Hello Andrew, you will have to provide the networks,conf and pf.conf file in order to understand the issue. And what is 172.0.0.2 ? is it defined somewhere ?
Regards Fabrice Le ven. 17 mars 2023 à 16:39, Andrew Torry via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > RESTRICTED > > Hi Folks, > > > > Maybe someone can help me out? We have been using PF now for over 6 years > and are very happy with it. But > > we need to upgrade it to stay in line with our security policies. > > > > We have a fully working 6.5 installation and a shadow 9.0 installation > that are both working in out-of-band > > routed mode. > > > > The current PF servers have two NICs each:- > > Eth0 - Management > running the ‘portal’ daemon > > Eth1 - Registration > > > > We have several routed networks (several wired ones and several centrally > managed Wireless networks) > > The DHCP activity from these networks is ‘reflected’ from or network DHCP > servers to the PF management interface so that the > > Nodes and IPLog tables are maintained correctly – effectively removing the > need for the PF server to provide DHCP services. > > > > The network DHCP servers are configured to use the IP address of the > registration interface (eth1) as the only name server. > > > > We are using ‘MAC Authentication Bypass’ on our Cisco switches and our > WiFi estate is controlled by a Wireless Lan Controller. > > > > In order to upgrade to a newer version of PF we have been building out a > new 12.2 server but we cannot get our routed test network > > to work despite it being configured precisely the same way as with the > working networks and PF servers. > > > > We have a complete ‘connection profile’ in place and relevant other > configuration to match the working servers. > > > > When connected to the registration network(s) of our existing PF server > all DNS requests reply with the IP address of the management interface and > > display the captive portal to the end user as expected. > > > > When I connect to a routed registration network the new PF12 server is > responding to all DNS requests with the IP address 172.0.0.2 which of > course is not > > routed on our network in any shape or form. > > > > Is a fully routed ‘out-of-band’ solution no longer supported in 12.2 or am > I missing something here. > > > > Regards > > > > Andrew > > RESTRICTED > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
