25.160.20.80: Flags [S], > seq 3801662405, win 29200, options [mss 1460,sackOK,TS val 1580878 ecr > 0,nop,wscale 7], length 0 > 15:05:51.111583 IP 192.168.30.11.47680 > 104.25.160.20.80: Flags [S], > seq 855267102, win 29200, options [mss 1460,sackOK,TS val 1580940 ecr > 0,nop,wscale 7], length 0 > 15:05:52.867584 IP 192.168.30.11.47679 > 104.25.160.20.80: Flags [S], > seq 3801662405, win 29200, options [mss 1460,sackOK,TS val 1581379 ecr > 0,nop,wscale 7], length 0 > 15:05:53.115568 IP 192.168.30.11.47680 > 104.25.160.20.80: Flags [S], > seq 855267102, win 29200, options [mss 1460,sackOK,TS val 1581441 ecr > 0,nop,wscale 7], length 0 > 15:05:56.871534 IP 192.168.30.11.47679 > 104.25.160.20.80: Flags [S], > seq 3801662405, win 29200, options [mss 1460,sackOK,TS val 1582380 ecr > 0,nop,wscale 7], length 0 > 15:05:57.127536 IP 192.168.30.11.47680 > 104.25.160.20.80: Flags [S], > seq 855267102, win 29200, options [mss 1460,sackOK,TS val 1582444 ecr > 0,nop,wscale 7], length 0 > 15:06:00.663503 IP 192.168.30.11.57658 > 91.109.29.120.443: Flags [S], > seq 392423075, win 29200, options [mss 1460,sackOK,TS val 1583328 ecr > 0,nop,wscale 7], length 0 > 15:06:04.887596 IP 192.168.30.11.47679 > 104.25.160.20.80: Flags [S], > seq 3801662405, win 29200, options [mss 1460,sackOK,TS val 1584384 ecr > 0,nop,wscale 7], length 0 > 15:06:05.143599 IP 192.168.30.11.47680 > 104.25.160.20.80: Flags [S], > seq 855267102, win 29200, options [mss 1460,sackOK,TS val 1584448 ecr > 0,nop,wscale 7], length 0 > 15:06:05.671642 ARP, Request who-has 192.168.30.67 tell 192.168.30.11, > length 46 > 15:06:05.671655 ARP, Reply 192.168.30.67 is-at 80:3f:5d:09:64:9b, > length 28 > 15:06:20.919680 IP 192.168.30.11.47679 > 104.25.160.20.80: Flags [S], > seq 3801662405, win 29200, options [mss 1460,sackOK,TS val 1588392 ecr > 0,nop,wscale 7], length 0 > 15:06:21.175617 IP 192.168.30.11.47680 > 104.25.160.20.80: Flags [S], > seq 855267102, win 29200, options [mss 1460,sackOK,TS val 1588456 ecr > 0,nop,wscale 7], length 0 > 15:06:53.015537 IP 192.168.30.11.47679 > 104.25.160.20.80: Flags [S], > seq 3801662405, win 29200, options [mss 1460,sackOK,TS val 1596416 ecr > 0,nop,wscale 7], length 0 > 15:06:53.271520 IP 192.168.30.11.47680 > 104.25.160.20.80: Flags [S], > seq 855267102, win 29200, options [mss 1460,sackOK,TS val 1596480 ecr > 0,nop,wscale 7], length 0 > 15:06:58.023654 ARP, Request who-has 192.168.30.67 tell 192.168.30.11, > length 46 > 15:06:58.023673 ARP, Reply 192.168.30.67 is-at 80:3f:5d:09:64:9b, > length 28 > 15:07:05.505654 IP 192.168.30.11.49385 > 195.154.74.39.23232: Flags > [S], seq 777144145, win 29200, options [mss 1460,sackOK,TS val 1599538 > ecr 0,nop,wscale 7], length 0 > 15:07:06.503611 IP 192.168.30.11.49385 > 195.154.74.39.23232: Flags > [S], seq 777144145, win 29200, options [mss 1460,sackOK,TS val 1599788 > ecr 0,nop,wscale 7], length 0 > 15:07:08.507574 IP 192.168.30.11.49385 > 195.154.74.39.23232: Flags > [S], seq 777144145, win 29200, options [mss 1460,sackOK,TS val 1600289 > ecr 0,nop,wscale 7], length 0 > [...] > > The default gateway on the registered device is packetfence > (192.168.30.67). > The resolv.conf looks like: > > domain inline2.mydomain.com <http://inline2.mydomain.com> > search inline2.mydomain.com <http://inline2.mydomain.com> > nameserver 192.168.30.253 <= my router > > Where am I wrong ? > > 2015-12-21 14:55 GMT+01:00 Fabrice DURAND <[email protected] > <mailto:[email protected]>>: > > Hello Mathieu, > > can you check if pfdns is running ? , if no then restart it (pfcmd > service pfdns restart) > > > Regards > Fabrice > > Le 2015-12-21 04:26, Mathieu Fourcroy a écrit : > > Hello, > > > > I'm new to packetfence software and to NAC softwares. Packetfence > > looks like a very great open source NAC and I am trying to set it up > > using inline enforcement mode. > > > > I set up the two networks: > > - managment: 192.168.30.0/24 <http://192.168.30.0/24> > <http://192.168.30.0/24> > > - inline: 192.168.10.0/24 <http://192.168.10.0/24> > <http://192.168.10.0/24> > > > > I have a machine on the manament network so I have step through the > > configurator and then I connect another machine in the inline > network. > > The computer successfully get an IP address from the Packetfence's > > DHCP: 192.168.10.10. > > I can ping the Packetfence machine (192.168.10.67) but when I try to > > access an HTTP website I am not redirected to the captive portal. > > If I try to browse to 192.168.10.67 I am redirected to > > > > https://packetfence.pf.com/captive-portal?destination_url=http://192.168.10.67/&; > > but the address is unreachable. > > > > On the Packetfence machine, the captive portal settings are: > > IP: 192.168.10.67 > > IMG path: /common/network-access-detection.gif > > > > The rest is leave as default. > > > > Thank you in advance for your help. > > > > > > > > ------------------------------------------------------------------------------ > > > > > > _______________________________________________ > > PacketFence-users mailing list > > [email protected] > <mailto:[email protected]> > > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > -- > Fabrice Durand > [email protected] <mailto:[email protected]> :: +1.514.447.4918 > <tel:%2B1.514.447.4918> (x135) :: www.inverse.ca > <http://www.inverse.ca> > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and > PacketFence (http://packetfence.org) > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > PacketFence-users mailing list > [email protected] > <mailto:[email protected]> > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > > ------------------------------------------------------------------------------ > > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org)
0xF78F957E.asc
Description: application/pgp-keys
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
