Hum weird, when you try to ping 192.0.2.1 from your device can you see
the request on the registration interface ?
It's sounds to me that you have something local on your device that
route 192.168.2.1 somewhere, can you verify the routing table ?
Regards
Fabrice
Le 20-06-05 à 12 h 01, Ryan Radschlag via PacketFence-users a écrit :
*Looks like the ip is assigned:*
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 192.0.2.1/32 scope link lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
*ha proxy is listening:*
tcp 0 0 192.0.2.1:443 0.0.0.0:* LISTEN
5067/haproxy
*Heres a tcpdump of the traffic to the registration vlan interface:*
tcpdump -i ens224 -f "ether host 58:d5:0a:31:df:5c"
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens224, link-type EN10MB (Ethernet), capture size 262144
bytes
10:56:48.485070 IP 0.0.0.0.bootpc > 255.255.255.255.bootps:
BOOTP/DHCP, Request from 58:d5:0a:31:df:5c (oui Unknown), length 302
10:56:48.492603 IP hsd-pf-1.hjt1.org.bootps > 172.21.73.224.bootpc:
BOOTP/DHCP, Reply, length 311
10:56:48.512188 IP 0.0.0.0.bootpc > 255.255.255.255.bootps:
BOOTP/DHCP, Request from 58:d5:0a:31:df:5c (oui Unknown), length 314
10:56:48.523678 IP PACKETFENCE-FQDN.bootps > 172.21.73.224.bootpc:
BOOTP/DHCP, Reply, length 311
10:56:48.523933 ARP, Request who-has 172.21.73.224 tell 172.21.73.224,
length 46
10:56:48.758141 IP 172.21.73.224.33093 > PACKETFENCE-FQDN.domain:
59068+ A? connectivitycheck.gstatic.com. (47)
10:56:48.760636 IP PACKETFENCE-FQDN.domain > 172.21.73.224.33093:
59068*- 1/0/0 A 192.0.2.1 (63)
10:56:48.784760 IP 172.21.73.224.40997 > PACKETFENCE-FQDN.domain:
47264+ A? www.google.com <http://www.google.com>. (32)
10:56:48.787507 IP PACKETFENCE-FQDN.domain > 172.21.73.224.40997:
47264*- 1/0/0 A 192.0.2.1 (48)
10:56:48.869527 IP 172.21.73.224.30438 > PACKETFENCE-FQDN.domain:
7217+ A? clients3.google.com. (37)
10:56:48.872752 IP PACKETFENCE-FQDN.domain > 172.21.73.224.30438:
7217*- 1/0/0 A 192.0.2.1 (53)
10:56:48.899808 IP 172.21.73.224.8335 > PACKETFENCE-FQDN.domain:
32889+ A? mtalk.google.com. (34)
10:56:48.902028 IP PACKETFENCE-FQDN.domain > 172.21.73.224.8335:
32889*- 1/0/0 A 192.0.2.1 (50)
10:56:48.949836 IP 172.21.73.224.61471 > PACKETFENCE-FQDN.domain:
50430+ A? epdg.epc.firstnet.com. (39)
10:56:48.952125 IP PACKETFENCE-FQDN.domain > 172.21.73.224.61471:
50430*- 1/0/0 A 192.0.2.1 (55)
10:56:51.166407 IP 172.21.73.224.35915 > PACKETFENCE-FQDN.domain:
45147+ A? portal.fb.com. (31)
10:56:51.167851 IP PACKETFENCE-FQDN.domain > 172.21.73.224.35915:
45147*- 1/0/0 A 127.0.0.1 (47)
10:56:51.999913 IP 172.21.73.224.7889 > PACKETFENCE-FQDN.domain:
55966+ A? play.googleapis.com. (37)
10:56:52.002334 IP PACKETFENCE-FQDN.domain > 172.21.73.224.7889:
55966*- 1/0/0 A 192.0.2.1 (53)
10:56:52.496457 IP 172.21.73.224.48223 > PACKETFENCE-FQDN.domain:
53912+ A? www.googleapis.com <http://www.googleapis.com>. (36)
10:56:52.498854 IP PACKETFENCE-FQDN.domain > 172.21.73.224.48223:
53912*- 1/0/0 A 192.0.2.1 (52)
10:56:53.726157 IP 172.21.73.224.31953 > PACKETFENCE-FQDN.domain:
9356+ A? hsd-gwds-2.REDACTED. (37)
10:56:53.728471 IP PACKETFENCE-FQDN.domain > 172.21.73.224.31953:
9356*- 1/0/0 A 192.0.2.1 (53)
10:56:53.771563 ARP, Request who-has 172.21.73.224 tell
PACKETFENCE-FQDN, length 28
10:56:53.771756 ARP, Reply 172.21.73.224 is-at 58:d5:0a:31:df:5c (oui
Unknown), length 46
10:56:54.145519 IP 172.21.73.224.16107 > PACKETFENCE-FQDN.domain:
44342+ A? alt6-mtalk.google.com. (39)
10:56:54.147949 IP PACKETFENCE-FQDN.domain > 172.21.73.224.16107:
44342*- 1/0/0 A 192.0.2.1 (55)
10:56:56.054402 IP 172.21.73.224.9702 > PACKETFENCE-FQDN.domain:
60027+ A? connectivitycheck.gstatic.com. (47)
10:56:56.056859 IP PACKETFENCE-FQDN.domain > 172.21.73.224.9702:
60027*- 1/0/0 A 192.0.2.1 (63)
10:57:04.182446 IP 172.21.73.224.51065 > PACKETFENCE-FQDN.domain:
39299+ A? www.google.com <http://www.google.com>. (32)
10:57:04.182572 IP 172.21.73.224.45952 > PACKETFENCE-FQDN.domain:
51831+ A? connectivitycheck.gstatic.com. (47)
10:57:04.184986 IP PACKETFENCE-FQDN.domain > 172.21.73.224.45952:
51831*- 1/0/0 A 192.0.2.1 (63)
10:57:04.185076 IP PACKETFENCE-FQDN.domain > 172.21.73.224.51065:
39299*- 1/0/0 A 192.0.2.1 (48)
10:57:04.197947 IP 172.21.73.224.54046 > PACKETFENCE-FQDN.domain:
48493+ A? mtalk.google.com. (34)
10:57:04.200061 IP PACKETFENCE-FQDN.domain > 172.21.73.224.54046:
48493*- 1/0/0 A 192.0.2.1 (50)
I can ping the 192.0.2.1 locally from the pf server. I can't ping it
from the registration vlan. I can access other things on the
registration vlan, but can't access the actual pf IP address either.
Can't manually access the portal with ip or hostname.
-Ryan
/
This e-mail message together with any attachments or reply should not
be considered private or confidential because it may be archived and
subject to public disclosure under certain circumstances, such as
requests made pursuant to Wisconsin public records law.
The message is intended solely for the use of the individual or entity
to which they are addressed. Please notify the sender immediately by
e-mail if you have received this e-mail by mistake and delete this
e-mail from your system. Please note that the views or opinions
presented in this e-mail are solely those of the author and do not
necessarily represent those of the School District of Hartford Jt. #1.
Any unauthorized use, distribution, copying or disclosure by you or to
any other person is prohibited./
>>> Durand fabrice via PacketFence-users
<packetfence-users@lists.sourceforge.net> 6/4/2020 9:42 PM >>>
If it's a layer 2 registration network then the dns will answer with
the ip 192.0.2.1 (to fix the samsung captive portal detection)
So check to see if the ip is on the lo interface (ip a), if it's the
case check to see if the haproxy-portal is listening on this ip
(netstat -nlp| grep 443)
Also you can try to capture the traffic of the device and share the
pcap. (thsrak -i ethx -f "ether host mac_address" -w /tmp/device.pcap
Regards
Fabrice
Le 20-06-04 à 13 h 07, Ryan Radschlag via PacketFence-users a écrit :
We're having issues with the clients not getting redirected to the
captive portal. From what I can find, all of the DNS requests return
192.0.2.1 now. Is this supposed to work? Our clients sit idle and
cant get to the portal even if we manually enter the dns or ip
address. Currently we're running in out of band deployment. Any
pointers on how to get this working?
Thanks!
-Ryan
/
This e-mail message together with any attachments or reply should not
be considered private or confidential because it may be archived and
subject to public disclosure under certain circumstances, such as
requests made pursuant to Wisconsin public records law.
The message is intended solely for the use of the individual or
entity to which they are addressed. Please notify the sender
immediately by e-mail if you have received this e-mail by mistake and
delete this e-mail from your system. Please note that the views or
opinions presented in this e-mail are solely those of the author and
do not necessarily represent those of the School District of Hartford
Jt. #1. Any unauthorized use, distribution, copying or disclosure by
you or to any other person is prohibited./
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
