Looks like the ip is assigned: 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet 192.0.2.1/32 scope link lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever
ha proxy is listening: tcp 0 0 192.0.2.1:443 0.0.0.0:* LISTEN 5067/haproxy Heres a tcpdump of the traffic to the registration vlan interface: tcpdump -i ens224 -f "ether host 58:d5:0a:31:df:5c" tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens224, link-type EN10MB (Ethernet), capture size 262144 bytes 10:56:48.485070 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 58:d5:0a:31:df:5c (oui Unknown), length 302 10:56:48.492603 IP hsd-pf-1.hjt1.org.bootps > 172.21.73.224.bootpc: BOOTP/DHCP, Reply, length 311 10:56:48.512188 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 58:d5:0a:31:df:5c (oui Unknown), length 314 10:56:48.523678 IP PACKETFENCE-FQDN.bootps > 172.21.73.224.bootpc: BOOTP/DHCP, Reply, length 311 10:56:48.523933 ARP, Request who-has 172.21.73.224 tell 172.21.73.224, length 46 10:56:48.758141 IP 172.21.73.224.33093 > PACKETFENCE-FQDN.domain: 59068+ A? connectivitycheck.gstatic.com. (47) 10:56:48.760636 IP PACKETFENCE-FQDN.domain > 172.21.73.224.33093: 59068*- 1/0/0 A 192.0.2.1 (63) 10:56:48.784760 IP 172.21.73.224.40997 > PACKETFENCE-FQDN.domain: 47264+ A? www.google.com. (32) 10:56:48.787507 IP PACKETFENCE-FQDN.domain > 172.21.73.224.40997: 47264*- 1/0/0 A 192.0.2.1 (48) 10:56:48.869527 IP 172.21.73.224.30438 > PACKETFENCE-FQDN.domain: 7217+ A? clients3.google.com. (37) 10:56:48.872752 IP PACKETFENCE-FQDN.domain > 172.21.73.224.30438: 7217*- 1/0/0 A 192.0.2.1 (53) 10:56:48.899808 IP 172.21.73.224.8335 > PACKETFENCE-FQDN.domain: 32889+ A? mtalk.google.com. (34) 10:56:48.902028 IP PACKETFENCE-FQDN.domain > 172.21.73.224.8335: 32889*- 1/0/0 A 192.0.2.1 (50) 10:56:48.949836 IP 172.21.73.224.61471 > PACKETFENCE-FQDN.domain: 50430+ A? epdg.epc.firstnet.com. (39) 10:56:48.952125 IP PACKETFENCE-FQDN.domain > 172.21.73.224.61471: 50430*- 1/0/0 A 192.0.2.1 (55) 10:56:51.166407 IP 172.21.73.224.35915 > PACKETFENCE-FQDN.domain: 45147+ A? portal.fb.com. (31) 10:56:51.167851 IP PACKETFENCE-FQDN.domain > 172.21.73.224.35915: 45147*- 1/0/0 A 127.0.0.1 (47) 10:56:51.999913 IP 172.21.73.224.7889 > PACKETFENCE-FQDN.domain: 55966+ A? play.googleapis.com. (37) 10:56:52.002334 IP PACKETFENCE-FQDN.domain > 172.21.73.224.7889: 55966*- 1/0/0 A 192.0.2.1 (53) 10:56:52.496457 IP 172.21.73.224.48223 > PACKETFENCE-FQDN.domain: 53912+ A? www.googleapis.com. (36) 10:56:52.498854 IP PACKETFENCE-FQDN.domain > 172.21.73.224.48223: 53912*- 1/0/0 A 192.0.2.1 (52) 10:56:53.726157 IP 172.21.73.224.31953 > PACKETFENCE-FQDN.domain: 9356+ A? hsd-gwds-2.REDACTED. (37) 10:56:53.728471 IP PACKETFENCE-FQDN.domain > 172.21.73.224.31953: 9356*- 1/0/0 A 192.0.2.1 (53) 10:56:53.771563 ARP, Request who-has 172.21.73.224 tell PACKETFENCE-FQDN, length 28 10:56:53.771756 ARP, Reply 172.21.73.224 is-at 58:d5:0a:31:df:5c (oui Unknown), length 46 10:56:54.145519 IP 172.21.73.224.16107 > PACKETFENCE-FQDN.domain: 44342+ A? alt6-mtalk.google.com. (39) 10:56:54.147949 IP PACKETFENCE-FQDN.domain > 172.21.73.224.16107: 44342*- 1/0/0 A 192.0.2.1 (55) 10:56:56.054402 IP 172.21.73.224.9702 > PACKETFENCE-FQDN.domain: 60027+ A? connectivitycheck.gstatic.com. (47) 10:56:56.056859 IP PACKETFENCE-FQDN.domain > 172.21.73.224.9702: 60027*- 1/0/0 A 192.0.2.1 (63) 10:57:04.182446 IP 172.21.73.224.51065 > PACKETFENCE-FQDN.domain: 39299+ A? www.google.com. (32) 10:57:04.182572 IP 172.21.73.224.45952 > PACKETFENCE-FQDN.domain: 51831+ A? connectivitycheck.gstatic.com. (47) 10:57:04.184986 IP PACKETFENCE-FQDN.domain > 172.21.73.224.45952: 51831*- 1/0/0 A 192.0.2.1 (63) 10:57:04.185076 IP PACKETFENCE-FQDN.domain > 172.21.73.224.51065: 39299*- 1/0/0 A 192.0.2.1 (48) 10:57:04.197947 IP 172.21.73.224.54046 > PACKETFENCE-FQDN.domain: 48493+ A? mtalk.google.com. (34) 10:57:04.200061 IP PACKETFENCE-FQDN.domain > 172.21.73.224.54046: 48493*- 1/0/0 A 192.0.2.1 (50) I can ping the 192.0.2.1 locally from the pf server. I can't ping it from the registration vlan. I can access other things on the registration vlan, but can't access the actual pf IP address either. Can't manually access the portal with ip or hostname. -Ryan This e-mail message together with any attachments or reply should not be considered private or confidential because it may be archived and subject to public disclosure under certain circumstances, such as requests made pursuant to Wisconsin public records law. The message is intended solely for the use of the individual or entity to which they are addressed. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. Please note that the views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of the School District of Hartford Jt. #1. Any unauthorized use, distribution, copying or disclosure by you or to any other person is prohibited. >>> Durand fabrice via PacketFence-users <packetfence-users@lists.sourceforge.net> 6/4/2020 9:42 PM >>> If it's a layer 2 registration network then the dns will answer with the ip 192.0.2.1 (to fix the samsung captive portal detection) So check to see if the ip is on the lo interface (ip a), if it's the case check to see if the haproxy-portal is listening on this ip (netstat -nlp| grep 443) Also you can try to capture the traffic of the device and share the pcap. (thsrak -i ethx -f "ether host mac_address" -w /tmp/device.pcap Regards Fabrice Le 20-06-04 à 13 h 07, Ryan Radschlag via PacketFence-users a écrit : We're having issues with the clients not getting redirected to the captive portal. From what I can find, all of the DNS requests return 192.0.2.1 now. Is this supposed to work? Our clients sit idle and cant get to the portal even if we manually enter the dns or ip address. Currently we're running in out of band deployment. Any pointers on how to get this working? Thanks! -Ryan This e-mail message together with any attachments or reply should not be considered private or confidential because it may be archived and subject to public disclosure under certain circumstances, such as requests made pursuant to Wisconsin public records law. The message is intended solely for the use of the individual or entity to which they are addressed. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. Please note that the views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of the School District of Hartford Jt. #1. Any unauthorized use, distribution, copying or disclosure by you or to any other person is prohibited. _______________________________________________PacketFence-users mailing listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users