subject:"\[PacketFence\-users\] R\: R\: R\: R\: R\: R\: network\-access\-detection"

Re: [PacketFence-users] R: R: R: R: R: R: network-access-detection

2017-08-17 Thread Durand fabrice via PacketFence-users


Hello Alessandro,

A)

first try to replace the network detection ip to 192.95.20.194.

Next if you use fqdn instead of an ip address then you have to keep in 
mind that even if the packetfence's dns server return a ttl of 15s the 
browser have his own dns cache (like 1 minutes).


So if the device is reg then you will have to wait 1 minute until the 
detection works.


B)

if you route instead of using nat then you have to be sure that 
192.95.20.194 know 192.168.30.0/24


Regards

Fabrice



Le 2017-08-17 à 10:31, Alessandro Canella a écrit :


first solved (thanks for DNS help…)

A)I’ve discovered that network access gif after login is accessible 
ONLY via DNS call 
(DNS_SERVER_NAME.net/common/network-access-detection.gif works, 
SERVER_MANAGEMENT_IP/common/network-access-detection.gif didn't) seems 
an apache misconfig. I've bypassed using inline IP address 
(192.168.30.1) as network detection


B)Route, this is mine.

default via 153.47.30.2 dev eth0

153.47.30.0/25 dev eth0  proto kernel  scope link  src 153.47.30.99

169.254.0.0/16 dev eth0  scope link  metric 1002

169.254.0.0/16 dev eth0.30  scope link  metric 1003

192.168.30.0/24 dev eth0.30  proto kernel scope link  src 192.168.30.1

But I say I've got "some networks" behind PF. And seems that 
192.168.30.0 requests isn't routed to 153.47.30.2...


*Da:*Fabrice Durand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]

*Inviato:* giovedì 17 agosto 2017 14.30
*A:* packetfence-users@lists.sourceforge.net
*Cc:* Fabrice Durand 
*Oggetto:* Re: [PacketFence-users] R: R: R: R: R: network-access-detection

Ok so first fix the PacketFence server in order to be able to reach 
internet .


you need to have the default gateway configured and a valid dns server.

ip route

cat /etc/resolv.conf

Then when it's done your issue will probably be fixed.

Regards

Fabrice

Le 2017-08-17 à 07:30, Alessandro Canella a écrit :

Hello Fabrice:

IP_forward (tested from MGMT ip) result is 1: so, enabled I think.

ZEN seems not know DIG, HOST, NSlookup… so I use Ping “name” and
cannot resolve nothing.

*Da:*Durand fabrice via PacketFence-users
[mailto:packetfence-users@lists.sourceforge.net]
*Inviato:* venerdì 11 agosto 2017 01.50
*A:* packetfence-users@lists.sourceforge.net

*Cc:* Durand fabrice  
*Oggetto:* Re: [PacketFence-users] R: R: R: R:
network-access-detection

Hello Alessandro,

what is the result of ? :

cat /proc/sys/net/ipv4/ip_forward

From the pf server are you able to do a query ?
nslookup
> server 153.47.30.113
> inverse.ca

Regards
Fabrice


Le 2017-08-10 à 13:42, Alessandro Canella via PacketFence-users a
écrit :

Here some test:

BEFORE LOGIN

Suffisso DNS specifico per connessione: inlinel2.feo-cer.net

Indirizzo IPv4. . . . . . . . . . . . :
192.168.30.14(Preferenziale)

Gateway predefinito . . . . . . . . . : 192.168.30.1

Server DHCP . . . . . . . . . . . . . : 192.168.30.1

   Server DNS . . . . . . . . . . . . .  : 153.47.30.113

C:\Users\aless>nslookup

Server predefinito:  UnKnown

Address:  153.47.30.113

lancelot.feo-cer.net

Server:  UnKnown

Address:  153.47.30.113

Nome:percival.feo-cer.net

Address:  192.168.30.1

Aliases: lancelot.feo-cer.net.inlinel2.feo-cer.net

AFTER LOGIN

C:\Users\aless>nslookup

DNS request timed out.

timeout was 2 seconds.

Server predefinito:  UnKnown

Address:  153.47.30.113

> server 192.168.30.1

DNS request timed out.

timeout was 2 seconds.

Server predefinito:  [192.168.30.1]

Address:  192.168.30.1

As you see from image attached, portscan …works….query not….

*Da:*Alessandro Canella via PacketFence-users
[mailto:packetfence-users@lists.sourceforge.net]
*Inviato:* giovedì 10 agosto 2017 09.42
*A:* packetfence-users@lists.sourceforge.net

*Cc:* Alessandro Canella 

*Oggetto:* [PacketFence-users] R: R: R: network-access-detection

Fabrice,

I made a test with nslookup. My first hop (PF inline IF) is
closed and cannot reach a remote DNS too. Note that other
proto seems ok.

*Da:*Fabrice Durand via PacketFence-users
[mailto:packetfence-users@lists.sourceforge.net]
*Inviato:* martedì 8 agosto 2017 14.37
*A:* packetfence-users@lists.sourceforge.net

*Cc:* Fabrice Durand >

[PacketFence-users] R: R: R: R: R: R: network-access-detection

2017-08-17 Thread Alessandro Canella via PacketFence-users

first solved (thanks for DNS help…)


A)  I’ve discovered that network access gif after login is accessible ONLY 
via DNS call (DNS_SERVER_NAME.net/common/network-access-detection.gif works, 
SERVER_MANAGEMENT_IP/common/network-access-detection.gif didn't) seems an 
apache misconfig. I've bypassed using inline IP address (192.168.30.1) as 
network detection



B)  Route, this is mine.
default via 153.47.30.2 dev eth0
153.47.30.0/25 dev eth0  proto kernel  scope link  src 153.47.30.99
169.254.0.0/16 dev eth0  scope link  metric 1002
169.254.0.0/16 dev eth0.30  scope link  metric 1003
192.168.30.0/24 dev eth0.30  proto kernel  scope link  src 192.168.30.1

But I say I've got "some networks" behind PF. And seems that 192.168.30.0 
requests isn't routed to 153.47.30.2...





Da: Fabrice Durand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: giovedì 17 agosto 2017 14.30
A: packetfence-users@lists.sourceforge.net
Cc: Fabrice Durand 
Oggetto: Re: [PacketFence-users] R: R: R: R: R: network-access-detection


Ok so first fix the PacketFence server in order to be able to reach internet .

you need to have the default gateway configured and a valid dns server.

ip route

cat /etc/resolv.conf

Then when it's done your issue will probably be fixed.

Regards

Fabrice





Le 2017-08-17 à 07:30, Alessandro Canella a écrit :
Hello Fabrice:

IP_forward (tested from MGMT ip) result is 1: so, enabled I think.

ZEN seems not know DIG, HOST, NSlookup… so I use Ping “name” and cannot resolve 
nothing.




Da: Durand fabrice via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: venerdì 11 agosto 2017 01.50
A: 
packetfence-users@lists.sourceforge.net
Cc: Durand fabrice 
Oggetto: Re: [PacketFence-users] R: R: R: R: network-access-detection


Hello Alessandro,

what is the result of ? :

cat /proc/sys/net/ipv4/ip_forward
From the pf server are you able to do a query ?
nslookup
> server 153.47.30.113
> inverse.ca

Regards
Fabrice


Le 2017-08-10 à 13:42, Alessandro Canella via PacketFence-users a écrit :
Here some test:

BEFORE  LOGIN

  Suffisso DNS specifico per connessione: inlinel2.feo-cer.net
   Indirizzo IPv4. . . . . . . . . . . . : 192.168.30.14(Preferenziale)
   Gateway predefinito . . . . . . . . . : 192.168.30.1
   Server DHCP . . . . . . . . . . . . . : 192.168.30.1
   Server DNS . . . . . . . . . . . . .  : 153.47.30.113
C:\Users\aless>nslookup
Server predefinito:  UnKnown
Address:  153.47.30.113

lancelot.feo-cer.net
Server:  UnKnown
Address:  153.47.30.113
Nome:percival.feo-cer.net
Address:  192.168.30.1
Aliases:  lancelot.feo-cer.net.inlinel2.feo-cer.net


AFTER LOGIN

C:\Users\aless>nslookup
DNS request timed out.
timeout was 2 seconds.
Server predefinito:  UnKnown
Address:  153.47.30.113

> server 192.168.30.1
DNS request timed out.
timeout was 2 seconds.
Server predefinito:  [192.168.30.1]
Address:  192.168.30.1

As you see from image attached, portscan …works….query not….

Da: Alessandro Canella via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: giovedì 10 agosto 2017 09.42
A: 
packetfence-users@lists.sourceforge.net
Cc: Alessandro Canella 

Oggetto: [PacketFence-users] R: R: R: network-access-detection

Fabrice,

I made a test with nslookup. My first hop (PF inline IF) is closed and cannot 
reach a remote DNS too. Note that other proto seems ok.



Da: Fabrice Durand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: martedì 8 agosto 2017 14.37
A: 
packetfence-users@lists.sourceforge.net
Cc: Fabrice Durand >
Oggetto: Re: [PacketFence-users] R: R: network-access-detection


Hello Alessandro,

you probably missconfigured the dns.

Can you give me your networks.conf ?

Regards

Fabrice



Le 2017-08-07 à 11:51, Alessandro Canella via PacketFence-users a écrit :
I’ve retried and checked traffic.

As wrotten, I’m in inline, users authenticate but GIF cannot be retrieved.

But not only : from a successful registered client, I cannot query DNS. And any 
other packet works fine….


How I can check where is “deny” that stops me?



Da: Alessandro Canella via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: venerdì 4 agosto 2017 08.18
A: Ludovic Zammit ; 
packetfence-users@lists.sourceforge.net
Cc: Alessandro Canella 

Oggetto: [PacketFence-users] R: network-access-detection

Hello Ludovic,

I’ve tried with Win10, tested with both IP (I know, if I test the first 
reachable is

[PacketFence-users] R: R: R: R: R: R: network-access-detection

2017-08-17 Thread Alessandro Canella via PacketFence-users

resolv.conf is empty, I assume (ok that’s wrong, I’d understand…..) that NS are 
controlled by another .conf in PF setup…

about NAT and route…. I’d have 10/15 networks on the other side… and seems all 
fine… I will check asap..

Da: Fabrice Durand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: giovedì 17 agosto 2017 14.30
A: packetfence-users@lists.sourceforge.net
Cc: Fabrice Durand 
Oggetto: Re: [PacketFence-users] R: R: R: R: R: network-access-detection


Ok so first fix the PacketFence server in order to be able to reach internet .

you need to have the default gateway configured and a valid dns server.

ip route

cat /etc/resolv.conf

Then when it's done your issue will probably be fixed.

Regards

Fabrice





Le 2017-08-17 à 07:30, Alessandro Canella a écrit :
Hello Fabrice:

IP_forward (tested from MGMT ip) result is 1: so, enabled I think.

ZEN seems not know DIG, HOST, NSlookup… so I use Ping “name” and cannot resolve 
nothing.




Da: Durand fabrice via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: venerdì 11 agosto 2017 01.50
A: 
packetfence-users@lists.sourceforge.net
Cc: Durand fabrice 
Oggetto: Re: [PacketFence-users] R: R: R: R: network-access-detection


Hello Alessandro,

what is the result of ? :

cat /proc/sys/net/ipv4/ip_forward
From the pf server are you able to do a query ?
nslookup
> server 153.47.30.113
> inverse.ca

Regards
Fabrice


Le 2017-08-10 à 13:42, Alessandro Canella via PacketFence-users a écrit :
Here some test:

BEFORE  LOGIN

  Suffisso DNS specifico per connessione: inlinel2.feo-cer.net
   Indirizzo IPv4. . . . . . . . . . . . : 192.168.30.14(Preferenziale)
   Gateway predefinito . . . . . . . . . : 192.168.30.1
   Server DHCP . . . . . . . . . . . . . : 192.168.30.1
   Server DNS . . . . . . . . . . . . .  : 153.47.30.113
C:\Users\aless>nslookup
Server predefinito:  UnKnown
Address:  153.47.30.113

lancelot.feo-cer.net
Server:  UnKnown
Address:  153.47.30.113
Nome:percival.feo-cer.net
Address:  192.168.30.1
Aliases:  lancelot.feo-cer.net.inlinel2.feo-cer.net


AFTER LOGIN

C:\Users\aless>nslookup
DNS request timed out.
timeout was 2 seconds.
Server predefinito:  UnKnown
Address:  153.47.30.113

> server 192.168.30.1
DNS request timed out.
timeout was 2 seconds.
Server predefinito:  [192.168.30.1]
Address:  192.168.30.1

As you see from image attached, portscan …works….query not….

Da: Alessandro Canella via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: giovedì 10 agosto 2017 09.42
A: 
packetfence-users@lists.sourceforge.net
Cc: Alessandro Canella 

Oggetto: [PacketFence-users] R: R: R: network-access-detection

Fabrice,

I made a test with nslookup. My first hop (PF inline IF) is closed and cannot 
reach a remote DNS too. Note that other proto seems ok.



Da: Fabrice Durand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: martedì 8 agosto 2017 14.37
A: 
packetfence-users@lists.sourceforge.net
Cc: Fabrice Durand >
Oggetto: Re: [PacketFence-users] R: R: network-access-detection


Hello Alessandro,

you probably missconfigured the dns.

Can you give me your networks.conf ?

Regards

Fabrice



Le 2017-08-07 à 11:51, Alessandro Canella via PacketFence-users a écrit :
I’ve retried and checked traffic.

As wrotten, I’m in inline, users authenticate but GIF cannot be retrieved.

But not only : from a successful registered client, I cannot query DNS. And any 
other packet works fine….


How I can check where is “deny” that stops me?



Da: Alessandro Canella via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: venerdì 4 agosto 2017 08.18
A: Ludovic Zammit ; 
packetfence-users@lists.sourceforge.net
Cc: Alessandro Canella 

Oggetto: [PacketFence-users] R: network-access-detection

Hello Ludovic,

I’ve tried with Win10, tested with both IP (I know, if I test the first 
reachable is not correct…) I’ve leaved Vlan Enforce due to incopatibility of 
switches, so I’m in inline mode.

I will try to raise timeout to 90 secs and to open it by hand in new tab.

Later I will recap tests.

Thanks in advance.





Da: Ludovic Zammit [mailto:lzam...@inverse.ca]
Inviato: giovedì 3 agosto 2017 19.40
A: 
packetfence-users@lists.sourceforge.net
Cc: Alessandro Canella 
>
Oggetto: Re: [PacketFence-users] network-access-detection

Hello

Re: [PacketFence-users] R: R: R: R: R: R: network-access-detection

[PacketFence-users] R: R: R: R: R: R: network-access-detection

[PacketFence-users] R: R: R: R: R: R: network-access-detection

3 matches

Site Navigation

Mail list logo

Footer information