subject:"\[PacketFence\-users\] PF12.2 out\-of\-band routed mode not working \- No DNS or Captive Portal"

Re: [PacketFence-users] PF12.2 out-of-band routed mode not working - No DNS or Captive Portal

2023-03-17 Thread Fabrice Durand via PacketFence-users

Hello Andrew,
you will have to provide the networks,conf and pf.conf file in order to
understand the issue.
And what is 172.0.0.2 ? is it defined somewhere ?

Regards
Fabrice


Le ven. 17 mars 2023 à 16:39, Andrew Torry via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :

> RESTRICTED
>
> Hi Folks,
>
>
>
> Maybe someone can help me out? We have been using PF now for over 6 years
> and are very happy with it. But
>
> we need to upgrade it to stay in line with our security policies.
>
>
>
> We have a fully working 6.5 installation and a shadow 9.0 installation
> that are both working in out-of-band
>
> routed mode.
>
>
>
> The current PF servers have two NICs each:-
>
> Eth0   -  Management
> running the ‘portal’ daemon
>
> Eth1   -  Registration
>
>
>
> We have several routed networks (several wired ones and several centrally
> managed Wireless networks)
>
> The DHCP activity from these networks is ‘reflected’ from or network DHCP
> servers to the PF management interface so that the
>
> Nodes and IPLog tables are maintained correctly – effectively removing the
> need for the PF server to provide DHCP services.
>
>
>
> The network DHCP servers are configured to use the IP address of the
> registration interface (eth1) as the only name server.
>
>
>
> We are using ‘MAC Authentication Bypass’ on our Cisco switches and our
> WiFi estate is controlled by a Wireless Lan Controller.
>
>
>
> In order to upgrade to a newer version of PF we have been building out a
> new 12.2 server but we cannot get our routed test network
>
> to work despite it being configured precisely the same way as with the
> working networks and PF servers.
>
>
>
> We have a complete ‘connection profile’ in place and relevant other
> configuration to match the working servers.
>
>
>
> When connected to the registration network(s) of our existing PF server
> all DNS requests reply with the IP address of the management interface and
>
> display the captive portal to the end user as expected.
>
>
>
> When I connect to a routed registration network the new PF12 server is
> responding to all DNS requests with the IP address 172.0.0.2 which of
> course is not
>
> routed on our network in any shape or form.
>
>
>
> Is a fully routed ‘out-of-band’ solution no longer supported in 12.2 or am
> I missing something here.
>
>
>
> Regards
>
>
>
> Andrew
>
> RESTRICTED
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] PF12.2 out-of-band routed mode not working - No DNS or Captive Portal

2023-03-17 Thread Andrew Torry via PacketFence-users

RESTRICTED

Hi Folks,

Maybe someone can help me out? We have been using PF now for over 6 years and 
are very happy with it. But
we need to upgrade it to stay in line with our security policies.

We have a fully working 6.5 installation and a shadow 9.0 installation that are 
both working in out-of-band
routed mode.

The current PF servers have two NICs each:-
Eth0   -  Management running 
the 'portal' daemon
Eth1   -  Registration

We have several routed networks (several wired ones and several centrally 
managed Wireless networks)
The DHCP activity from these networks is 'reflected' from or network DHCP 
servers to the PF management interface so that the
Nodes and IPLog tables are maintained correctly - effectively removing the need 
for the PF server to provide DHCP services.

The network DHCP servers are configured to use the IP address of the 
registration interface (eth1) as the only name server.

We are using 'MAC Authentication Bypass' on our Cisco switches and our WiFi 
estate is controlled by a Wireless Lan Controller.

In order to upgrade to a newer version of PF we have been building out a new 
12.2 server but we cannot get our routed test network
to work despite it being configured precisely the same way as with the working 
networks and PF servers.

We have a complete 'connection profile' in place and relevant other 
configuration to match the working servers.

When connected to the registration network(s) of our existing PF server all DNS 
requests reply with the IP address of the management interface and
display the captive portal to the end user as expected.

When I connect to a routed registration network the new PF12 server is 
responding to all DNS requests with the IP address 172.0.0.2 which of course is 
not
routed on our network in any shape or form.

Is a fully routed 'out-of-band' solution no longer supported in 12.2 or am I 
missing something here.

Regards

Andrew


RESTRICTED
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] PF12.2 out-of-band routed mode not working - No DNS or Captive Portal

[PacketFence-users] PF12.2 out-of-band routed mode not working - No DNS or Captive Portal

2 matches

Site Navigation

Mail list logo

Footer information