And forgive me if I’m asking it again, you are not using PF as DHCP server as it is a purely in the out-of-band mode.
I’m pulling my hair trying to understand why all of a sudden PF lost an ability to track endpoints and shows their MAC addresses as zeros. I hate to use PF as DHCP server as it will screw things out. Unless have it reply only to DHCP relay messages coming from specific IP helpers devices. From: Dale Riley <dri...@pinerichland.org> Sent: Wednesday, December 21, 2022 12:41 PM To: ype...@gmail.com Cc: packetfence-users@lists.sourceforge.net Subject: Re: [PacketFence-users] 502 Bad Gateway on Captive Portal I ended up adding all of the APs in by mac address, specifying the type as unifi controller, controller ip under the radius tab, and the web credentials with https as the transport. On Wed, Dec 21, 2022 at 3:39 PM <ype...@gmail.com <mailto:ype...@gmail.com> > wrote: I see, thanks. Now I face a new challenge and I have no clue how to interpret and fix it. I don’t think I need to reboot the endpoint (both PC and iPhone). Reboot Packetfence ? Also, in your connection profile do you have the filter for Connection type set to Wireless-Web-Auth? And did you enter your Unifi AP by IP or MAC addresses? I don’t have any outputs for this command /usr/local/pf/bin/pfcmd cache switch_distributed list And I do remember previously it was giving me quite a list. Scratching my head and trying to understand what is wrong …. From: Dale Riley <dri...@pinerichland.org <mailto:dri...@pinerichland.org> > Sent: Wednesday, December 21, 2022 12:15 PM To: ype...@gmail.com <mailto:ype...@gmail.com> Cc: packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net> Subject: Re: [PacketFence-users] 502 Bad Gateway on Captive Portal Try switching to the legacy interface, but it's prob the same. Exclude the HTTPS:\\. In the legacy interface, I can't edit the http:\\ portion, so only enter the host name. On Wed, Dec 21, 2022 at 3:12 PM <ype...@gmail.com <mailto:ype...@gmail.com> > wrote: Interesting… Your redirect URL starts with the protocol, i.e. http. Mine doesn’t allow to start it with the protocol. Apparently it is due to the difference between Unifi versions. Mine is the latest, i.e. 7.3.76. Yours is one of the previous I guess due to differences in interface. And I guess the default expiration is not relevant because it should be controlled by the PF and the role assigned during a device registration? From: Dale Riley <dri...@pinerichland.org <mailto:dri...@pinerichland.org> > Sent: Wednesday, December 21, 2022 11:57 AM To: ype...@gmail.com <mailto:ype...@gmail.com> Cc: packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net> Subject: Re: [PacketFence-users] 502 Bad Gateway on Captive Portal On Wed, Dec 21, 2022 at 2:54 PM <ype...@gmail.com <mailto:ype...@gmail.com> > wrote: Dale, What are you settings in Unifi controller guest hotspot profile, specifically these ones? From: Dale Riley <dri...@pinerichland.org <mailto:dri...@pinerichland.org> > Sent: Wednesday, December 21, 2022 11:15 AM To: ype...@gmail.com <mailto:ype...@gmail.com> Cc: packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net> Subject: Re: [PacketFence-users] 502 Bad Gateway on Captive Portal Update: Proxmox container didn't work since it doesnt have access to the kernel. Ubuntu 20.04 and 22.04 i had trouble even getting packetfence installed. Reinstalled using the 12.1 ISO in proxmox as a regular VM. Got Unifi working and the captive portal works fine. I'm noticing elements of the UI look different so something must not have updated correctly on the old install. Next issue, I can't figure out where to store the custom logo for the captive portal. I have no idea where the default logo and /common folder are and cant find them. I cant find anything documented on where the root folder is that the portal is looking at. Anyone have insight on this? On Wed, Dec 21, 2022 at 8:24 AM Dale Riley <dri...@pinerichland.org <mailto:dri...@pinerichland.org> > wrote: I looked through most of the logs and nothing is happening other than the 502 return to the client when it happens. I'm going to rebuild using an ubuntu container in proxmox today, we'll see how this goes. Redirection URL is just our website. On Tue, Dec 20, 2022 at 10:17 PM <ype...@gmail.com <mailto:ype...@gmail.com> > wrote: Did you check haproxy_portal.log for any telltale clues ? In you connection profile what is the redirection URL ? I set it to our company website and initially the connection to guest SSID ended up with fetching this page. But then it all was broken Eugene From: Dale Riley <dri...@pinerichland.org <mailto:dri...@pinerichland.org> > Sent: Tuesday, December 20, 2022 5:28 PM To: ype...@gmail.com <mailto:ype...@gmail.com> Cc: packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net> Subject: Re: [PacketFence-users] 502 Bad Gateway on Captive Portal I had it as the IP address only, but changed to redirect using hostname as you pictured as part of this troubleshooting. One thing I noticed on initial setup is that you NEED to reboot your APs after setting everything up before it will work properly. Currently, my clients are able to get to the initial portal pages, enter in the email address or SMS phone number, but get the 502 bad gateway about 20 seconds after clicking continue button on the entry screen. On Tue, Dec 20, 2022 at 8:24 PM <ype...@gmail.com <mailto:ype...@gmail.com> > wrote: And what I’m mad about right now is that with Unifi configured for an external gateway pointing to PF all endpoints previously registered with PF and were subsequently manually unregistered connect to the SSID without any redirection as if it an open SSID. I also ran tcpdump on Unifi controller when they connect and silence, no traffic. It seems they are cached somehow within Unifi and it allows them without any redirect Eugene From: Dale Riley <dri...@pinerichland.org <mailto:dri...@pinerichland.org> > Sent: Tuesday, December 20, 2022 4:48 PM To: ype...@gmail.com <mailto:ype...@gmail.com> Cc: packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net> Subject: Re: [PacketFence-users] 502 Bad Gateway on Captive Portal I just made sure today that PF was updated. Active directory auth seems to work, further testing on that tomorrow. Both SMS and Email guest registration give the same result. This is out of band. Unifi is redirecting the captive portal to the DNS name of the packetfence install, which is on the server network. Portal is enabled on the management interface. I may need to go through and reinstall PF. I had a lot of trouble getting it working initially, and rebuilt everything from scratch to get it to work. I've just been updating using apt up until now. On Tue, Dec 20, 2022 at 7:37 PM <ype...@gmail.com <mailto:ype...@gmail.com> > wrote: It looks and sounds we need to create a sub-group of those integrating Unifi with PF. Are you on the latest version of PF, Dale ? How do you register the device with the phone number? I believe it is via SMS ? Is your deployment in-band or out-of-band ? I followed the instructions described in the PF latest deployment guide https://www.packetfence.org/downloads/PacketFence/doc/PacketFence_Installation_Guide.pdf And it seems to work but it is not consistent and I keep running into newly discovered problems that I described in the previous email Eugene From: Dale Riley via PacketFence-users <packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net> > Sent: Tuesday, December 20, 2022 5:02 AM To: packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net> Cc: Dale Riley <dri...@pinerichland.org <mailto:dri...@pinerichland.org> > Subject: [PacketFence-users] 502 Bad Gateway on Captive Portal I have an install of PacketFence and it's been working fine for months. Using the captive portal with Unifi APs and a controller. On new registrations, the captive portal comes up fine, but when entering an email or phone number for registration and clicking continue, you get a 502 Bad Gateway. I can't find any relevant logs. Any help would be appreciated. _____ _____ _____ <https://www.pinerichland.org/cms/lib/PA01001138/Centricity/Domain/2/PRSD.jpg>
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
