[PacketFence-users] PF12.2 out-of-band routed mode not working - No DNS or Captive Portal

Fri, 17 Mar 2023 13:38:01 -0700 

RESTRICTED

Hi Folks,

Maybe someone can help me out? We have been using PF now for over 6 years and 
are very happy with it. But
we need to upgrade it to stay in line with our security policies.

We have a fully working 6.5 installation and a shadow 9.0 installation that are 
both working in out-of-band
routed mode.

The current PF servers have two NICs each:-
                Eth0                       -              Management running 
the 'portal' daemon
                Eth1                       -              Registration

We have several routed networks (several wired ones and several centrally 
managed Wireless networks)
The DHCP activity from these networks is 'reflected' from or network DHCP 
servers to the PF management interface so that the
Nodes and IPLog tables are maintained correctly - effectively removing the need 
for the PF server to provide DHCP services.

The network DHCP servers are configured to use the IP address of the 
registration interface (eth1) as the only name server.

We are using 'MAC Authentication Bypass' on our Cisco switches and our WiFi 
estate is controlled by a Wireless Lan Controller.

In order to upgrade to a newer version of PF we have been building out a new 
12.2 server but we cannot get our routed test network
to work despite it being configured precisely the same way as with the working 
networks and PF servers.

We have a complete 'connection profile' in place and relevant other 
configuration to match the working servers.

When connected to the registration network(s) of our existing PF server all DNS 
requests reply with the IP address of the management interface and
display the captive portal to the end user as expected.

When I connect to a routed registration network the new PF12 server is 
responding to all DNS requests with the IP address 172.0.0.2 which of course is 
not
routed on our network in any shape or form.

Is a fully routed 'out-of-band' solution no longer supported in 12.2 or am I 
missing something here.

Regards

Andrew


RESTRICTED

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users






















					Reply via email to