And my further attempts to put two and two together and look back in time into
this mailing list showed that Fabrice already answered this question before đ
Yes, Iâd create an alias, e.g. eth0.1
So, under Configuration-Networks-Interfaces I click âADD VLANâ and then add
VLAN 1, add a new IP address to belong to the same subnet and then select type
âportalâ
New interface eth0.1 gets created with IP address 172.16.0.223, I can reach it
via IP and my interfaces and networks look like this:
What else am I doing to enable captive portal? I thought that it is enabled by
default and I see httpd.portal is UP and running but I donât see anything ports
open on 172.16.0.223
And iptables allow all HTTP and HTTPS for input-portal-if chain
Eugene
From: E.P. [mailto:ype...@gmail.com]
Sent: Sunday, February 18, 2018 11:14 PM
To: 'packetfence-users@lists.sourceforge.net'
<packetfence-users@lists.sourceforge.net>
Cc: 'Durand fabrice' <fdur...@inverse.ca>
Subject: RE: [PacketFence-users] Access to PF captive portal is blocked
I think it is slowly coming to me, Fabrice.
My PF is pure for RADIUS enforcement and PF has only one IP address of
management type.
Now if I want WebAuth enforcement I would need to create one more interface of
portal type
The question is can I create this portal type interface in the same subnet as
the management interface ?
I would want to have them both in the same VLAN
Eugene
From: E.P. [mailto:ype...@gmail.com]
Sent: Sunday, February 18, 2018 7:20 PM
To: 'packetfence-users@lists.sourceforge.net'
<packetfence-users@lists.sourceforge.net>
Cc: 'Durand fabrice' <fdur...@inverse.ca <mailto:fdur...@inverse.ca> >
Subject: RE: [PacketFence-users] Access to PF captive portal is blocked
Here it is, Fabrice
10.0.254.3 is the WiFi client and 172.16.0.222 is PF.
Tcpdump.pcap is attached and it is made right on PF
The second capture is made on the laptop connected to guest WiFi.
It contains pings to PF but all TCP SYN requests all are answered with RST.
Eugene
From: Durand fabrice via PacketFence-users
[mailto:packetfence-users@lists.sourceforge.net]
Sent: Sunday, February 18, 2018 10:51 AM
To: packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>
Cc: Durand fabrice <fdur...@inverse.ca <mailto:fdur...@inverse.ca> >
Subject: Re: [PacketFence-users] Access to PF captive portal is blocked
Hello Eugene,
do you have the capture ?
Regards
Fabrice
Le 2018-02-15 Ă 23:12, E.P. via PacketFence-users a Ă©crit :
Hi Fabrice,
I dare sending it again believing my previous email fell into cracks.
Can you please advise what could be wrong (see below)
Eugene
From: E.P. [mailto:ype...@gmail.com]
Sent: Wednesday, February 14, 2018 1:08 AM
To: packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>
Subject: Access to PF captive portal is blocked
Hello folks,
I really hope someone who ran into a similar problem will shed some light.
Feeling bad we donât hear anything from Fabrice or someone from inverse.
I have an out-of-band deployment of PF and my WiFi client gets connected and
redirected to PF
I see redirects by capturing the traffic on PF by tcpdump.
But⊠I see that PF sends TCP resets even for TCP SYN packet coming from the
client.
It seems to me it is just iptables firewall that blocks it.
Why ? Where am I supposed to enter those IP addresses that are allowed to go
through captive portal registration?
I do allow PF IP address in the pre-authorization access list and my ping to
FQDN of PF succeeds normally.
It is only HTTP(s) doesnât go through.
Even manually entered URL in the client browser doesnât open up any page, i.e.
https://pf.blabla.com/captive-portal or https://172.16.0.222/captive-portal
Eugene
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users