Hi Nicolas,
thanks, that appeared to work now!
I have configured Packetfence for inline enforcement and all services
start without difficulties or errors.
However, on the inline layer 2 network, I cannot seem to be able to get
the DHCP server to work.
I have configured the network in question as follows:
IPv4: 192.168.42.1 / 24
IPv6: took the IPv6 of the management interface incremented by 1 / 64
Type: Inline Layer 2
Additional listening daemons: radius (it seems, dhcp, dns and portal do
not need to be activated here? Other wise the type automatically changes
to "Other")
Enable DHCP Server: Yes
Enable NAT: Yes (The "NATing mode disabled" warning shows up. IP
forwarding is enable for v4 and v6, though.)
Split network by role: No
Reg. IP in CDIR: <Empty>
Using tcpdump, I can clearly see the DHCP request from my test-laptop
coming in.
(Command I used: "tcpdump -i enp6s0 port 67 or port 68 -e -n -vvv")
My management interface is enp5s0 which is connected to my home router
and my main PC from where I configure PF.
It uses 192.168.178.0/24 and is connected to the Internet.
The logs from "pfdhcplistener" tell me that there is something wrong though:
"Unable to initiate packet capture. Is enp6s0 an actual network
interface? Unable to open VLAN proc description for enp6s0: No such file
or directory".
Since this is an actual network interface, do I need to tell the DHCP
listener about that?
Also: Would just putting everything into a VLAN and removing the frame
at the next switch solve this issue?
Do I miss something or did I understand the inline setup wrongly?
Nearly none of our equipment is going to be manageable in terms of
dynamic VLAN assignments / SNMP. We would only be able to use VLANs to
separate into different networks.
Best regards
Magnus
On 7/25/19 2:07 PM, Nicolas Quiniou-Briand via PacketFence-users wrote:
On a fresh Debian 9.9 with PacketFence 9.0.1, I got this message too:
"packetfence.packetfence.org:443:0 server certificate does not include
an ID which matches the server name"
But I'm able to reach web admin.
Based on your logs, your web admin is started, you should be able to
reach IP by using https://mgmt_ip:1443/.
Try to install tcpdump on your server and check if you receive traffic
from your computer.
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
