Hello All, remove that from pf.conf:
[captive_portal] ip_address=192.168.203.1 Just quick explanation why there is this parameter, it´s just because of samsung devices. If the device is on the same layer2 that the registration interface then the portal ip address needs to be on a different network. (if not the portal never trigger) It´s like samsung device works, don´t ask me why i have no clue ... And if you check on the ip stack, the ip you define as captive_portal is defined on the lo interface (ip a) Regards Fabrice Le mer. 8 sept. 2021 à 03:03, Zestermann, Ronald via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Hello, > > since I have a similar problem, I'll add myself to this post. Maybe it > will also help the creator. > > The start of haproxy-portal fails with the following error: > > -- Unit packetfence-haproxy-portal.service has begun starting up. > Sep 07 07:14:12 pir-nac03 packetfence[1016]: -e(1016) WARN: requesting > member ips for an undefined interface... (pf::cluster::members_ips) > Sep 07 07:14:12 pir-nac03 packetfence[1016]: -e(1016) WARN: requesting > member ips for an undefined interface... (pf::cluster::members_ips) > Sep 07 07:14:12 pir-nac03 pfhttpd[31992]: api-frontend-access 127.0.0.1 - > - [07/Sep/2021:07:14:12 +0200] "GET /api/v1/queues/stats HTTP/1.1" 200 1123 > "https://192.168.9.183:1443/admin?"; > Sep 07 07:14:12 pir-nac03 haproxy[32595]: 192.168.8.15:62612 > [07/Sep/2021:07:14:12.725] admin-https-192.168.8.2~ api/127.0.0.1 > 0/0/0/6/7 200 1295 - - ---- 1/1/0/0/0 0/0 {192.168.9.183:1 > Sep 07 07:14:12 pir-nac03 haproxy[1019]: [ALERT] 249/071412 (1019) : > Parsing [/usr/local/pf/var/conf/haproxy-portal.conf:122]: frontend > 'portal-http-192.168.203.1' has the same name as > Sep 07 07:14:12 pir-nac03 haproxy[1019]: [ALERT] 249/071412 (1019) : > parsing [/usr/local/pf/var/conf/haproxy-portal.conf:125] : stick-table name > 'portal-http-192.168.203.1' conflicts wi > Sep 07 07:14:12 pir-nac03 haproxy[1019]: [ALERT] 249/071412 (1019) : > Parsing [/usr/local/pf/var/conf/haproxy-portal.conf:140]: frontend > 'portal-https-192.168.203.1' has the same name as > Sep 07 07:14:12 pir-nac03 haproxy[1019]: [ALERT] 249/071412 (1019) : > parsing [/usr/local/pf/var/conf/haproxy-portal.conf:143] : stick-table name > 'portal-https-192.168.203.1' conflicts w > Sep 07 07:14:12 pir-nac03 haproxy[1019]: [ALERT] 249/071412 (1019) : > Error(s) found in configuration file : > /usr/local/pf/var/conf/haproxy-portal.conf > Sep 07 07:14:12 pir-nac03 haproxy[1019]: [ALERT] 249/071412 (1019) : Fatal > errors found in configuration. > Sep 07 07:14:12 pir-nac03 systemd[1]: packetfence-haproxy-portal.service: > Main process exited, code=exited, status=1/FAILURE > Sep 07 07:14:12 pir-nac03 systemd[1]: Failed to start PacketFence HAProxy > Load Balancer for the captive portal. > -- Subject: Unit packetfence-haproxy-portal.service has failed > > checking the configuration results in the following: > > haproxy -c -V -f /usr/local/pf/var/conf/haproxy-portal.conf > [ALERT] 250/074126 (24684) : Parsing > [/usr/local/pf/var/conf/haproxy-portal.conf:122]: frontend > 'portal-http-192.168.203.1' has the same name as frontend > 'portal-http-192.168.203.1' declared at > /usr/local/pf/var/conf/haproxy-portal.conf:70. > [ALERT] 250/074126 (24684) : parsing > [/usr/local/pf/var/conf/haproxy-portal.conf:125] : stick-table name > 'portal-http-192.168.203.1' conflicts with table declared in frontend > 'portal-http-192.168.203.1' at > /usr/local/pf/var/conf/haproxy-portal.conf:70. > [ALERT] 250/074126 (24684) : Parsing > [/usr/local/pf/var/conf/haproxy-portal.conf:140]: frontend > 'portal-https-192.168.203.1' has the same name as frontend > 'portal-https-192.168.203.1' declared at > /usr/local/pf/var/conf/haproxy-portal.conf:88. > [ALERT] 250/074126 (24684) : parsing > [/usr/local/pf/var/conf/haproxy-portal.conf:143] : stick-table name > 'portal-https-192.168.203.1' conflicts with table declared in frontend > 'portal-https-192.168.203.1' at > /usr/local/pf/var/conf/haproxy-portal.conf:88. > [ALERT] 250/074126 (24684) : Error(s) found in configuration file : > /usr/local/pf/var/conf/haproxy-portal.conf > [ALERT] 250/074126 (24684) : Fatal errors found in configuration. > > It is strange that there are duplicate entries of the frontend type in > haproxy-portal.conf and I don't know where they come from or how I can > delete them again. Every change to the file is deleted after a restart. > >>>> > cat /usr/local/pf/var/conf/haproxy-portal.conf > # This file is generated from a template at > /usr/local/pf/conf/haproxy-portal.conf > # Any changes made to this file will be lost on restart > > # Copyright (C) Inverse inc. > global > external-check > user haproxy > group haproxy > daemon > pidfile /usr/local/pf/var/run/haproxy-portal.pid > log /dev/log local0 > stats socket /usr/local/pf/var/run/haproxy-portal.stats level > admin process 1 > maxconn 4000 > #Followup of https://github.com/inverse-inc/packetfence/pull/893 > #haproxy 1.6.11 | intermediate profile | OpenSSL 1.0.1e | SRC: > https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy-1.6.11&openssl=1.0.1e&hsts=yes&profile=intermediate > #Oldest compatible clients: Firefox 1, Chrome 1, IE 7, Opera 5, > Safari 1, Windows XP IE8, Android 2.3, Java 7 > tune.ssl.default-dh-param 2048 > ssl-default-bind-ciphers > ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS > ssl-default-bind-options no-sslv3 no-tls-tickets > ssl-default-server-ciphers > ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS > ssl-default-server-options no-sslv3 no-tls-tickets > #OLD SSL CONFIGURATION. IF RC4 is required or if you must support > clients older then the precendent list, comment all the block between this > comment and the precedent and uncomment the following line > #ssl-default-bind-ciphers > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA > lua-load /usr/local/pf/var/conf/passthrough.lua > > listen stats > bind 192.168.8.2:1025 > mode http > timeout connect 10s > timeout client 1m > timeout server 1m > stats enable > stats uri /stats > stats realm HAProxy\ Statistics > stats auth admin:packetfence > > > defaults > log global > mode http > option httplog > option dontlognull > timeout connect 5000 > timeout client 50000 > timeout server 50000 > errorfile 403 > /usr/local/pf/html/captive-portal/templates/rate-limiting.http > > backend proxy > option httpclose > option http_proxy > option forwardfor > # Need to have a proxy listening on localhost port 8888 > acl paramsquery query -m found > http-request set-uri http://127.0.0.1:8888%[path]?%[query] if > paramsquery > http-request set-uri http://127.0.0.1:8888%[path] unless paramsquery > > backend static > option httpclose > option http_proxy > option forwardfor > http-request set-uri http://127.0.0.1:8889%[path]?%[query] > > backend scep > option httpclose > option http_proxy > option forwardfor > http-request set-uri http://127.0.0.1:22225/api/v1%[path]?%[query] > > > frontend portal-http-192.168.203.1 > bind 192.168.203.1:80 > capture request header Host len 40 > stick-table type ip size 1m expire 10s store > gpc0,http_req_rate(10s) > tcp-request connection track-sc1 src > http-request lua.change_host > acl host_exist var(req.host) -m found > http-request set-header Host %[var(req.host)] if host_exist > http-request lua.select > acl action var(req.action) -m found > acl unflag_abuser src_clr_gpc0 -- > http-request allow if action unflag_abuser > http-request deny if { src_get_gpc0 gt 0 } > reqadd X-Forwarded-Proto:\ http > use_backend %[var(req.action)] > default_backend 192.168.203.1-backend > > > frontend portal-https-192.168.203.1 > bind 192.168.203.1:443 ssl no-sslv3 crt > /usr/local/pf/conf/ssl/server.pem > capture request header Host len 40 > stick-table type ip size 1m expire 10s store > gpc0,http_req_rate(10s) > tcp-request connection track-sc1 src > http-request lua.change_host > acl host_exist var(req.host) -m found > http-request set-header Host %[var(req.host)] if host_exist > http-request lua.select > acl action var(req.action) -m found > acl unflag_abuser src_clr_gpc0 -- > http-request allow if action unflag_abuser > http-request deny if { src_get_gpc0 gt 0 } > reqadd X-Forwarded-Proto:\ https > use_backend %[var(req.action)] > default_backend 192.168.203.1-backend > > > > backend 192.168.203.1-backend > balance source > option httpchk GET /captive-portal HTTP/1.0\r\nUser-agent:\ > HAPROXY-load-balancing-check > default-server inter 5s fall 3 rise 2 > option httpclose > option forwardfor > acl status_501 status 501 > acl abuse src_http_req_rate(portal-http-192.168.203.1) ge 48 > acl flag_abuser src_inc_gpc0(portal-http-192.168.203.1) -- > acl abuse src_http_req_rate(portal-https-192.168.203.1) ge 48 > acl flag_abuser src_inc_gpc0(portal-https-192.168.203.1) -- > http-response deny if abuse status_501 flag_abuser > server 127.0.0.1 127.0.0.1:80 check inter 30s > > > frontend portal-http-192.168.203.1 > bind 192.168.203.1:80 > capture request header Host len 40 > stick-table type ip size 1m expire 10s store > gpc0,http_req_rate(10s) > tcp-request connection track-sc1 src > http-request lua.change_host > acl host_exist var(req.host) -m found > http-request set-header Host %[var(req.host)] if host_exist > http-request lua.select > acl action var(req.action) -m found > acl unflag_abuser src_clr_gpc0 -- > http-request allow if action unflag_abuser > http-request deny if { src_get_gpc0 gt 0 } > reqadd X-Forwarded-Proto:\ http > use_backend %[var(req.action)] > default_backend 192.168.203.1-backend > > > frontend portal-https-192.168.203.1 > bind 192.168.203.1:443 ssl no-sslv3 crt > /usr/local/pf/conf/ssl/server.pem > capture request header Host len 40 > stick-table type ip size 1m expire 10s store > gpc0,http_req_rate(10s) > tcp-request connection track-sc1 src > http-request lua.change_host > acl host_exist var(req.host) -m found > http-request set-header Host %[var(req.host)] if host_exist > http-request lua.select > acl action var(req.action) -m found > acl unflag_abuser src_clr_gpc0 -- > http-request allow if action unflag_abuser > http-request deny if { src_get_gpc0 gt 0 } > reqadd X-Forwarded-Proto:\ https > use_backend %[var(req.action)] > default_backend 192.168.203.1-backend > <<<< > > here is my pf.conf > >>>> > [general] > domain=XXXXXXX.de > hostname=portal > timezone=Europe/Berlin > [network] > dhcp_process_ipv6=disabled > interfaceSNAT=ens34 > [fencing] > passthrough=disabled > interception_proxy=enabled > [database] > pass=XXXXXXX > [services] > radiusd_acct=enabled > httpd_collector=enabled > [inline] > ports_redirect=80/tcp,443/tcp,8080/tcp > interfaceSNAT=ens34 > [captive_portal] > ip_address=192.168.203.1 > network_detection_ip=192.168.203.1 > network_redirect_delay=20s > [advanced] > language=de_DE > update_iplog_with_accounting=enabled > multihost=enabled > configurator=disabled > netflow_on_all_networks=enabled > [radius_configuration] > record_accounting_in_sql=disabled > [dns_configuration] > record_dns_in_sql=enabled > [interface ens32] > type=management > ip=192.168.8.2 > mask=255.255.255.224 > [interface ens33] > type=internal > enforcement=inlinel2 > mask=255.255.255.0 > ip=192.168.203.1 > [interface ens34] > type=other,dns > ipv6_address=2003:00d4:1f49:6600:020c:29ff:fe31:e3b7 > mask=255.255.255.224 > ip=192.168.8.34 > ipv6_prefix=64 > <<<< > > How can I fix the error? > > mit besten Grüßen > > Ronald Zestermann > SB System/Netzwerk > > > -----Ursprüngliche Nachricht----- > Von: Zammit, Ludovic via PacketFence-users < > packetfence-users@lists.sourceforge.net> > Gesendet: Dienstag, 7. September 2021 14:34 > An: packetfence-users@lists.sourceforge.net > Cc: Zammit, Ludovic <luza...@akamai.com> > Betreff: Re: [PacketFence-users] haproxy portal > > Hello Christopher, > > If you did not touch the haproxy proxy config files there is a good chance > it’s a misconfiguration of the IPs on the interfaces. > > Check you server IP config and then compare it to conf/pf.conf > > If you do any modification in the conf/pf.conf don’t forget to force > reload them with /usr/local/pf/bin/pfcmd configreload hard > > Thanks! > > > Ludovic Zammit > Product Support Engineer Principal > < > https://www.akamai.com/us/en/multimedia/images/custom/2019/logo-no-tag-93x45.png> > > > Cell: +1.613.670.8432 > Akamai Technologies - Inverse > 145 Broadway > Cambridge, MA 02142 > > > Connect with Us: <https://community.akamai.com> < > http://blogs.akamai.com> <https://twitter.com/akamai> < > http://www.facebook.com/AkamaiTechnologies> < > http://www.linkedin.com/company/akamai-technologies> < > http://www.youtube.com/user/akamaitechnologies?feature=results_main> > > > On Aug 30, 2021, at 7:58 PM, Christopher Gilimete via > PacketFence-users <packetfence-users@lists.sourceforge.net <mailto: > packetfence-users@lists.sourceforge.net> > wrote: > > Please help me with my setup, I can not start the service haproxy > portal. It is stuck trying to start the service. Here is the message > > Aug 31 10:56:04 covid systemd: Unit > packetfence-haproxy-portal.service entered failed state. > Aug 31 10:56:04 covid systemd: packetfence-haproxy-portal.service > failed. > Aug 31 10:56:04 covid systemd: packetfence-haproxy-portal.service > holdoff time over, scheduling restart. > Aug 31 10:56:04 covid systemd: Stopped PacketFence HAProxy Load > Balancer for the captive portal. > Aug 31 10:56:04 covid systemd: Starting PacketFence HAProxy Load > Balancer for the captive portal... > Aug 31 10:56:08 covid haproxy: [ALERT] 242/105608 (6806) : > Error(s) found in configuration file : > /usr/local/pf/var/conf/haproxy-portal.conf > Aug 31 10:56:08 covid haproxy: [ALERT] 242/105608 (6806) : Fatal > errors found in configuration. > Aug 31 10:56:08 covid systemd: packetfence-haproxy-portal.service: > main process exited, code=exited, status=1/FAILURE > Aug 31 10:56:08 covid systemd: Failed to start PacketFence HAProxy > Load Balancer for the captive portal. > Aug 31 10:56:08 covid systemd: Unit > packetfence-haproxy-portal.service entered failed state. > Aug 31 10:56:08 covid systemd: packetfence-haproxy-portal.service > failed. > Aug 31 10:56:08 covid systemd: packetfence-haproxy-portal.service > holdoff time over, scheduling restart. > Aug 31 10:56:08 covid systemd: Stopped PacketFence HAProxy Load > Balancer for the captive portal. > Aug 31 10:56:08 covid systemd: Starting PacketFence HAProxy Load > Balancer for the captive portal... > Aug 31 10:56:11 covid haproxy: [ALERT] 242/105611 (6818) : > Error(s) found in configuration file : > /usr/local/pf/var/conf/haproxy-portal.conf > Aug 31 10:56:11 covid haproxy: [ALERT] 242/105611 (6818) : Fatal > errors found in configuration. > Aug 31 10:56:11 covid systemd: packetfence-haproxy-portal.service: > main process exited, code=exited, status=1/FAILURE > Aug 31 10:56:11 covid systemd: Failed to start PacketFence HAProxy > Load Balancer for the captive portal. > Aug 31 10:56:11 covid systemd: Unit > packetfence-haproxy-portal.service entered failed state. > Aug 31 10:56:11 covid systemd: packetfence-haproxy-portal.service > failed. > Aug 31 10:56:12 covid systemd: packetfence-haproxy-portal.service > holdoff time over, scheduling restart. > Aug 31 10:56:12 covid systemd: Stopped PacketFence HAProxy Load > Balancer for the captive portal. > Aug 31 10:56:12 covid systemd: Starting PacketFence HAProxy Load > Balancer for the captive portal... > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net <mailto: > PacketFence-users@lists.sourceforge.net> > > https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!FI0PWsp2vZjplE_xGEeeJsorAHTtocDvn9KMVGvduhgqJOM7d91c4ZdXEQBDxM6X$ > > > > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
