Answering myself here:
I subscribed to the github issue about this
(https://github.com/inverse-inc/packetfence/issues/4573) I read the
latest update from Fabrice that says that not even HE is able to get the
combination to work with out-of-band VLAN enforcement.
Next best stop I guess: inline setup like we are already running now,
but with a routed inline network -> no NAT on packetfence.
The whole idea is to expose individual wifi clients to our sophos XG,
and do NAT there, in order fully utilize sophos
intrusion/virus/reporting capabilities.
There is a packetfence FAQ item about that:
Comment the line %%nat_postrouting_inline%% in conf/iptables.conf. Restart
PacketFence. At this point packets are routed out.
But the inline ZEN quick guide says:
It’s also possible to specify a network that will be routed instead of using
NAT by adding in conf/networks.conf an option nat=no
Goal: having an inline wifi network in the range 192.168.54.x/24, but to
have sophos XG do the NAT-ting.
Anyone with knows how to configure avoiding NAT, routing wise..? How to
configure packetfence inline interface IP address, inline dhcp, gateway
for inline clients, etc?
MJ
On 10/14/19 10:37 PM, mj via PacketFence-users wrote:
Hi,
We would like to ask for some info. :-)
We have been running packetfence with captive portal for our wifi in
inline mode for years. We would now like to upgrade to out-of-band VLAN
enforcement, using our unifi APs and our onsite-controller, while
keeping the packetfence captive portal.
I am having a hard time understanding everything involved.
We have read the pf docs
(https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_ubiquiti_2)
about the captive portal and secondly about VLAN enforcement. We have
also read many posts and dialogues on github and the unifi forums.
So, before trying a PoC, I would like to ask here:
What is the recommended way to setup this combination: packetfence 9.1,
unifi controller 5.12, Out_of_band VLAN enforcement and the captive portal.
Perhaps to complicate things or not: we are *not* running unifi
switches, but regular HP Procurve. Not sure if that matters..?
Are many people here doing this? Does anyone perhaps have some notes for
us to read? Do's, don'ts, etc... It seems also that there has been a lot
of development going on on this subject. (for example:
https://github.com/inverse-inc/packetfence/issues/4573)
Are the instructions here
https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_ubiquiti_2
still up-to-date?
Any information would be appreciated :-)
Thanks!
MJ
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
