Fabrice,
sorry but I was disappeared… route are correct… but I can’t understand
192.95.20.194 : it’s a public IP. And my lan hasn’t access to the internet…
Da: Durand fabrice [mailto:fdur...@inverse.ca]
Inviato: mercoledì 23 agosto 2017 04.57
A: Alessandro Canella <alessandro.cane...@itcare.it>;
packetfence-users@lists.sourceforge.net
Oggetto: Re: R: [PacketFence-users] R: R: R: R: R: R: network-access-detection
for B i mean does the firewall have a specific route to reach 192.168.30.0/24
behind packetfence ?
Le 2017-08-18 à 04:17, Alessandro Canella a écrit :
A) I can use FQDN in config keeping in mind latency ecc…
B) Route are corrected (I’ve 12 network and 4 Firewall behind..)
Da: Durand fabrice via PacketFence-users
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: venerdì 18 agosto 2017 02.12
A:
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Durand fabrice <fdur...@inverse.ca><mailto:fdur...@inverse.ca>
Oggetto: Re: [PacketFence-users] R: R: R: R: R: R: network-access-detection
Hello Alessandro,
A)
first try to replace the network detection ip to 192.95.20.194.
Next if you use fqdn instead of an ip address then you have to keep in mind
that even if the packetfence's dns server return a ttl of 15s the browser have
his own dns cache (like 1 minutes).
So if the device is reg then you will have to wait 1 minute until the detection
works.
B)
if you route instead of using nat then you have to be sure that 192.95.20.194
know 192.168.30.0/24
Regards
Fabrice
Le 2017-08-17 à 10:31, Alessandro Canella a écrit :
first solved (thanks for DNS help…)
A) I’ve discovered that network access gif after login is accessible ONLY via
DNS call (DNS_SERVER_NAME.net/common/network-access-detection.gif works,
SERVER_MANAGEMENT_IP/common/network-access-detection.gif didn't) seems an
apache misconfig. I've bypassed using inline IP address (192.168.30.1) as
network detection
B) Route, this is mine.
default via 153.47.30.2 dev eth0
153.47.30.0/25 dev eth0 proto kernel scope link src 153.47.30.99
169.254.0.0/16 dev eth0 scope link metric 1002
169.254.0.0/16 dev eth0.30 scope link metric 1003
192.168.30.0/24 dev eth0.30 proto kernel scope link src 192.168.30.1
But I say I've got "some networks" behind PF. And seems that 192.168.30.0
requests isn't routed to 153.47.30.2...
Da: Fabrice Durand via PacketFence-users
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: giovedì 17 agosto 2017 14.30
A:
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Fabrice Durand <fdur...@inverse.ca><mailto:fdur...@inverse.ca>
Oggetto: Re: [PacketFence-users] R: R: R: R: R: network-access-detection
Ok so first fix the PacketFence server in order to be able to reach internet .
you need to have the default gateway configured and a valid dns server.
ip route
cat /etc/resolv.conf
Then when it's done your issue will probably be fixed.
Regards
Fabrice
Le 2017-08-17 à 07:30, Alessandro Canella a écrit :
Hello Fabrice:
IP_forward (tested from MGMT ip) result is 1: so, enabled I think.
ZEN seems not know DIG, HOST, NSlookup… so I use Ping “name” and cannot resolve
nothing.
Da: Durand fabrice via PacketFence-users
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: venerdì 11 agosto 2017 01.50
A:
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Durand fabrice <fdur...@inverse.ca><mailto:fdur...@inverse.ca>
Oggetto: Re: [PacketFence-users] R: R: R: R: network-access-detection
Hello Alessandro,
what is the result of ? :
cat /proc/sys/net/ipv4/ip_forward
From the pf server are you able to do a query ?
nslookup
> server 153.47.30.113
> inverse.ca
Regards
Fabrice
Le 2017-08-10 à 13:42, Alessandro Canella via PacketFence-users a écrit :
Here some test:
BEFORE LOGIN
Suffisso DNS specifico per connessione: inlinel2.feo-cer.net
Indirizzo IPv4. . . . . . . . . . . . : 192.168.30.14(Preferenziale)
Gateway predefinito . . . . . . . . . : 192.168.30.1
Server DHCP . . . . . . . . . . . . . : 192.168.30.1
Server DNS . . . . . . . . . . . . . : 153.47.30.113
C:\Users\aless>nslookup
Server predefinito: UnKnown
Address: 153.47.30.113
lancelot.feo-cer.net
Server: UnKnown
Address: 153.47.30.113
Nome: percival.feo-cer.net
Address: 192.168.30.1
Aliases: lancelot.feo-cer.net.inlinel2.feo-cer.net
AFTER LOGIN
C:\Users\aless>nslookup
DNS request timed out.
timeout was 2 seconds.
Server predefinito: UnKnown
Address: 153.47.30.113
> server 192.168.30.1
DNS request timed out.
timeout was 2 seconds.
Server predefinito: [192.168.30.1]
Address: 192.168.30.1
As you see from image attached, portscan …works….query not….
Da: Alessandro Canella via PacketFence-users
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: giovedì 10 agosto 2017 09.42
A:
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Alessandro Canella
<alessandro.cane...@itcare.it><mailto:alessandro.cane...@itcare.it>
Oggetto: [PacketFence-users] R: R: R: network-access-detection
Fabrice,
I made a test with nslookup. My first hop (PF inline IF) is closed and cannot
reach a remote DNS too. Note that other proto seems ok.
Da: Fabrice Durand via PacketFence-users
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: martedì 8 agosto 2017 14.37
A:
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Fabrice Durand <fdur...@inverse.ca<mailto:fdur...@inverse.ca>>
Oggetto: Re: [PacketFence-users] R: R: network-access-detection
Hello Alessandro,
you probably missconfigured the dns.
Can you give me your networks.conf ?
Regards
Fabrice
Le 2017-08-07 à 11:51, Alessandro Canella via PacketFence-users a écrit :
I’ve retried and checked traffic.
As wrotten, I’m in inline, users authenticate but GIF cannot be retrieved.
But not only : from a successful registered client, I cannot query DNS. And any
other packet works fine….
How I can check where is “deny” that stops me?
Da: Alessandro Canella via PacketFence-users
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: venerdì 4 agosto 2017 08.18
A: Ludovic Zammit <lzam...@inverse.ca><mailto:lzam...@inverse.ca>;
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Alessandro Canella
<alessandro.cane...@itcare.it><mailto:alessandro.cane...@itcare.it>
Oggetto: [PacketFence-users] R: network-access-detection
Hello Ludovic,
I’ve tried with Win10, tested with both IP (I know, if I test the first
reachable is not correct…) I’ve leaved Vlan Enforce due to incopatibility of
switches, so I’m in inline mode.
I will try to raise timeout to 90 secs and to open it by hand in new tab.
Later I will recap tests.
Thanks in advance.
Da: Ludovic Zammit [mailto:lzam...@inverse.ca]
Inviato: giovedì 3 agosto 2017 19.40
A:
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Alessandro Canella
<alessandro.cane...@itcare.it<mailto:alessandro.cane...@itcare.it>>
Oggetto: Re: [PacketFence-users] network-access-detection
Hello Alessandra,
Are you using Mac OS X ? Which PacketFence version are you using ?
By default on the ZEN it will try to reach our public IP.
Once you get authorize after the registration process you will need to check if
you have placed into the correct vlan (In VLAN enforcement mode) and got the
proper IP address.
Check also if you have internet, it's known for Mac OS X devices that they are
slow to release their IP and pickup the new one (~90secs).
Try to have a tab open on the network-access-detection.gif and see if it loads
after the registration process.
Thanks,
Ludovic Zammit
lzam...@inverse.ca<mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145) ::
www.inverse.ca<http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
On Aug 3, 2017, at 11:41 AM, Alessandro Canella via PacketFence-users
<packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>>
wrote:
Hello all,
I still have problem detecting /common/network-access-detection.gif after
access is granted. I’m using ZEN version.
I’ve tried lot of different config. All seems fine, gif is reachable from both
side of inline mode but “unable to detect” is the last portal page that I seen.
Any ideas about which log explore?
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org<http://slashdot.org/>!
http://sdm.link/slashdot_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
fdur...@inverse.ca<mailto:fdur...@inverse.ca> :: +1.514.447.4918 (x135) ::
www.inverse.ca<http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
fdur...@inverse.ca<mailto:fdur...@inverse.ca> :: +1.514.447.4918 (x135) ::
www.inverse.ca<http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
