Re: [PacketFence-users] Inline Pfbandwidthd: Entries with inline interface IP in inline_accounting table!!!
Any comment or help regarding the issue (in last mail) from anyone Regards, --Chinmay From: "Chinmay Mahata" chinmay_mah...@rediffmail.com Sent: Wed, 16 Dec 2015 16:51:43 To: "packetfence-users " packetfence-users@lists.sourceforge.net Subject: [PacketFence-users] Inline Pfbandwidthd: Entries with inline interface IP in inline_accounting table!!! Hi All, I am using PF, version 5.4.0, in inline enforcement and running the service "pfbandwidthd". The issue I am facing is that I am getting bandwidth entries (inbytes/outbytes) in inline_accounting table containing the inline interface-IP (inline device: eth0, IP: 192.168.12.254, Net: 192.168.12.0/24, management dev: eth1, IP: 192.168.1.240/24). In file "sbin/pfbandwidthd" the Pcap::Compile function applying filter string on eth0 as: "ether proto \ip and not ( host 127.0.0.1 or host 192.168.12.254 or host 192.168.12.255 or host 192.168.1.240 or host 192.168.1.255 ) and (net 192.168.12.0/24)". So the script should not get any packet with IP 192.168.12.254 from Pcap, and should not insert any entry with IP 192.168.12.254 in the DB table inline_accounting. But in mySql DB table "inline_accounting" I can see the entries with IP 192.168.12.254 which is my inline interface's IP But when I try the same filter with tcpdump on interface eth0 from command line I couldn't find and packet capture log. It looks interface/device settings are OK. Could anybody please let me know they are also facing the same issue or my understanding is not correct? Do I need to do anything else to fix this? If you need any more info please let me know. Thanks in advance. --Chinmay -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Inline Pfbandwidthd: Entries with inline interface IP in inline_accounting table!!!
Hi All, I am using PF, version 5.4.0, in inline enforcement and running the service "pfbandwidthd". The issue I am facing is that I am getting bandwidth entries (inbytes/outbytes) in inline_accounting table containing the inline interface-IP (inline device: eth0, IP: 192.168.12.254, Net: 192.168.12.0/24, management dev: eth1, IP: 192.168.1.240/24). In file "sbin/pfbandwidthd" the Pcap::Compile function applying filter string on eth0 as: "ether proto \ip and not ( host 127.0.0.1 or host 192.168.12.254 or host 192.168.12.255 or host 192.168.1.240 or host 192.168.1.255 ) and (net 192.168.12.0/24)". So the script should not get any packet with IP 192.168.12.254 from Pcap, and should not insert any entry with IP 192.168.12.254 in the DB table inline_accounting. But in mySql DB table "inline_accounting" I can see the entries with IP 192.168.12.254 which is my inline interface's IP But when I try the same filter with tcpdump on interface eth0 from command line I couldn't find and packet capture log. It looks interface/device settings are OK. Could anybody please let me know they are also facing the same issue or my understanding is not correct? Do I need to do anything else to fix this? If you need any more info please let me know. Thanks in advance. --Chinmay -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Hybrid support : Inline Enforcement with RADIUS
Dear Fabrice, Thanks a lot for your response. Nice to know that to get the accounting information I need to configure RADIUS accounting. Now things come into my mind: Is it possible I can configure RADIUS accounting in Packetfence with plain/simple inline enforcement (with un-managed devices)? If so could you please give me some pointers how to configure. Or Is it mandatory that Packetfence should be in hybrid mode (or in out-of-bound/VLAN mode) to configure RADIUS accounting? Honestly, I could not make out much of hybrid mode from the Administration Guide document :-( . Please excuse me if I am asking stupid questions. Thanks in advance. Best regards, --Chinmay From: Fabrice DURAND fdur...@inverse.ca Sent: Thu, 10 Dec 2015 20:51:03 To: packetfence-users@lists.sourceforge.net Subject: Re: [PacketFence-users] Hybrid support : Inline Enforcement with RADIUS Hello Chinmay, Le 2015-12-10 10:05, Chinmay Mahata a écrit: -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Hybrid support : Inline Enforcement with RADIUS
Dear Fabrice, Thanks again for your quick response. So did you mean to say that even in plain inline enforcement (with un-managed devices/APs) I can configure RADIUS Accounting and get the accounting information? Best regards, --Chinmay From: Fabrice DURAND fdur...@inverse.ca Sent: Fri, 11 Dec 2015 18:55:34 To: packetfence-users@lists.sourceforge.net Subject: Re: [PacketFence-users] Hybrid support : Inline Enforcement with RADIUS Hello Chinmay, what you can do is to define the inline vlan for all your defined roles (Switch role config in packetfence). It should work just like that because when the device is on the inline vlan then the connection_type change from Wireless-EAP/Wireless-NOEAP to inline. Regards Fabrice Le 2015-12-11 06:00, Chinmay Mahata a écrit: Get your own FREE website, FREE domain FREE mobile app with Company email. Know More -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Hybrid support : Inline Enforcement with RADIUS
Any comment or any kind of help from anybody Thanks in advance. Regards, --Chinmay From: "Chinmay Mahata" chinmay_mah...@rediffmail.com Sent: Wed, 09 Dec 2015 20:14:27 To: "packetfence-users " packetfence-users@lists.sourceforge.net Subject: [PacketFence-users] Hybrid support : Inline Enforcement with RADIUS Hi, I have currently deployed packetfence 5.4.0, inline enforcement and testing it, and it is working very well. Now I want to deploy PF with Hybrid support (Inline Enforcement with internal RADIUS support) using 802.1x supported APs. From the administration document it is NOT clear what are benefits/features we can avail in (inline)Hybrid mode packetfence other than dot1x layer 2 authentication. Also not sure how to configure. In other way my queries: Is there a way to get accounting information like bandwidth usage, time of internet usage, data usage from a packetfence in inline mode with inline RADIUS? One more query: Can I set idle time-out for the users/guests so that they will be un/de-registered after that duration of inactivity in inline mode packetfence? Any comment will be appreciated. Best regards, --Chinmay -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Hybrid support : Inline Enforcement with RADIUS
Hi, I have currently deployed packetfence 5.4.0, inline enforcement and testing it, and it is working very well. Now I want to deploy PF with Hybrid support (Inline Enforcement with internal RADIUS support) using 802.1x supported APs. From the administration document it is NOT clear what are benefits/features we can avail in (inline)Hybrid mode packetfence other than dot1x layer 2 authentication. Also not sure how to configure. In other way my queries: Is there a way to get accounting information like bandwidth usage, time of internet usage, data usage from a packetfence in inline mode with inline RADIUS? One more query: Can I set idle time-out for the users/guests so that they will be un/de-registered after that duration of inactivity in inline mode packetfence? Any comment will be appreciated. Best regards, --Chinmay -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Users Registration Window
Hi, I have a new requirement, I need to add time fields (not dates only) in Registration Window of Users Creation page for both valid from and expiration. Currently we can only select dates from the calendar menu. Could anyone please help me and let me know how and where I can do that? Some snippet of codes. Thanks in advance. Regards, --Chinmay -- Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. http://pubads.g.doubleclick.net/gampad/clk?id=254741551=/4140___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] pfdhcplistener
Dear Derek, Thanks for listing the issue/feature. Definitely I will follow up the progress. Best regards, --Chinmay From: Derek Wuelfrath dwuelfr...@inverse.ca Sent: Mon, 19 Oct 2015 23:36:56 To: ML PF packetfence-users@lists.sourceforge.net Subject: Re: [PacketFence-users] pfdhcplistener Chinmay,I created an issue (more like a feature request) on Github:https://github.com/inverse-inc/packetfence/issues/966You can follow up on that issue to see the progress.Thanks Cheers!dw.缯divDerek wuelfrathdwuelfr...@inverse.ca :: +1.514.447.4918 (x110) :: +1.866.353.6153 (x110)Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) On Oct 14, 2015, at 1:00 PM, Derek Wuelfrath dwuelfr...@inverse.ca wrote:Nicola,Could'nt you obtain the required behaviour specifying the IP of the DHCP server in the corresponding box in Configuration-General?That is not related.What Chinmay is asking is basically that PacketFence to stop listening for DHCP packet (pfdhcplistener) on management interface to avoid node table getting populated by nodes outside of the PacketFence inline network. Cheers!dw.缯divDerek wuelfrathdwuelfr...@inverse.ca :: +1.514.447.4918 (x110) :: +1.866.353.6153 (x110)Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) On Oct 14, 2015, at 11:15 AM, Nicola Canepa canep...@mmfg.it wrote:Could'nt you obtain the required behaviour specifying the IP of the DHCP server in the corresponding box in Configuration-General?NicolaIl 14/10/15 09:15, Chinmay Mahata ha scritto:-- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] pfdhcplistener
Dear Derek, Thanks a lot for your response. Please do let me know when you get something for my issue. Regards, --Chinmay From: Derek Wuelfrath dwuelfr...@inverse.ca Sent: Tue, 13 Oct 2015 20:23:57 To: ML PF packetfence-users@lists.sourceforge.net Subject: Re: [PacketFence-users] pfdhcplistener Hello Chinmay,I’m looking at it and I’ll get back to you. Cheers!dw.—Derek wuelfrathdwuelfr...@inverse.ca :: +1.514.447.4918 (x110) :: +1.866.353.6153 (x110)Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) On Oct 13, 2015, at 2:17 AM, Chinmay Mahata chinmay_mah...@rediffmail.com wrote:Dear Derek, Any thought on my issue.Regards,--ChinmayFrom: "Chinmay Mahata" chinmay_mah...@rediffmail.comSent: Fri, 09 Oct 2015 18:13:36 To: "packetfence-users@lists.sourceforge.net" packetfence-users@lists.sourceforge.netSubject: Re: [PacketFence-users] pfdhcplistenerDear Derek, Thanks for your quick response. I think I could not describe my problem/query properly.DHCPD is running on only one interface (eth0) of my PF server, no issue with that.Actually at the WAN side (upstream) of my PF server there is another DHCP server is running (though PF server WAN has static IP). Since pfdhcplistener is running at eth1(WAN) also, in the node (web)page I can see many unregistered nodes of WAN network which I don't want. I want to see only those nodes in the webpage which are under PF server and who are getting IP addresses from DHCP server running in PF server (on eth0). Hope pfdhcplistener on eth0 only can catch those. So I want to run only one instance of pfdhcplistener on interface eth0 (pfdhcplistener_eth0). Please let me know how can I do that.Thanks again Derek.Regards,--Chinmay From: Derek Wuelfrath dwuelfr...@inverse.caSent: Thu, 08 Oct 2015 22:11:09 To: ML PF packetfence-users@lists.sourceforge.netSubject: Re: [PacketFence-users] pfdhcplistener Chinmay,The packetfence server is working as a DHCP server.I see that two pfdhcplisteners are running:pfdhcplistener_eth0,pfdhcplistener_eth1.But I want to run only one pfdhcplistener viz.pfdhcplistener_eth0. Can it be possible (or it may cause other problem)? Which config item do I need to modify for that?‘pfdhcplistener’, as its name says, listen for dhcp packets.PacketFence starts a ‘pfdhcplistener’ daemon on each of the required network interfaces (in this case, management and inline ).‘pfdhcplistener’ is not acting as a DHCP server, dhcpd is. ‘pfdhcplistener’ is only listening to DHCP packet for MAC - IP association useful in PacketFence.If you do aps uafx | grep dhcpdyou should see the dhcpd daemon running with only eth0 as listening interface. Cheers!dw.—Derek wuelfrathdwuelfr...@inverse.ca :: +1.514.447.4918 (x110) :: +1.866.353.6153 (x110)Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) On Oct 8, 2015, at 10:42 AM, Chinmay Mahata chinmay_mah...@rediffmail.com wrote:Hi, I have setup packetfence(5.4.0) with inline enforcement having below interface details (LAN: eth0, WAN: eth1).[interface eth0]enforcement=inlinel2type=internal[interface eth1]type=managementThe packetfence server is working as a DHCP server.I see that two pfdhcplisteners are running: pfdhcplistener_eth0, pfdhcplistener_eth1.But I want to run only one pfdhcplistener viz. pfdhcplistener_eth0. Can it be possible (or it may cause other problem)? Which config item do I need to modify for that?Waiting for your help.Thanks in advance.--Chinmay -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] pfdhcplistener
Hi, I have setup packetfence(5.4.0) with inline enforcement having below interface details (LAN: eth0, WAN: eth1). [interface eth0] enforcement=inlinel2 type=internal [interface eth1] type=management The packetfence server is working as a DHCP server. I see that two pfdhcplisteners are running: pfdhcplistener_eth0, pfdhcplistener_eth1. But I want to run only one pfdhcplistener viz. pfdhcplistener_eth0. Can it be possible (or it may cause other problem)? Which config item do I need to modify for that? Waiting for your help. Thanks in advance. --Chinmay -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Inline PF :: Top 25 Bandwi(d)th Consumers.
Hi PF-Users, I deployed PacketFence with (pure) inline enforcement and it is working fine as far as access control is concerned. But when I go in the report section of the GUI as admin and want to see the "Top 25 Bandwi(d)th Consumers", it is giving error messages "What's going on? There's not enough data to generate this graph. Is PacketFence in production?" I checked that "pfbandwidthd" service is showing as started in the admin GUI, also checked in PF server console the process pfbandwidthd running. In one post in this mailing list I read that this particular report uses "inline_accounting" table of pf MySQL database. So I checked this table contents using server mysql console. It does contain some entries (more than 25 entries) of around 5 distinct IP addresses. I have no clue why I can't see the top 25 b/w consumers reports in the GUI !!! Did I do some mistake or I missed something ? Please let me know. Thanks in advance. Regards, --Chinmay -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Inline PacketFence: Newbie
Hi Fabrice, Thanks a lot for your help. I just disabled NAT, DHCP server and the WAN interface in my AP, then connected PF server with AP's one LAN port. It is working perfectly now. Very nice piece of software! Thanks again for your help. Warm regards, --Chinmay From: Fabrice DURAND fdur...@inverse.ca Sent: Thu, 17 Sep 2015 19:50:24 To: packetfence-users@lists.sourceforge.net Subject: Re: [PacketFence-users] Inline PacketFence: Newbie Hello Chinmay, just disable NAT on your access point and it will work. Regards Fabrice Le 2015-09-17 06:38, Chinmay Mahata a 飲itຼbr -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Inline PacketFence: Newbie
Hi PF Users, I am new to this group and also novice to PacketFence. Though a newbie I successfully setup PF (version 5.3.1), inline enforcement, in Ubuntu (12.04.2 LTS), and all services are running. Below I am describing the problem I am facing, forgive me if it is a repetition. Topology: Internet-- Modem/Router --(eth1)PF_Server(eth0) -- multiple Wifi APs:::nodes I created one guest using the admin gui, generated the password for it, also successfully registered using those guest credentials from a node. But in the admin GUI I can see the registered user as the AP, MAC addr and IP addr (not the node). And all other nodes are successfully going through the PF server without registration. (My APs are cheap and of entry level, doing NAT) My objective is to implement network access control for the nodes. Please help me how can I do that. Below the configuration details. Let me know if you need any more info. Thanks in advance. --Chinmay Config: [general] # # general.domain # # Domain name of PacketFence system. domain=rd.foobar.in # # general.hostname # # Hostname of PacketFence system. This is concatenated with the domain in Apache rewriting rules and therefore must be resolvable by clients. hostname=PF [registration] # # registration.device_registration_role # # The role to assign to gaming devices. If none is specified, the role of the registrant is used. device_registration_role=guest [alerting] # # alerting.emailaddr # # Email address to which notifications of rogue DHCP servers, violations with an action of "email", or any other # PacketFence-related message goes to. emailaddr=x...@xxx.com [database] # # database.pass # # Password for the mysql database used by PacketFence. pass= [interface eth0] enforcement=inlinel2 ip=192.168.12.254 type=internal mask=255.255.255.0 [interface eth1] ip=192.168.11.3 type=management mask=255.255.255.0 -- Monitor Your Dynamic Infrastructure at Any Scale With Datadog! Get real-time metrics from all of your servers, apps and tools in one place. SourceForge users - Click here to start your Free Trial of Datadog now! http://pubads.g.doubleclick.net/gampad/clk?id=241902991=/4140___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users