[PacketFence-users] pfdhcplistener

[Petr Novotny via PacketFence-users]

Hi,



I have problem with pfdhcplistener. In  the pfdhcplistener.log I can see
only dhcp requests from Management and Registration

networks.  I can’t  see dhcp traffic from my WIFI VLAN  in
pfdhcplistener.log and therefore ip addresses are not updatet in pf.



I have  3 nodes packetfence 7.4 cluster on debian distribution.

I added an interface for dhcp-listener in to my pf.conf



[interface eth3.620]

mask=255.255.255.0

type=dhcp-listener

gateway=192.168.100.1

ip=192.168.100.3



so I can see pfdhcplistener running on eth3.620 interface



root@ovapf1:/home/zuova# systemctl status packetfence-pfdhcplistener.service

packetfence-pfdhcplistener.service - PacketFence DHCP Listener Service

   Loaded: loaded (/lib/systemd/system/packetfence-pfdhcplistener.service;
enabled)

   Active: active (running) since Wed 2018-03-28 07:22:38 CEST; 6s ago

Main PID: 2423 (pfdhcplistener)

   Status: "Ready"

   CGroup: /packetfence.slice/packetfence-pfdhcplistener.service

   +¦2423 pfdhcplistener

   +¦2428 pfdhcplistener - eth1

   +¦2429 pfdhcplistener - eth2

   +¦2430 pfdhcplistener - eth0

   L¦2431 pfdhcplistener - eth3.620





Mar 28 07:22:38 ovapf1 pfdhcplistener[2428]: pfdhcplistener(2428) INFO:
[mac:[undef]] DHCP detector on eth1 enabled (main::setup_global)

Mar 28 07:22:38 ovapf1 pfdhcplistener[2428]: pfdhcplistener(2428) INFO:
[mac:[undef]] Reload configuration on eth1 (main::reload_config)

Mar 28 07:22:38 ovapf1 pfdhcplistener[2429]: pfdhcplistener(2429) WARN:
[mac:[undef]] Unable to open VLAN proc description for eth2: No such file
or directory (pf::util::get_vlan_from_int)

Mar 28 07:22:38 ovapf1 pfdhcplistener[2429]: pfdhcplistener(2429) INFO:
[mac:[undef]] DHCP detector on eth2 enabled (main::setup_global)

Mar 28 07:22:38 ovapf1 pfdhcplistener[2429]: pfdhcplistener(2429) INFO:
[mac:[undef]] Reload configuration on eth2 (main::reload_config)

Mar 28 07:22:38 ovapf1 pfdhcplistener[2430]: pfdhcplistener(2430) WARN:
[mac:[undef]] Unable to open VLAN proc description for eth0: No such file
or directory (pf::util::get_vlan_from_int)

Mar 28 07:22:38 ovapf1 pfdhcplistener[2430]: pfdhcplistener(2430) INFO:
[mac:[undef]] DHCP detector on eth0 enabled (main::setup_global)

Mar 28 07:22:38 ovapf1 pfdhcplistener[2430]: pfdhcplistener(2430) INFO:
[mac:[undef]] Reload configuration on eth0 (main::reload_config)

Mar 28 07:22:38 ovapf1 pfdhcplistener[2431]: pfdhcplistener(2431) INFO:
[mac:[undef]] DHCP detector on eth3.620 enabled (main::setup_global)

Mar 28 07:22:38 ovapf1 pfdhcplistener[2431]: pfdhcplistener(2431) INFO:
[mac:[undef]] Reload configuration on eth3.620 (main::reload_config)





I can see dhcp traffic on eth3.620 interface

root@ovapf1:/home/zuova# tcpdump -i eth3.620 port 67 or port 68 -e -n

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on eth3.620, link-type EN10MB (Ethernet), capture size 262144
bytes

07:20:21.952633 88:53:2e:f0:8b:38 > ff:ff:ff:ff:ff:ff, ethertype IPv4
(0x0800), length 360: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request
from 88:53:2e:f0:8b:38, length 318

07:20:21.954861 6c:3b:6b:21:a9:93 > ff:ff:ff:ff:ff:ff, ethertype IPv4
(0x0800), length 342: 192.168.100.1.67 > 255.255.255.255.68: BOOTP/DHCP,
Reply, length 300





Can anyone help me ?

Thanks
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] "pfdhcplistener"/"locationlog" issues....

[Fabrice Durand]

Hello Damiano,

in fact pfdhcplistener update the locationlog for inline setup and we
need the locationlog entry in order to reevaluate the access.

In theory there is no need to have the locationlog, just a way to test
that he ip of the client is in the range of the inline network should do
the job, but PacketFence work as is.


Regards
Fabrice

Le 2017-05-15 à 07:33, Damiano Verzulli a écrit :
> We're trying to setup a new PF box (6.5.1) to replace our current 5.3.1
>
> One of the main reason for such an upgrade is that currently (5.3.1) we
> experience several "pfdhcplistener" issues: it often "hang" preventing the
> captive-portal to retrieve the MAC address of the "client" and, due to
> this, preventing client to be properly managed (BTW: we are in "inline L2"
> mode, where the PF-box acts as gateway for 25 different VLANs)
>
> So we decided to try OMAPI, so that the captive-portal will ask directly
> the dhcp server about the lease, without the needs of the "pfdhcplistener"
> support.
>
> While testing this new environmento (InlineL2 + captive portal + OMAPI and
> _NO_ pfdhcplistener), we are fighting with a new problem: we have an
> _EMPTY_ "locationlog" mysql table and, due to this, we have the captive
> portal that, even if correctly show the remote MAC address in the footer of
> the web page, right after the authentication, it raise an error (in the
> LOGS) like this:
>
> --
> May 15 13:06:14 httpd.portal(3357) WARN: [mac:30:c7:ae:5f:21:59] Can't
> re-evaluate access because no open locationlog entry was found
> (pf::enforcement::reevaluate_access)
> --
>
> Actually it's correct, as the locationlog table is _EMPTY_ and there is
> _NO_ sign, within the whole set of MySQL queries, about "insert" or "update".
>
> After searching troughout the ML-Archive we saw previous issues related to
> "missing locationlog entries" originated by missing/malfunctioning 
> pdhcplister.
>
> So we tryed to _RE-TURN-ON_ the previously shutted-down PFDHCPLISTENER
> process and eveerything went fine. Now the locationlog is properly
> populated, and we guess that this is due to the activity of pfdhcplistener.
>
> So, in the end, the question is:
>
> - do the pfdhcplistener service need to be running even if PF is relying on
> OMAPI?
>
> Thanks,
> DV
>
>
>
>
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

-- 
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org) 

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] "pfdhcplistener"/"locationlog" issues....

[Damiano Verzulli]

We're trying to setup a new PF box (6.5.1) to replace our current 5.3.1

One of the main reason for such an upgrade is that currently (5.3.1) we
experience several "pfdhcplistener" issues: it often "hang" preventing the
captive-portal to retrieve the MAC address of the "client" and, due to
this, preventing client to be properly managed (BTW: we are in "inline L2"
mode, where the PF-box acts as gateway for 25 different VLANs)

So we decided to try OMAPI, so that the captive-portal will ask directly
the dhcp server about the lease, without the needs of the "pfdhcplistener"
support.

While testing this new environmento (InlineL2 + captive portal + OMAPI and
_NO_ pfdhcplistener), we are fighting with a new problem: we have an
_EMPTY_ "locationlog" mysql table and, due to this, we have the captive
portal that, even if correctly show the remote MAC address in the footer of
the web page, right after the authentication, it raise an error (in the
LOGS) like this:

--
May 15 13:06:14 httpd.portal(3357) WARN: [mac:30:c7:ae:5f:21:59] Can't
re-evaluate access because no open locationlog entry was found
(pf::enforcement::reevaluate_access)
--

Actually it's correct, as the locationlog table is _EMPTY_ and there is
_NO_ sign, within the whole set of MySQL queries, about "insert" or "update".

After searching troughout the ML-Archive we saw previous issues related to
"missing locationlog entries" originated by missing/malfunctioning pdhcplister.

So we tryed to _RE-TURN-ON_ the previously shutted-down PFDHCPLISTENER
process and eveerything went fine. Now the locationlog is properly
populated, and we guess that this is due to the activity of pfdhcplistener.

So, in the end, the question is:

- do the pfdhcplistener service need to be running even if PF is relying on
OMAPI?

Thanks,
DV


-- 
Damiano Verzulli
e-mail: dami...@verzulli.it
---
possible?ok:while(!possible){open_mindedness++}
---
"Technical people tend to fall into two categories: Specialists
and Generalists. The Specialist learns more and more about a
narrower and narrower field, until he eventually, in the limit,
knows everything about nothing. The Generalist learns less and
less about a wider and wider field, until eventually he knows
nothing about everything." - William Stucke - AfrISPA
  http://elists.isoc.org/mailman/private/pubsoft/2007-December/001935.html



signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] pfdhcplistener 5.5.0

[Louis Munro]

Hi Christian,
This is indeed a corner case that is not well handled.

The original reason for that was that we assumed that you either use the 
PacketFence dhcpd for all or none of your networks.
If it’s all, then we should be receiving the ACKs.

If it’s none, then we needed to listen for DHCPREQUEST packets.

We try to process the minimum number of packets required to do the job, because 
in a large network that job quickly becomes expensive.

So in your case I can suggest a few ideas to fix it.

1. You could use the PacketFence dhcpd server on all your networks (if that is 
possible for you).
2. You could try using the UDP reflector 
(https://code.google.com/p/udp-reflector/ 
) to send a copy of the ACKs to 
PacketFence.
3. You could patch PacketFence to handle the DHCPREQUESTS in those networks.
4. Look into using OMAPI to have PacketFence query your dhcp server for the 
leases.

I believe option 3 would be fastest to implement.

You could try this patch:

diff --git a/lib/pf/dhcp/processor.pm b/lib/pf/dhcp/processor.pm
index 5b6f6a8..36ee6fe 100644
--- a/lib/pf/dhcp/processor.pm
+++ b/lib/pf/dhcp/processor.pm
@@ -274,7 +274,7 @@ sub parse_dhcp_request {

 # We check if we are running without dhcpd
 # This means we don't see ACK so we need to act on requests
-if((!$self->{running_w_dhcpd} && 
!isenabled($Config{network}{force_listener_update_on_ack})) && 
(defined($client_ip) && defined($client_mac))){
+if((!isenabled($Config{network}{force_listener_update_on_ack})) && 
(defined($client_ip) && defined($client_mac))){
 $self->handle_new_ip($client_mac, $client_ip, $lease_length);
 }



Let us know if it helps.
We’ll have to think of the best way of handling that particular case in the 
future.

Regards,
--
Louis Munro
lmu...@inverse.ca  ::  www.inverse.ca 
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

> On Nov 25, 2015, at 18:10 , Christian Hanster  
> wrote:
> 
> Hi Louis,
> 
> It’s me again and I found the problem finally. It has to do with the 
> rewritten dhcplistener in the new release.
> 
> The new listener configuration is checking, if there is a dhcp server running 
> on the interface. If this is the case then it will not work with dhcp-request 
> packages. In my special case the problem was that I had running the dhcp 
> server on the interface (inlinel2) but not for the inlinel3 network. So the 
> listener was not processing the Request packages. It might be a bug but I do 
> not know how to fix it because the pfdhcplistener is running on interface 
> level. For me it worked when I switched off the dhcp-server on the interface. 
> Probably I will let the dhcp be done by an other server in this network...
> 
> The problem is in line 332ff. in file processor.pm (Tag 5.5.0): 
> https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/dhcp/processor.pm
>  
> 
> 
> Thank you for your help! 
> 
> Kind regards 
> Christian
>> On 25 Nov 2015, at 22:41, Christian Hanster > > wrote:
>> 
>> Hi Louis,
>> 
>> No there are no lines with DHCPACK or OFFER. This is, because there are no 
>> such packets coming (seen in Tcpdump). Our setup is the following: remote 
>> client — LAN— router (with dnsmasq and a relay to PF) =VPN-Tunnel= 
>> VPN-Server —LAN—  PF-Server
>> 
>> So PF is not offering any leases to the remote clients but gets information 
>> from the dnsmasq which is configured as a relay. PF is configured as 
>> inlinel3 for the remote clients. 
>> 
>> the networks.conf is therefore: 
>> [192.168.2.0]
>> dns=192.168.2.254
>> dhcp_start=192.168.2.10
>> gateway=192.168.2.250
>> domain-name=inlinel2.endoo.eu 
>> nat_enabled=enabled
>> named=enabled
>> dhcp_max_lease_time=3600
>> fake_mac_enabled=disabled
>> dhcpd=enabled
>> dhcp_end=192.168.2.246
>> type=inlinel2
>> netmask=255.255.255.0
>> dhcp_default_lease_time=3600
>> 
>> [10.1.13.0]
>> next_hop=192.168.2.2
>> domain-name=inlinel3.endoo.eu 
>> name=inlinel3.endoo.eu 
>> nat_enabled=1
>> named=enabled
>> dhcpd=disabled
>> fake_mac_enabled=0
>> type=inlinel3
>> netmask=255.255.255.0
>> 
>> The dhcp.conf: 
>> # dhcpd configuration
>> # This file is manipulated on PacketFence's startup before being given to 
>> dhcpd
>> authoritative;
>> ddns-update-style none;
>> ignore client-updates;
>> log-facility local6;
>> 
>> # OMAPI for IP <-> MAC lookup
>> omapi-port 7911;
>> key pf_omapi_key {
>> algorithm HMAC-MD5;
>> secret "ghkxVADMEeYe8ikHCjkyu7hQ2abIA/SbcH8Ep6a4FGs=";
>> };
>> omapi-key pf_omapi_key;
>> 
>> 
>> failover peer "192.168.2.0/24" {
>>   secondary;
>>   address 192.168.2.250;
>>   port 647;
>>   peer address 192.168.2.251;
>>   

Re: [PacketFence-users] pfdhcplistener 5.5.0

[Julien Semaan]

Hi Christian,

We have a patch that would be a candidate for 5.5.1 and that would fix 
it for good.


Please see it attached to this mail.

Let us know if it works and it will be added to the next release.

Thanks !

- Julien

On 11/26/2015 09:49 AM, Louis Munro wrote:

Hi Christian,
This is indeed a corner case that is not well handled.

The original reason for that was that we assumed that you either use 
the PacketFence dhcpd for all or none of your networks.

If it’s all, then we should be receiving the ACKs.

If it’s none, then we needed to listen for DHCPREQUEST packets.

We try to process the minimum number of packets required to do the 
job, because in a large network that job quickly becomes expensive.


So in your case I can suggest a few ideas to fix it.

1. You could use the PacketFence dhcpd server on all your networks (if 
that is possible for you).
2. You could try using the UDP reflector 
(https://code.google.com/p/udp-reflector/) to send a copy of the ACKs 
to PacketFence.
3. You could patch PacketFence to handle the DHCPREQUESTS in those 
networks.
4. Look into using OMAPI to have PacketFence query your dhcp server 
for the leases.


I believe option 3 would be fastest to implement.

You could try this patch:

diff --git a/lib/pf/dhcp/processor.pm b/lib/pf/dhcp/processor.pm
index 5b6f6a8..36ee6fe 100644
--- a/lib/pf/dhcp/processor.pm
+++ b/lib/pf/dhcp/processor.pm
@@ -274,7 +274,7 @@ sub parse_dhcp_request {

 # We check if we are running without dhcpd
 # This means we don't see ACK so we need to act on requests
-if((!$self->{running_w_dhcpd} && 
!isenabled($Config{network}{force_listener_update_on_ack})) && 
(defined($client_ip) && defined($client_mac))){
+  if((!isenabled($Config{network}{force_listener_update_on_ack})) && 
(defined($client_ip) && defined($client_mac))){

 $self->handle_new_ip($client_mac, $client_ip, $lease_length);
 }



Let us know if it helps.
We’ll have to think of the best way of handling that particular case 
in the future.


Regards,
--
Louis Munro
lmu...@inverse.ca   :: www.inverse.ca 


+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu ) 
and PacketFence (www.packetfence.org )


On Nov 25, 2015, at 18:10 , Christian Hanster 
> wrote:


Hi Louis,

It’s me again and I found the problem finally. It has to do with the 
rewritten dhcplistener in the new release.


The new listener configuration is checking, if there is a dhcp server 
running on the interface. If this is the case then it will not work 
with dhcp-request packages. In my special case the problem was that I 
had running the dhcp server on the interface (inlinel2) but not for 
the inlinel3 network. So the listener was not processing the Request 
packages. It might be a bug but I do not know how to fix it because 
the pfdhcplistener is running on interface level. For me it worked 
when I switched off the dhcp-server on the interface. Probably I will 
let the dhcp be done by an other server in this network...


The problem is in line 332ff. in file processor.pm (Tag 5.5.0): 
https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/dhcp/processor.pm


Thank you for your help!

Kind regards
Christian
On 25 Nov 2015, at 22:41, Christian Hanster 
> wrote:


Hi Louis,

No there are no lines with DHCPACK or OFFER. This is, because there 
are no such packets coming (seen in Tcpdump). Our setup is the 
following: remote client — LAN— router (with dnsmasq and a relay to 
PF) =VPN-Tunnel= VPN-Server —LAN—  PF-Server


So PF is not offering any leases to the remote clients but gets 
information from the dnsmasq which is configured as a relay. PF is 
configured as inlinel3 for the remote clients.


the networks.conf is therefore:
[192.168.2.0]
dns=192.168.2.254
dhcp_start=192.168.2.10
gateway=192.168.2.250
domain-name=inlinel2.endoo.eu 
nat_enabled=enabled
named=enabled
dhcp_max_lease_time=3600
fake_mac_enabled=disabled
dhcpd=enabled
dhcp_end=192.168.2.246
type=inlinel2
netmask=255.255.255.0
dhcp_default_lease_time=3600

[10.1.13.0]
next_hop=192.168.2.2
domain-name=inlinel3.endoo.eu 
name=inlinel3.endoo.eu 
nat_enabled=1
named=enabled
dhcpd=disabled
fake_mac_enabled=0
type=inlinel3
netmask=255.255.255.0

The dhcp.conf:
# dhcpd configuration
# This file is manipulated on PacketFence's startup before being 
given to dhcpd

authoritative;
ddns-update-style none;
ignore client-updates;
log-facility local6;

# OMAPI for IP <-> MAC lookup
omapi-port 7911;
key pf_omapi_key {
  algorithm HMAC-MD5;
  secret "ghkxVADMEeYe8ikHCjkyu7hQ2abIA/SbcH8Ep6a4FGs=";
};
omapi-key pf_omapi_key;


failover peer "192.168.2.0/24" {
secondary;
address 192.168.2.250;
port 647;

Re: [PacketFence-users] pfdhcplistener 5.5.0

[Christian Hanster]

Hi Louis,

thank you very much for the full response! It helped me a lot. For now we are 
running a dhcp server on an other server for the network as a workaround. I 
will now have a look in all the options and figure out what is the best. 

Concerning the first option I have a question: In the guide it is mentioned 
that you should not use the dhcp-Server of PF as a production server. Because 
of this, it was never an option for us. Is it possible anyway? 

Perhaps you can make a side note in the guide where routed networks are 
discussed. So that this confusion will be avoided when someone else has the 
problem too. 

Kind regards 
Christian 
> On 26 Nov 2015, at 15:49, Louis Munro  wrote:
> 
> Hi Christian,
> This is indeed a corner case that is not well handled.
> 
> The original reason for that was that we assumed that you either use the 
> PacketFence dhcpd for all or none of your networks.
> If it’s all, then we should be receiving the ACKs.
> 
> If it’s none, then we needed to listen for DHCPREQUEST packets.
> 
> We try to process the minimum number of packets required to do the job, 
> because in a large network that job quickly becomes expensive.
> 
> So in your case I can suggest a few ideas to fix it.
> 
> 1. You could use the PacketFence dhcpd server on all your networks (if that 
> is possible for you).
> 2. You could try using the UDP reflector 
> (https://code.google.com/p/udp-reflector/ 
> ) to send a copy of the ACKs to 
> PacketFence.
> 3. You could patch PacketFence to handle the DHCPREQUESTS in those networks.
> 4. Look into using OMAPI to have PacketFence query your dhcp server for the 
> leases.
> 
> I believe option 3 would be fastest to implement.
> 
> You could try this patch:
> 
> diff --git a/lib/pf/dhcp/processor.pm b/lib/pf/dhcp/processor.pm
> index 5b6f6a8..36ee6fe 100644
> --- a/lib/pf/dhcp/processor.pm
> +++ b/lib/pf/dhcp/processor.pm
> @@ -274,7 +274,7 @@ sub parse_dhcp_request {
> 
>  # We check if we are running without dhcpd
>  # This means we don't see ACK so we need to act on requests
> -if((!$self->{running_w_dhcpd} && 
> !isenabled($Config{network}{force_listener_update_on_ack})) && 
> (defined($client_ip) && defined($client_mac))){
> +if((!isenabled($Config{network}{force_listener_update_on_ack})) && 
> (defined($client_ip) && defined($client_mac))){
>  $self->handle_new_ip($client_mac, $client_ip, $lease_length);
>  }
> 
> 
> 
> Let us know if it helps.
> We’ll have to think of the best way of handling that particular case in the 
> future.
> 
> Regards,
> --
> Louis Munro
> lmu...@inverse.ca   ::  www.inverse.ca 
>  
> +1.514.447.4918 x125  :: +1 (866) 353-6153 x125
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu ) and 
> PacketFence (www.packetfence.org )
> 
>> On Nov 25, 2015, at 18:10 , Christian Hanster > > wrote:
>> 
>> Hi Louis,
>> 
>> It’s me again and I found the problem finally. It has to do with the 
>> rewritten dhcplistener in the new release.
>> 
>> The new listener configuration is checking, if there is a dhcp server 
>> running on the interface. If this is the case then it will not work with 
>> dhcp-request packages. In my special case the problem was that I had running 
>> the dhcp server on the interface (inlinel2) but not for the inlinel3 
>> network. So the listener was not processing the Request packages. It might 
>> be a bug but I do not know how to fix it because the pfdhcplistener is 
>> running on interface level. For me it worked when I switched off the 
>> dhcp-server on the interface. Probably I will let the dhcp be done by an 
>> other server in this network...
>> 
>> The problem is in line 332ff. in file processor.pm (Tag 5.5.0): 
>> https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/dhcp/processor.pm
>>  
>> 
>> 
>> Thank you for your help! 
>> 
>> Kind regards 
>> Christian
>>> On 25 Nov 2015, at 22:41, Christian Hanster >> > wrote:
>>> 
>>> Hi Louis,
>>> 
>>> No there are no lines with DHCPACK or OFFER. This is, because there are no 
>>> such packets coming (seen in Tcpdump). Our setup is the following: remote 
>>> client — LAN— router (with dnsmasq and a relay to PF) =VPN-Tunnel= 
>>> VPN-Server —LAN—  PF-Server
>>> 
>>> So PF is not offering any leases to the remote clients but gets information 
>>> from the dnsmasq which is configured as a relay. PF is configured as 
>>> inlinel3 for the remote clients. 
>>> 
>>> the networks.conf is therefore: 
>>> [192.168.2.0]
>>> dns=192.168.2.254
>>> dhcp_start=192.168.2.10
>>> gateway=192.168.2.250
>>> domain-name=inlinel2.endoo.eu 
>>> nat_enabled=enabled
>>> 

Re: [PacketFence-users] pfdhcplistener 5.5.0

[Louis Munro]

> On Nov 26, 2015, at 10:25 , Christian Hanster  
> wrote:
> 
> Hi Louis,
> 
> thank you very much for the full response! It helped me a lot. For now we are 
> running a dhcp server on an other server for the network as a workaround. I 
> will now have a look in all the options and figure out what is the best. 
> 
> Concerning the first option I have a question: In the guide it is mentioned 
> that you should not use the dhcp-Server of PF as a production server. Because 
> of this, it was never an option for us. Is it possible anyway? 
> 
> Perhaps you can make a side note in the guide where routed networks are 
> discussed. So that this confusion will be avoided when someone else has the 
> problem too. 


We don’t recommend it, because we feel people with large production networks 
would be better off owning their DHCP service and knowing how it works.
It also means you may have to get your hands dirty a bit and edit some of the 
files in /usr/local/pf/conf that are used to generate the dhcp configuration 
since PacketFence generates a dhcpd config optimized for it’s own uses.
But there is no technical reason why it would not work.

PacketFence uses ISC dhcpd as it’s dhcp server.
That should be good enough for most people.

If the patch Julien sent works, there will be no need to do anything special or 
mention it in the guide. 

Regards,
--
Louis Munro
lmu...@inverse.ca  ::  www.inverse.ca 
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)--
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741551=/4140___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] pfdhcplistener 5.5.0

[Christian Hanster]

Hi Louis,

I just implemented the patch and everything is working fine with it. So for me 
it solved the issue completely. Then you of course do not have to mention it in 
the guide. 

Thank you very much again. Very nice work!

Kind regards
Christian 
> On 26 Nov 2015, at 16:38, Louis Munro  wrote:
> 
> 
> 
>> On Nov 26, 2015, at 10:25 , Christian Hanster > > wrote:
>> 
>> Hi Louis,
>> 
>> thank you very much for the full response! It helped me a lot. For now we 
>> are running a dhcp server on an other server for the network as a 
>> workaround. I will now have a look in all the options and figure out what is 
>> the best. 
>> 
>> Concerning the first option I have a question: In the guide it is mentioned 
>> that you should not use the dhcp-Server of PF as a production server. 
>> Because of this, it was never an option for us. Is it possible anyway? 
>> 
>> Perhaps you can make a side note in the guide where routed networks are 
>> discussed. So that this confusion will be avoided when someone else has the 
>> problem too. 
> 
> 
> We don’t recommend it, because we feel people with large production networks 
> would be better off owning their DHCP service and knowing how it works.
> It also means you may have to get your hands dirty a bit and edit some of the 
> files in /usr/local/pf/conf that are used to generate the dhcp configuration 
> since PacketFence generates a dhcpd config optimized for it’s own uses.
> But there is no technical reason why it would not work.
> 
> PacketFence uses ISC dhcpd as it’s dhcp server.
> That should be good enough for most people.
> 
> If the patch Julien sent works, there will be no need to do anything special 
> or mention it in the guide. 
> 
> Regards,
> --
> Louis Munro
> lmu...@inverse.ca   ::  www.inverse.ca 
>  
> +1.514.447.4918 x125  :: +1 (866) 353-6153 x125
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu ) and 
> PacketFence (www.packetfence.org )
> --
> Go from Idea to Many App Stores Faster with Intel(R) XDK
> Give your users amazing mobile app experiences with Intel(R) XDK.
> Use one codebase in this all-in-one HTML5 development environment.
> Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
> http://pubads.g.doubleclick.net/gampad/clk?id=254741551=/4140___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741551=/4140___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] pfdhcplistener 5.5.0

[Louis Munro]

> On Nov 25, 2015, at 10:01 , Christian Hanster  
> wrote:
> 
> Hello everybody,
> 
> I just updated to 5.5.0 but now there are some problems with the 
> dhcplistener. We have PF running in a two node cluster in inline mode.

An active/active or active/passive cluster? 
Inline is not supported in active/active. Not everything can be replicated. 


> Our devices are remote, connected via a vpn-server in the inline network. We 
> have configured a inlinel3 network for the remote clients. On the remote side 
> the DHCP Server is configured, that it relays all dhcp traffic to PF so that 
> PF gets all necessary information. This was working quite good in 5.4 (only 
> the pfdhcplistener had to be started by hand at startup). 
> However now it is not working anymore. It seems that the dhcp traffic is not 
> recognised by PF. The log says the following: 
> 
> Nov 25 14:43:06 httpd.portal(19425) WARN: [mac:0] Unable to match MAC address 
> to IP '10.1.13.43' (pf::iplog::ip2mac)
> Nov 25 14:43:06 httpd.portal(19425) INFO: [mac:0] Instantiate profile default 
> (pf::Portal::ProfileFactory::_from_profile)
> Nov 25 14:43:06 httpd.portal(19425) WARN: [mac:0] Unable to match MAC address 
> to IP '10.1.13.43' (pf::iplog::ip2mac)
> Nov 25 14:43:06 httpd.portal(19425) INFO: [mac:0] Instantiate profile default 
> (pf::Portal::ProfileFactory::_from_profile)
> 
> When I switch the inline mode to fake mac addresses, everything is working 
> smoothly of course. But then I do not have the information about the 
> mac-addresses... Can anybody explain what changed with the dhcplistener 
> especially in connection with a cluster. 
> 
> pfdhcplistener.log: 
> 
> Nov 25 14:16:52 pfdhcplistener(19238) INFO: Reload configuration on eth0 with 
> status 0 (main::reload_config)
> Nov 25 14:16:52 pfdhcplistener(19238) INFO: pfdhcplistener_eth0 starting and 
> writing 19239 to /usr/local/pf/var/run/pfdhcplistener_eth0.pid 
> (pf::services::util::createpid)
> Nov 25 14:16:52 pfdhcplistener(19238) WARN: Unable to open VLAN proc 
> description for eth0: No such file or directory (pf::util::get_vlan_from_int)
> Nov 25 14:16:52 pfdhcplistener(19238) INFO: The listener process is on the 
> same server as the DHCP server. (main::)
> Nov 25 14:16:52 pfdhcplistener(19238) WARN: DHCP detector on an inline 
> interface (main::)
> Nov 25 14:16:52 pfdhcplistener(19238) WARN: DHCP detector on an inline 
> interface (main::)
> Nov 25 14:16:52 pfdhcplistener(19238) INFO: DHCP detector on eth0 enabled 
> (main::)
> Nov 25 14:16:55 pfdhcplistener(19242) INFO: Reload configuration on eth1 with 
> status 0 (main::reload_config)
> Nov 25 14:16:55 pfdhcplistener(19242) INFO: pfdhcplistener_eth1 starting and 
> writing 19243 to /usr/local/pf/var/run/pfdhcplistener_eth1.pid 
> (pf::services::util::createpid)
> Nov 25 14:16:55 pfdhcplistener(19242) WARN: Unable to open VLAN proc 
> description for eth1: No such file or directory (pf::util::get_vlan_from_int)
> Nov 25 14:16:55 pfdhcplistener(19242) INFO: DHCP detector on eth1 enabled 
> (main::)


Are all PacketFence services running? 
Especially pfqueue, redis_queue and obviously the pfdhcplistener? 

Are dhcp requests being received on the interface? 
What does this report? 

# tcpdump -tnl -i eth0 port bootpc or port bootps




Regards,
--
Louis Munro
lmu...@inverse.ca  ::  www.inverse.ca 
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)--
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741551=/4140___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] pfdhcplistener 5.5.0

[Christian Hanster]

Hello everybody,

I just updated to 5.5.0 but now there are some problems with the dhcplistener. 
We have PF running in a two node cluster in inline mode. Our devices are 
remote, connected via a vpn-server in the inline network. We have configured a 
inlinel3 network for the remote clients. On the remote side the DHCP Server is 
configured, that it relays all dhcp traffic to PF so that PF gets all necessary 
information. This was working quite good in 5.4 (only the pfdhcplistener had to 
be started by hand at startup). 
However now it is not working anymore. It seems that the dhcp traffic is not 
recognised by PF. The log says the following: 

Nov 25 14:43:06 httpd.portal(19425) WARN: [mac:0] Unable to match MAC address 
to IP '10.1.13.43' (pf::iplog::ip2mac)
Nov 25 14:43:06 httpd.portal(19425) INFO: [mac:0] Instantiate profile default 
(pf::Portal::ProfileFactory::_from_profile)
Nov 25 14:43:06 httpd.portal(19425) WARN: [mac:0] Unable to match MAC address 
to IP '10.1.13.43' (pf::iplog::ip2mac)
Nov 25 14:43:06 httpd.portal(19425) INFO: [mac:0] Instantiate profile default 
(pf::Portal::ProfileFactory::_from_profile)

When I switch the inline mode to fake mac addresses, everything is working 
smoothly of course. But then I do not have the information about the 
mac-addresses... Can anybody explain what changed with the dhcplistener 
especially in connection with a cluster. 

pfdhcplistener.log: 

Nov 25 14:16:52 pfdhcplistener(19238) INFO: Reload configuration on eth0 with 
status 0 (main::reload_config)
Nov 25 14:16:52 pfdhcplistener(19238) INFO: pfdhcplistener_eth0 starting and 
writing 19239 to /usr/local/pf/var/run/pfdhcplistener_eth0.pid 
(pf::services::util::createpid)
Nov 25 14:16:52 pfdhcplistener(19238) WARN: Unable to open VLAN proc 
description for eth0: No such file or directory (pf::util::get_vlan_from_int)
Nov 25 14:16:52 pfdhcplistener(19238) INFO: The listener process is on the same 
server as the DHCP server. (main::)
Nov 25 14:16:52 pfdhcplistener(19238) WARN: DHCP detector on an inline 
interface (main::)
Nov 25 14:16:52 pfdhcplistener(19238) WARN: DHCP detector on an inline 
interface (main::)
Nov 25 14:16:52 pfdhcplistener(19238) INFO: DHCP detector on eth0 enabled 
(main::)
Nov 25 14:16:55 pfdhcplistener(19242) INFO: Reload configuration on eth1 with 
status 0 (main::reload_config)
Nov 25 14:16:55 pfdhcplistener(19242) INFO: pfdhcplistener_eth1 starting and 
writing 19243 to /usr/local/pf/var/run/pfdhcplistener_eth1.pid 
(pf::services::util::createpid)
Nov 25 14:16:55 pfdhcplistener(19242) WARN: Unable to open VLAN proc 
description for eth1: No such file or directory (pf::util::get_vlan_from_int)
Nov 25 14:16:55 pfdhcplistener(19242) INFO: DHCP detector on eth1 enabled 
(main::)

For explanation: 
eth0: inline interface
eth1: management interface

Kind regards 
Christian Hanster

--
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741551=/4140___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] pfdhcplistener 5.5.0

[Christian Hanster]

Hi Louis,

It’s me again and I found the problem finally. It has to do with the rewritten 
dhcplistener in the new release.

The new listener configuration is checking, if there is a dhcp server running 
on the interface. If this is the case then it will not work with dhcp-request 
packages. In my special case the problem was that I had running the dhcp server 
on the interface (inlinel2) but not for the inlinel3 network. So the listener 
was not processing the Request packages. It might be a bug but I do not know 
how to fix it because the pfdhcplistener is running on interface level. For me 
it worked when I switched off the dhcp-server on the interface. Probably I will 
let the dhcp be done by an other server in this network...

The problem is in line 332ff. in file processor.pm (Tag 5.5.0): 
https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/dhcp/processor.pm 


Thank you for your help! 

Kind regards 
Christian
> On 25 Nov 2015, at 22:41, Christian Hanster  wrote:
> 
> Hi Louis,
> 
> No there are no lines with DHCPACK or OFFER. This is, because there are no 
> such packets coming (seen in Tcpdump). Our setup is the following: remote 
> client — LAN— router (with dnsmasq and a relay to PF) =VPN-Tunnel= VPN-Server 
> —LAN—  PF-Server
> 
> So PF is not offering any leases to the remote clients but gets information 
> from the dnsmasq which is configured as a relay. PF is configured as inlinel3 
> for the remote clients. 
> 
> the networks.conf is therefore: 
> [192.168.2.0]
> dns=192.168.2.254
> dhcp_start=192.168.2.10
> gateway=192.168.2.250
> domain-name=inlinel2.endoo.eu 
> nat_enabled=enabled
> named=enabled
> dhcp_max_lease_time=3600
> fake_mac_enabled=disabled
> dhcpd=enabled
> dhcp_end=192.168.2.246
> type=inlinel2
> netmask=255.255.255.0
> dhcp_default_lease_time=3600
> 
> [10.1.13.0]
> next_hop=192.168.2.2
> domain-name=inlinel3.endoo.eu 
> name=inlinel3.endoo.eu 
> nat_enabled=1
> named=enabled
> dhcpd=disabled
> fake_mac_enabled=0
> type=inlinel3
> netmask=255.255.255.0
> 
> The dhcp.conf: 
> # dhcpd configuration
> # This file is manipulated on PacketFence's startup before being given to 
> dhcpd
> authoritative;
> ddns-update-style none;
> ignore client-updates;
> log-facility local6;
> 
> # OMAPI for IP <-> MAC lookup
> omapi-port 7911;
> key pf_omapi_key {
> algorithm HMAC-MD5;
> secret "ghkxVADMEeYe8ikHCjkyu7hQ2abIA/SbcH8Ep6a4FGs=";
> };
> omapi-key pf_omapi_key;
> 
> 
> failover peer "192.168.2.0/24" {
>   secondary;
>   address 192.168.2.250;
>   port 647;
>   peer address 192.168.2.251;
>   peer port 647;
>   max-response-delay 30;
>   max-unacked-updates 10;
>   load balance max seconds 3;
> }
> 
> 
> subnet 192.168.2.0 netmask 255.255.255.0 {
>   option routers 192.168.2.250;
>   option subnet-mask 255.255.255.0;
>   option domain-name "inlinel2.endoo.eu ";
>   option domain-name-servers 192.168.2.254;
>   pool {
> failover peer "192.168.2.0/24";
>   range 192.168.2.10 192.168.2.246;
>   default-lease-time 3600;
>   max-lease-time 3600;
>   }
> }
> 
> 
> The dhcpd is only relevant for the local network at the server side but not 
> for the remote clients. There are also no DHCP Server errors on the server. 
> 
> The point is, that it worked well with the old PF version. pfdhcplistener.log 
> (old, when it worked): 
> Nov 22 15:29:55 pfdhcplistener(11373) INFO: DHCPREQUEST from 
> 00:25:4b:cd:f4:64 (10.1.13.78) (main::parse_dhcp_request)
> Nov 22 15:29:55 pfdhcplistener(11373) WARN: Unable to match MAC address to IP 
> '10.1.13.78' (pf::iplog::ip2mac)
> Nov 22 15:29:55 pfdhcplistener(11373) INFO: 00:25:4b:cd:f4:64 requested an IP 
> with the following informations: last_dhcp = 2015-11-22 15:29:55,computername 
> = Christians-MBP,dhcp_fingerprint = 1,3,6,15,119,95,252,44,46,dhcp_vendor =  
> (main::listen_dhcp)
> 
> It does not seem to be that different…
> 
> Kind regards
> Christian Hanster
>> On 25 Nov 2015, at 20:35, Louis Munro > > wrote:
>> 
>> Hi Christian,
>> Is this all that is in the pfdhcplistener log? 
>> No lines with DHCPACK or DHCPOFFER? 
>> 
>> Which dhcp server is offering leases in the VLAN? 
>> The PF dhcp service, or do you have another server providing that service?
>> 
>> Are there any dhcpd errors in /var/log/messages?
>> 
>> Please post your conf/network.conf and var/conf/dhcpd.conf files.
>> 
>> Regards,
>> --
>> Louis Munro
>> lmu...@inverse.ca   ::  www.inverse.ca 
>>  
>> +1.514.447.4918 x125  :: +1 (866) 353-6153 x125
>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu ) and 
>> PacketFence (www.packetfence.org )
>> 
>>> On Nov 25, 2015, at 13:37 , Christian Hanster 

Re: [PacketFence-users] pfdhcplistener 5.5.0

[Christian Hanster]

Hi, 

thanks for the response! 
So after some more testing I found out, that I have to restart the 
pfdhcplistener manually. Then it is recognising the traffic. I do not what is 
then different because the pfdhcplistener is running before too… 

Now the problem is, that PF recognises the new Mac-address but did not define 
an IP Adress. Output of pfdhcplistener: 
Nov 25 18:24:45 pfqueue(51123) INFO: [mac:[undef]] DHCPREQUEST from 
d4:33:a3:ed:f2:a5 (10.1.13.239) with lease of 7776000 seconds 
(pf::dhcp::processor::parse_dhcp_request)
Nov 25 18:24:47 pfqueue(51123) INFO: [mac:d4:33:a3:ed:f2:a5] d4:33:a3:ed:f2:a5 
requested an IP with the following informations: last_dhcp = 2015-11-25 
18:24:45,computername = Christians-MBP,dhcp_fingerprint = 
1,3,6,15,119,95,252,44,46,dhcp_vendor =  (pf::dhcp::processor::process_packet)

So now I see node entries, but the captive portal says that the node cannot be 
found in the database, because PF does not store a value for the IP-Adress in 
the DB when it detects it. 
> On 25 Nov 2015, at 18:09, Louis Munro  wrote:
> 
> 
> An active/active or active/passive cluster? 
> Inline is not supported in active/active. Not everything can be replicated. 
I run it as an active/active cluster. I followed the installation guide from 
the packtefence website, but have a replicated DB server on an other host. I 
did not know that inline is not supported. It was not stated anywhere in the 
guide… Is there an easy way to change it to active/passive?
> 
> Are all PacketFence services running? 
> Especially pfqueue, redis_queue and obviously the pfdhcplistener? 
Services are all running but it is only listening for dhcp when I restart 
pfdhcplistener via “pfcmd service pfdhcplistener restart” manually. 
> Are dhcp requests being received on the interface? 
> What does this report? 
> 
> # tcpdump -tnl -i eth0 port bootpc or port bootps
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
IP 10.1.13.1.67 > 192.168.2.254.67: BOOTP/DHCP, Request from d4:33:a3:ed:f2:a5, 
length 300

I hope you can help me with it because I’m really clueless at the moment…

Kind regards
Christian Hanster

> 
> 
> 
> 
> Regards,
> --
> Louis Munro
> lmu...@inverse.ca   ::  www.inverse.ca 
>  
> +1.514.447.4918 x125  :: +1 (866) 353-6153 x125
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu ) and 
> PacketFence (www.packetfence.org )
> --
> Go from Idea to Many App Stores Faster with Intel(R) XDK
> Give your users amazing mobile app experiences with Intel(R) XDK.
> Use one codebase in this all-in-one HTML5 development environment.
> Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
> http://pubads.g.doubleclick.net/gampad/clk?id=254741551=/4140___
>  
> 
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net 
> 
> https://lists.sourceforge.net/lists/listinfo/packetfence-users 
> 
--
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741551=/4140___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] pfdhcplistener 5.5.0

[Louis Munro]

Hi Christian,
Is this all that is in the pfdhcplistener log? 
No lines with DHCPACK or DHCPOFFER? 

Which dhcp server is offering leases in the VLAN? 
The PF dhcp service, or do you have another server providing that service?

Are there any dhcpd errors in /var/log/messages?

Please post your conf/network.conf and var/conf/dhcpd.conf files.

Regards,
--
Louis Munro
lmu...@inverse.ca  ::  www.inverse.ca 
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

> On Nov 25, 2015, at 13:37 , Christian Hanster  
> wrote:
> 
> Hi, 
> 
> thanks for the response! 
> So after some more testing I found out, that I have to restart the 
> pfdhcplistener manually. Then it is recognising the traffic. I do not what is 
> then different because the pfdhcplistener is running before too… 
> 
> Now the problem is, that PF recognises the new Mac-address but did not define 
> an IP Adress. Output of pfdhcplistener: 
> Nov 25 18:24:45 pfqueue(51123) INFO: [mac:[undef]] DHCPREQUEST from 
> d4:33:a3:ed:f2:a5 (10.1.13.239) with lease of 7776000 seconds 
> (pf::dhcp::processor::parse_dhcp_request)
> Nov 25 18:24:47 pfqueue(51123) INFO: [mac:d4:33:a3:ed:f2:a5] 
> d4:33:a3:ed:f2:a5 requested an IP with the following informations: last_dhcp 
> = 2015-11-25 18:24:45,computername = Christians-MBP,dhcp_fingerprint = 
> 1,3,6,15,119,95,252,44,46,dhcp_vendor =  (pf::dhcp::processor::process_packet)
> 
> So now I see node entries, but the captive portal says that the node cannot 
> be found in the database, because PF does not store a value for the IP-Adress 
> in the DB when it detects it. 
>> On 25 Nov 2015, at 18:09, Louis Munro > > wrote:
>> 
>> 
>> An active/active or active/passive cluster? 
>> Inline is not supported in active/active. Not everything can be replicated. 
> I run it as an active/active cluster. I followed the installation guide from 
> the packtefence website, but have a replicated DB server on an other host. I 
> did not know that inline is not supported. It was not stated anywhere in the 
> guide… Is there an easy way to change it to active/passive?
>> 
>> Are all PacketFence services running? 
>> Especially pfqueue, redis_queue and obviously the pfdhcplistener? 
> Services are all running but it is only listening for dhcp when I restart 
> pfdhcplistener via “pfcmd service pfdhcplistener restart” manually. 
>> Are dhcp requests being received on the interface? 
>> What does this report? 
>> 
>> # tcpdump -tnl -i eth0 port bootpc or port bootps
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
> IP 10.1.13.1.67 > 192.168.2.254.67: BOOTP/DHCP, Request from 
> d4:33:a3:ed:f2:a5, length 300
> 
> I hope you can help me with it because I’m really clueless at the moment…
> 
> Kind regards
> Christian Hanster
> 
>> 
>> 
>> 
>> 
>> Regards,
>> --
>> Louis Munro
>> lmu...@inverse.ca   ::  www.inverse.ca 
>>  
>> +1.514.447.4918 x125  :: +1 (866) 353-6153 x125
>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu ) and 
>> PacketFence (www.packetfence.org )
>> --
>> Go from Idea to Many App Stores Faster with Intel(R) XDK
>> Give your users amazing mobile app experiences with Intel(R) XDK.
>> Use one codebase in this all-in-one HTML5 development environment.
>> Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
>> http://pubads.g.doubleclick.net/gampad/clk?id=254741551=/4140___
>>  
>> 
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net 
>> 
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users 
>> 
> --
> Go from Idea to Many App Stores Faster with Intel(R) XDK
> Give your users amazing mobile app experiences with Intel(R) XDK.
> Use one codebase in this all-in-one HTML5 development environment.
> Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
> http://pubads.g.doubleclick.net/gampad/clk?id=254741551=/4140___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences 

Re: [PacketFence-users] pfdhcplistener 5.5.0

[Christian Hanster]

Hi Louis,

No there are no lines with DHCPACK or OFFER. This is, because there are no such 
packets coming (seen in Tcpdump). Our setup is the following: remote client — 
LAN— router (with dnsmasq and a relay to PF) =VPN-Tunnel= VPN-Server —LAN—  
PF-Server

So PF is not offering any leases to the remote clients but gets information 
from the dnsmasq which is configured as a relay. PF is configured as inlinel3 
for the remote clients. 

the networks.conf is therefore: 
[192.168.2.0]
dns=192.168.2.254
dhcp_start=192.168.2.10
gateway=192.168.2.250
domain-name=inlinel2.endoo.eu
nat_enabled=enabled
named=enabled
dhcp_max_lease_time=3600
fake_mac_enabled=disabled
dhcpd=enabled
dhcp_end=192.168.2.246
type=inlinel2
netmask=255.255.255.0
dhcp_default_lease_time=3600

[10.1.13.0]
next_hop=192.168.2.2
domain-name=inlinel3.endoo.eu
name=inlinel3.endoo.eu
nat_enabled=1
named=enabled
dhcpd=disabled
fake_mac_enabled=0
type=inlinel3
netmask=255.255.255.0

The dhcp.conf: 
# dhcpd configuration
# This file is manipulated on PacketFence's startup before being given to dhcpd
authoritative;
ddns-update-style none;
ignore client-updates;
log-facility local6;

# OMAPI for IP <-> MAC lookup
omapi-port 7911;
key pf_omapi_key {
algorithm HMAC-MD5;
secret "ghkxVADMEeYe8ikHCjkyu7hQ2abIA/SbcH8Ep6a4FGs=";
};
omapi-key pf_omapi_key;


failover peer "192.168.2.0/24" {
  secondary;
  address 192.168.2.250;
  port 647;
  peer address 192.168.2.251;
  peer port 647;
  max-response-delay 30;
  max-unacked-updates 10;
  load balance max seconds 3;
}


subnet 192.168.2.0 netmask 255.255.255.0 {
  option routers 192.168.2.250;
  option subnet-mask 255.255.255.0;
  option domain-name "inlinel2.endoo.eu";
  option domain-name-servers 192.168.2.254;
  pool {
failover peer "192.168.2.0/24";
  range 192.168.2.10 192.168.2.246;
  default-lease-time 3600;
  max-lease-time 3600;
  }
}


The dhcpd is only relevant for the local network at the server side but not for 
the remote clients. There are also no DHCP Server errors on the server. 

The point is, that it worked well with the old PF version. pfdhcplistener.log 
(old, when it worked): 
Nov 22 15:29:55 pfdhcplistener(11373) INFO: DHCPREQUEST from 00:25:4b:cd:f4:64 
(10.1.13.78) (main::parse_dhcp_request)
Nov 22 15:29:55 pfdhcplistener(11373) WARN: Unable to match MAC address to IP 
'10.1.13.78' (pf::iplog::ip2mac)
Nov 22 15:29:55 pfdhcplistener(11373) INFO: 00:25:4b:cd:f4:64 requested an IP 
with the following informations: last_dhcp = 2015-11-22 15:29:55,computername = 
Christians-MBP,dhcp_fingerprint = 1,3,6,15,119,95,252,44,46,dhcp_vendor =  
(main::listen_dhcp)

It does not seem to be that different…

Kind regards
Christian Hanster
> On 25 Nov 2015, at 20:35, Louis Munro  wrote:
> 
> Hi Christian,
> Is this all that is in the pfdhcplistener log? 
> No lines with DHCPACK or DHCPOFFER? 
> 
> Which dhcp server is offering leases in the VLAN? 
> The PF dhcp service, or do you have another server providing that service?
> 
> Are there any dhcpd errors in /var/log/messages?
> 
> Please post your conf/network.conf and var/conf/dhcpd.conf files.
> 
> Regards,
> --
> Louis Munro
> lmu...@inverse.ca   ::  www.inverse.ca 
>  
> +1.514.447.4918 x125  :: +1 (866) 353-6153 x125
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu ) and 
> PacketFence (www.packetfence.org )
> 
>> On Nov 25, 2015, at 13:37 , Christian Hanster > > wrote:
>> 
>> Hi, 
>> 
>> thanks for the response! 
>> So after some more testing I found out, that I have to restart the 
>> pfdhcplistener manually. Then it is recognising the traffic. I do not what 
>> is then different because the pfdhcplistener is running before too… 
>> 
>> Now the problem is, that PF recognises the new Mac-address but did not 
>> define an IP Adress. Output of pfdhcplistener: 
>> Nov 25 18:24:45 pfqueue(51123) INFO: [mac:[undef]] DHCPREQUEST from 
>> d4:33:a3:ed:f2:a5 (10.1.13.239) with lease of 7776000 seconds 
>> (pf::dhcp::processor::parse_dhcp_request)
>> Nov 25 18:24:47 pfqueue(51123) INFO: [mac:d4:33:a3:ed:f2:a5] 
>> d4:33:a3:ed:f2:a5 requested an IP with the following informations: last_dhcp 
>> = 2015-11-25 18:24:45,computername = Christians-MBP,dhcp_fingerprint = 
>> 1,3,6,15,119,95,252,44,46,dhcp_vendor =  
>> (pf::dhcp::processor::process_packet)
>> 
>> So now I see node entries, but the captive portal says that the node cannot 
>> be found in the database, because PF does not store a value for the 
>> IP-Adress in the DB when it detects it. 
>>> On 25 Nov 2015, at 18:09, Louis Munro >> > wrote:
>>> 
>>> 
>>> An active/active or active/passive cluster? 
>>> Inline is not supported in active/active. Not everything can be replicated. 
>> I run it as an active/active cluster. I followed the installation guide 

Re: [PacketFence-users] pfdhcplistener

[Chinmay Mahata]

Dear Derek,
Thanks for listing the issue/feature. Definitely I will follow up the progress.

Best regards,
--Chinmay




From: Derek Wuelfrath dwuelfr...@inverse.ca
Sent: Mon, 19 Oct 2015 23:36:56 
To: ML PF packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] pfdhcplistener
  Chinmay,I created an issue (more like a feature request) on 
Github:https://github.com/inverse-inc/packetfence/issues/966You can 
follow up on that issue to see the progress.Thanks
Cheers!dw.缯divDerek wuelfrathdwuelfr...@inverse.ca :: +1.514.447.4918 
(x110) :: +1.866.353.6153 (x110)Inverse inc. :: Leaders behind SOGo 
(www.sogo.nu) and PacketFence (www.packetfence.org)


On Oct 14, 2015, at 1:00 PM, Derek Wuelfrath dwuelfr...@inverse.ca 
wrote:Nicola,Could'nt you obtain the required behaviour specifying the IP of 
the DHCP server in the corresponding box in Configuration-General?That is 
not related.What Chinmay is asking is basically that PacketFence to stop 
listening for DHCP packet (pfdhcplistener) on management interface to avoid 
node table getting populated by nodes outside of the PacketFence inline network.
Cheers!dw.缯divDerek wuelfrathdwuelfr...@inverse.ca :: +1.514.447.4918 
(x110) :: +1.866.353.6153 (x110)Inverse inc. :: Leaders behind SOGo 
(www.sogo.nu) and PacketFence (www.packetfence.org)


On Oct 14, 2015, at 11:15 AM, Nicola Canepa canep...@mmfg.it 
wrote:Could'nt you obtain the required behaviour specifying the IP of the DHCP 
server in the corresponding box in Configuration-General?NicolaIl 14/10/15 
09:15, Chinmay Mahata ha scritto:--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] pfdhcplistener

[Derek Wuelfrath]

Chinmay,

I created an issue (more like a feature request) on Github: 
https://github.com/inverse-inc/packetfence/issues/966 
<https://github.com/inverse-inc/packetfence/issues/966>
You can follow up on that issue to see the progress.

Thanks

Cheers!
dw.

—
Derek Wuelfrath
dwuelfr...@inverse.ca :: +1.514.447.4918 (x110) :: +1.866.353.6153 (x110)
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

> On Oct 14, 2015, at 1:00 PM, Derek Wuelfrath <dwuelfr...@inverse.ca> wrote:
> 
> Nicola,
> 
>> Could'nt you obtain the required behaviour specifying the IP of the DHCP 
>> server in the corresponding box in Configuration->General?
> 
> That is not related.
> 
> What Chinmay is asking is basically that PacketFence to stop listening for 
> DHCP packet (pfdhcplistener) on management interface to avoid node table 
> getting populated by nodes outside of the PacketFence inline network.
> 
> Cheers!
> dw.
> 
> —
> Derek Wuelfrath
> dwuelfr...@inverse.ca <mailto:dwuelfr...@inverse.ca> :: +1.514.447.4918 
> (x110) :: +1.866.353.6153 (x110)
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu/>) and 
> PacketFence (www.packetfence.org <http://www.packetfence.org/>)
> 
>> On Oct 14, 2015, at 11:15 AM, Nicola Canepa <canep...@mmfg.it 
>> <mailto:canep...@mmfg.it>> wrote:
>> 
>> Could'nt you obtain the required behaviour specifying the IP of the DHCP 
>> server in the corresponding box in Configuration->General?
>> 
>> Nicola
>> 
>> Il 14/10/15 09:15, Chinmay Mahata ha scritto:
>>> Dear Derek,
>>>Thanks a lot for your response. 
>>> Please do let me know when you get something for my issue.
>>> 
>>> Regards,
>>> --Chinmay
>>> 
>>> 
>>> 
>>> From: Derek Wuelfrath <dwuelfr...@inverse.ca> <mailto:dwuelfr...@inverse.ca>
>>> Sent: Tue, 13 Oct 2015 20:23:57 
>>> To: ML PF <packetfence-users@lists.sourceforge.net> 
>>> <mailto:packetfence-users@lists.sourceforge.net>
>>> Subject: Re: [PacketFence-users] pfdhcplistener
>>> Hello Chinmay,
>>> 
>>> I’m looking at it and I’ll get back to you.
>>> 
>>> Cheers!
>>> dw.
>>> 
>>> —
>>> Derek Wuelfrath
>>> dwuelfr...@inverse.ca <mailto:dwuelfr...@inverse.ca> :: +1.514.447.491 
>>> http://1.514.447.491=0=0=0=ba42cf6a7cd18481ec5520d40f0207840b977b09>8
>>>  (x110) :: +1.866.353.615 
>>> http://1.866.353.615=0=0=0=af879f62ee1a7599566197d6e2221d8167f40afc>3
>>>  (x110)
>>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu/>) and 
>>> PacketFence (www.packetfence.org <http://www.packetfence.org/>)
>>> 
>>>> On Oct 13, 2015, at 2:17 AM, Chinmay Mahata 
>>>> <chinmay_mah...@rediffmail.com> <mailto:chinmay_mah...@rediffmail.com> 
>>>> wrote:
>>>> 
>>>> Dear Derek,
>>>> Any thought on my issue.
>>>> 
>>>> Regards,
>>>> --Chinmay
>>>> 
>>>> 
>>>> 
>>>> From: "Chinmay Mahata" <chinmay_mah...@rediffmail.com> 
>>>> <mailto:chinmay_mah...@rediffmail.com>
>>>> Sent: Fri, 09 Oct 2015 18:13:36 
>>>> To: "packetfence-users@lists.sourceforge.net" 
>>>> <mailto:packetfence-users@lists.sourceforge.net> 
>>>> <packetfence-users@lists.sourceforge.net> 
>>>> <mailto:packetfence-users@lists.sourceforge.net>
>>>> Subject: Re: [PacketFence-users] pfdhcplistener
>>>> Dear Derek,
>>>>  Thanks for your quick response.   I think I could not describe my 
>>>> problem/query properly.
>>>> 
>>>> DHCPD is running on only one interface (eth0) of my PF server, no issue 
>>>> with that.
>>>> 
>>>> Actually at the WAN side (upstream) of my PF server there is another DHCP 
>>>> server is running (though PF server WAN has static IP). Since 
>>>> pfdhcplistener is running at eth1(WAN) also, in the node (web)page I can 
>>>> see many unregistered nodes of WAN network which I don't want.
>>>> 
>>>> I want to see only those nodes in the webpage which are under PF 
>>>> server and who are getting IP addresses from DHCP server running in PF 
>>>> server (on eth0). Hope pfdhcplistener on eth0 only can catch those. 
>>>> 
>>>> So I want to run on

Re: [PacketFence-users] pfdhcplistener

[Nicola Canepa]

Could'nt you obtain the required behaviour specifying the IP of the DHCP 
server in the corresponding box in Configuration->General?


Nicola

Il 14/10/15 09:15, Chinmay Mahata ha scritto:

Dear Derek,
   Thanks a lot for your response.
Please do let me know when you get something for my issue.

Regards,
--Chinmay



From: Derek Wuelfrath <dwuelfr...@inverse.ca>
Sent: Tue, 13 Oct 2015 20:23:57
To: ML PF <packetfence-users@lists.sourceforge.net>
Subject: Re: [PacketFence-users] pfdhcplistener
Hello Chinmay,

I’m looking at it and I’ll get back to you.

Cheers!
dw.

—
Derek Wuelfrath
dwuelfr...@inverse.ca :: +1.514.447.491 
http://1.514.447.491=0=0=0=ba42cf6a7cd18481ec5520d40f0207840b977b09>8 
(x110) :: +1.866.353.615 
http://1.866.353.615=0=0=0=af879f62ee1a7599566197d6e2221d8167f40afc>3 
(x110)
Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu>) 
and PacketFence (www.packetfence.org <http://www.packetfence.org>)


On Oct 13, 2015, at 2:17 AM, Chinmay Mahata 
<chinmay_mah...@rediffmail.com> wrote:


Dear Derek,
Any thought on my issue.

Regards,
--Chinmay



From: "Chinmay Mahata" <chinmay_mah...@rediffmail.com>
Sent: Fri, 09 Oct 2015 18:13:36
To: "packetfence-users@lists.sourceforge.net" 
<packetfence-users@lists.sourceforge.net>

Subject: Re: [PacketFence-users] pfdhcplistener
Dear Derek,
 Thanks for your quick response.   I think I could not describe 
my problem/query properly.


DHCPD is running on only one interface (eth0) of my PF server, no 
issue with that.


Actually at the WAN side (upstream) of my PF server there is another 
DHCP server is running (though PF server WAN has static IP). Since 
pfdhcplistener is running at eth1(WAN) also, in the node (web)page I 
can see many unregistered nodes of WAN network which I don't want.


I want to see only those nodes in the webpage which are under PF 
server and who are getting IP addresses from DHCP server running in 
PF server (on eth0). Hope pfdhcplistener on eth0 only can catch those.


So I want to run only one instance of pfdhcplistener on interface 
eth0 (pfdhcplistener_eth0). Please let me know how can I do that.


Thanks again Derek.

Regards,
--Chinmay





From: Derek Wuelfrath <dwuelfr...@inverse.ca>
Sent: Thu, 08 Oct 2015 22:11:09
To: ML PF <packetfence-users@lists.sourceforge.net>
Subject: Re: [PacketFence-users] pfdhcplistener
Chinmay,


The packetfence server is working as a DHCP server.
I see that two pfdhcplisteners are running: *pfdhcplistener_eth0*, 
*pfdhcplistener_eth1*.



But I want to run only one pfdhcplistener viz. 
*pfdhcplistener_eth0*. Can it be possible (or it may cause other 
problem)? Which config item do I need to modify for that?


‘pfdhcplistener’, as its name says, listen for dhcp packets.
PacketFence starts a ‘pfdhcplistener’ daemon on each of the required 
network interfaces (in this case, management and inline).


‘pfdhcplistener’ is not acting as a DHCP server, dhcpd is. 
‘pfdhcplistener’ is only listening to DHCP packet for MAC <-> IP 
association useful in PacketFence.


If you do a
ps uafx | grep dhcpd
you should see the dhcpd daemon running with only eth0 as listening 
interface.


Cheers!
dw.

—
Derek Wuelfrath
dwuelfr...@inverse.ca :: +1.514.447.491 
http://1.514.447.491=0=0=0=ba42cf6a7cd18481ec5520d40f0207840b977b09>8 
(x110) :: +1.866.353.615 
http://1.866.353.615=0=0=0=af879f62ee1a7599566197d6e2221d8167f40afc>3 
(x110)
Inverse inc. :: Leaders behind SOGo (www.sogo.nu 
<http://www.sogo.nu/>) and PacketFence (www.packetfence.org 
<http://www.packetfence.org/>)


On Oct 8, 2015, at 10:42 AM, Chinmay Mahata 
<chinmay_mah...@rediffmail.com> wrote:


Hi,
I have setup packetfence(5.4.0) with inline enforcement having 
below interface details (LAN: eth0, WAN: eth1).


[interface eth0]
enforcement=inlinel2
type=internal

[interface eth1]
type=management

The packetfence server is working as a DHCP server.
I see that two pfdhcplisteners are running: *pfdhcplistener_eth0*, 
*pfdhcplistener_eth1*.



But I want to run only one pfdhcplistener viz. 
*pfdhcplistener_eth0*. Can it be possible (or it may cause other 
problem)? Which config item do I need to modify for that?


Waiting for your help.

Thanks in advance.
--Chinmay


Get your own *FREE* website, *FREE* domain & *FREE* mobile app with 
Company email. 
<https://sigads.rediff.com/RealMedia/ads/click_nx.ads/www.rediffmail.com/signatureline.htm@Middle?>
*Know More >* 
<http://track.rediff.com/click?url=___http://businessemail.rediff.com?sc_cid=sign-1-10-13___=host=sign-1-10-13=host>--

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users 



---

Re: [PacketFence-users] pfdhcplistener

[Derek Wuelfrath]

Nicola,

> Could'nt you obtain the required behaviour specifying the IP of the DHCP 
> server in the corresponding box in Configuration->General?

That is not related.

What Chinmay is asking is basically that PacketFence to stop listening for DHCP 
packet (pfdhcplistener) on management interface to avoid node table getting 
populated by nodes outside of the PacketFence inline network.

Cheers!
dw.

—
Derek Wuelfrath
dwuelfr...@inverse.ca :: +1.514.447.4918 (x110) :: +1.866.353.6153 (x110)
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

> On Oct 14, 2015, at 11:15 AM, Nicola Canepa <canep...@mmfg.it> wrote:
> 
> Could'nt you obtain the required behaviour specifying the IP of the DHCP 
> server in the corresponding box in Configuration->General?
> 
> Nicola
> 
> Il 14/10/15 09:15, Chinmay Mahata ha scritto:
>> Dear Derek,
>>Thanks a lot for your response. 
>> Please do let me know when you get something for my issue.
>> 
>> Regards,
>> --Chinmay
>> 
>> 
>> 
>> From: Derek Wuelfrath <dwuelfr...@inverse.ca> <mailto:dwuelfr...@inverse.ca>
>> Sent: Tue, 13 Oct 2015 20:23:57 
>> To: ML PF <packetfence-users@lists.sourceforge.net> 
>> <mailto:packetfence-users@lists.sourceforge.net>
>> Subject: Re: [PacketFence-users] pfdhcplistener
>> Hello Chinmay,
>> 
>> I’m looking at it and I’ll get back to you.
>> 
>> Cheers!
>> dw.
>> 
>> —
>> Derek Wuelfrath
>> dwuelfr...@inverse.ca <mailto:dwuelfr...@inverse.ca> :: +1.514.447.491 
>> http://1.514.447.491=0=0=0=ba42cf6a7cd18481ec5520d40f0207840b977b09>8
>>  (x110) :: +1.866.353.615 
>> http://1.866.353.615=0=0=0=af879f62ee1a7599566197d6e2221d8167f40afc>3
>>  (x110)
>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu/>) and 
>> PacketFence (www.packetfence.org <http://www.packetfence.org/>)
>> 
>>> On Oct 13, 2015, at 2:17 AM, Chinmay Mahata <chinmay_mah...@rediffmail.com> 
>>> <mailto:chinmay_mah...@rediffmail.com> wrote:
>>> 
>>> Dear Derek,
>>> Any thought on my issue.
>>> 
>>> Regards,
>>> --Chinmay
>>> 
>>> 
>>> 
>>> From: "Chinmay Mahata" <chinmay_mah...@rediffmail.com> 
>>> <mailto:chinmay_mah...@rediffmail.com>
>>> Sent: Fri, 09 Oct 2015 18:13:36 
>>> To: "packetfence-users@lists.sourceforge.net" 
>>> <mailto:packetfence-users@lists.sourceforge.net> 
>>> <packetfence-users@lists.sourceforge.net> 
>>> <mailto:packetfence-users@lists.sourceforge.net>
>>> Subject: Re: [PacketFence-users] pfdhcplistener
>>> Dear Derek,
>>>  Thanks for your quick response.   I think I could not describe my 
>>> problem/query properly.
>>> 
>>> DHCPD is running on only one interface (eth0) of my PF server, no issue 
>>> with that.
>>> 
>>> Actually at the WAN side (upstream) of my PF server there is another DHCP 
>>> server is running (though PF server WAN has static IP). Since 
>>> pfdhcplistener is running at eth1(WAN) also, in the node (web)page I can 
>>> see many unregistered nodes of WAN network which I don't want.
>>> 
>>> I want to see only those nodes in the webpage which are under PF server 
>>> and who are getting IP addresses from DHCP server running in PF server (on 
>>> eth0). Hope pfdhcplistener on eth0 only can catch those. 
>>> 
>>> So I want to run only one instance of pfdhcplistener on interface eth0 
>>> (pfdhcplistener_eth0). Please let me know how can I do that.
>>> 
>>> Thanks again Derek.
>>> 
>>> Regards,
>>> --Chinmay
>>> 
>>> 
>>> 
>>> 
>>> 
>>> From: Derek Wuelfrath <dwuelfr...@inverse.ca> <mailto:dwuelfr...@inverse.ca>
>>> Sent: Thu, 08 Oct 2015 22:11:09 
>>> To: ML PF <packetfence-users@lists.sourceforge.net> 
>>> <mailto:packetfence-users@lists.sourceforge.net>
>>> Subject: Re: [PacketFence-users] pfdhcplistener
>>> Chinmay,
>>> 
>>>> The packetfence server is working as a DHCP server.
>>>> I see that two pfdhcplisteners are running: pfdhcplistener_eth0, 
>>>> pfdhcplistener_eth1.
>>>> 
>>>> 
>>>> But I want to run only one pfdhcplistener viz. pfdhcplistener_eth0. Can it 
>>>> be possible (or it may cause other problem)? Which config item do I ne

Re: [PacketFence-users] pfdhcplistener

[Chinmay Mahata]

Dear Derek,
 Thanks a lot for your response. 
Please do let me know when you get something for my issue.

Regards,
--Chinmay



From: Derek Wuelfrath dwuelfr...@inverse.ca
Sent: Tue, 13 Oct 2015 20:23:57 
To: ML PF packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] pfdhcplistener
  Hello Chinmay,I’m looking at it and I’ll get back to you.
Cheers!dw.—Derek wuelfrathdwuelfr...@inverse.ca :: +1.514.447.4918 (x110) :: 
+1.866.353.6153 (x110)Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and 
PacketFence (www.packetfence.org)


On Oct 13, 2015, at 2:17 AM, Chinmay Mahata 
chinmay_mah...@rediffmail.com wrote:Dear Derek, Any 
thought on my issue.Regards,--ChinmayFrom: "Chinmay  Mahata" 
chinmay_mah...@rediffmail.comSent: Fri, 09 Oct 2015 18:13:36 To: 
"packetfence-users@lists.sourceforge.net" 
packetfence-users@lists.sourceforge.netSubject: Re: [PacketFence-users] 
pfdhcplistenerDear Derek, Thanks for your quick 
response. I think I could not describe my problem/query 
properly.DHCPD is running on only one interface (eth0) of my PF server, no 
issue with that.Actually at the WAN side (upstream) of my PF server there is 
another DHCP server is running (though PF server WAN has static IP). Since 
pfdhcplistener is running at eth1(WAN) also, in the node (web)page I can see 
many unregistered nodes of WAN network which I don't want. I 
want to see only those nodes in the webpage which are under PF server and who 
are getting IP 
 addresses from DHCP server running in PF server (on eth0). Hope pfdhcplistener 
on eth0 only can catch those. So I want to run only one instance of 
pfdhcplistener on interface eth0 (pfdhcplistener_eth0). Please let me know how 
can I do that.Thanks again Derek.Regards,--Chinmay  From: Derek 
Wuelfrath dwuelfr...@inverse.caSent: Thu, 08 Oct 2015 22:11:09 To: ML 
PF packetfence-users@lists.sourceforge.netSubject: Re: 
[PacketFence-users] pfdhcplistener  Chinmay,The packetfence server is working 
as a DHCP server.I see that two pfdhcplisteners are 
running:pfdhcplistener_eth0,pfdhcplistener_eth1.But I want to run 
only one pfdhcplistener viz.pfdhcplistener_eth0. Can it be possible (or 
it may cause other problem)? Which config item do I need to modify for 
that?‘pfdhcplistener’, as its name says, listen for dhcp packets.PacketFence 
starts a ‘pfdhcplistener’ daemon on each of the required network interfaces (in 
this case, management and inline
 ).‘pfdhcplistener’ is not acting as a DHCP server, dhcpd is. ‘pfdhcplistener’ 
is only listening to DHCP packet for MAC - IP association useful in 
PacketFence.If you do aps uafx | grep dhcpdyou should see the dhcpd 
daemon running with only eth0 as listening interface.
Cheers!dw.—Derek wuelfrathdwuelfr...@inverse.ca :: +1.514.447.4918 (x110) :: 
+1.866.353.6153 (x110)Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and 
PacketFence (www.packetfence.org)


On Oct 8, 2015, at 10:42 AM, Chinmay Mahata 
chinmay_mah...@rediffmail.com wrote:Hi,  I have setup 
packetfence(5.4.0) with inline enforcement having below interface details (LAN: 
eth0, WAN: eth1).[interface eth0]enforcement=inlinel2type=internal[interface 
eth1]type=managementThe packetfence server is working as a DHCP server.I see 
that two pfdhcplisteners are running: pfdhcplistener_eth0, 
pfdhcplistener_eth1.But I want to run only one pfdhcplistener viz. 
pfdhcplistener_eth0. Can it be possible (or it may cause other problem)? Which 
config item do I need to modify for that?Waiting for your help.Thanks in 
advance.--Chinmay
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] pfdhcplistener

[Derek Wuelfrath]

Hello Chinmay,

I’m looking at it and I’ll get back to you.

Cheers!
dw.

—
Derek Wuelfrath
dwuelfr...@inverse.ca :: +1.514.447.4918 (x110) :: +1.866.353.6153 (x110)
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

> On Oct 13, 2015, at 2:17 AM, Chinmay Mahata <chinmay_mah...@rediffmail.com> 
> wrote:
> 
> Dear Derek,
> Any thought on my issue.
> 
> Regards,
> --Chinmay
> 
> 
> 
> From: "Chinmay Mahata" <chinmay_mah...@rediffmail.com>
> Sent: Fri, 09 Oct 2015 18:13:36 
> To: "packetfence-users@lists.sourceforge.net" 
> <packetfence-users@lists.sourceforge.net>
> Subject: Re: [PacketFence-users] pfdhcplistener
> Dear Derek,
>  Thanks for your quick response.   I think I could not describe my 
> problem/query properly.
> 
> DHCPD is running on only one interface (eth0) of my PF server, no issue with 
> that.
> 
> Actually at the WAN side (upstream) of my PF server there is another DHCP 
> server is running (though PF server WAN has static IP). Since pfdhcplistener 
> is running at eth1(WAN) also, in the node (web)page I can see many 
> unregistered nodes of WAN network which I don't want.
> 
> I want to see only those nodes in the webpage which are under PF server 
> and who are getting IP addresses from DHCP server running in PF server (on 
> eth0). Hope pfdhcplistener on eth0 only can catch those. 
> 
> So I want to run only one instance of pfdhcplistener on interface eth0 
> (pfdhcplistener_eth0). Please let me know how can I do that.
> 
> Thanks again Derek.
> 
> Regards,
> --Chinmay
> 
> 
> 
> 
> 
> From: Derek Wuelfrath <dwuelfr...@inverse.ca>
> Sent: Thu, 08 Oct 2015 22:11:09 
> To: ML PF <packetfence-users@lists.sourceforge.net>
> Subject: Re: [PacketFence-users] pfdhcplistener
> Chinmay,
> 
>> The packetfence server is working as a DHCP server.
>> I see that two pfdhcplisteners are running: pfdhcplistener_eth0, 
>> pfdhcplistener_eth1.
>> 
>> 
>> But I want to run only one pfdhcplistener viz. pfdhcplistener_eth0. Can it 
>> be possible (or it may cause other problem)? Which config item do I need to 
>> modify for that?
> 
> ‘pfdhcplistener’, as its name says, listen for dhcp packets.
> PacketFence starts a ‘pfdhcplistener’ daemon on each of the required network 
> interfaces (in this case, management and inline).
> 
> ‘pfdhcplistener’ is not acting as a DHCP server, dhcpd is. ‘pfdhcplistener’ 
> is only listening to DHCP packet for MAC <-> IP association useful in 
> PacketFence.
> 
> If you do a 
> ps uafx | grep dhcpd
> you should see the dhcpd daemon running with only eth0 as listening interface.
> 
> Cheers!
> dw.
> 
> —
> Derek Wuelfrath
> dwuelfr...@inverse.ca :: +1.514.447.491 
> http://1.514.447.491=0=0=0=ba42cf6a7cd18481ec5520d40f0207840b977b09>8
>  (x110) :: +1.866.353.615 
> http://1.866.353.615=0=0=0=af879f62ee1a7599566197d6e2221d8167f40afc>3
>  (x110)
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu/>) and 
> PacketFence (www.packetfence.org <http://www.packetfence.org/>)
> 
>> On Oct 8, 2015, at 10:42 AM, Chinmay Mahata <chinmay_mah...@rediffmail.com> 
>> wrote:
>> 
>> Hi, 
>> I have setup packetfence(5.4.0) with inline enforcement having below 
>> interface details (LAN: eth0, WAN: eth1).
>> 
>> [interface eth0]
>> enforcement=inlinel2
>> type=internal
>> 
>> [interface eth1]
>> type=management
>> 
>> The packetfence server is working as a DHCP server.
>> I see that two pfdhcplisteners are running: pfdhcplistener_eth0, 
>> pfdhcplistener_eth1.
>> 
>> 
>> But I want to run only one pfdhcplistener viz. pfdhcplistener_eth0. Can it 
>> be possible (or it may cause other problem)? Which config item do I need to 
>> modify for that?
>> 
>> Waiting for your help.
>> 
>> Thanks in advance.
>> --Chinmay
>> 
>> 
>> 
>> Get your own FREE website, FREE domain & FREE mobile app with Company email. 
>>  
>>  
>> <https://sigads.rediff.com/RealMedia/ads/click_nx.ads/www.rediffmail.com/signatureline.htm@Middle?>Know
>>  More > 
>> <http://track.rediff.com/click?url=___http://businessemail.rediff.com?sc_cid=sign-1-10-13___=host=sign-1-10-13=host>--
>> ___
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence

[PacketFence-users] pfdhcplistener

[Chinmay Mahata]

Hi, 
 I have setup packetfence(5.4.0) with inline enforcement 
having below interface details (LAN: eth0, WAN: eth1).

[interface eth0]
enforcement=inlinel2
type=internal

[interface eth1]
type=management

The packetfence server is working as a DHCP server.
I see that two pfdhcplisteners are running: pfdhcplistener_eth0, 
pfdhcplistener_eth1.


But I want to run only one pfdhcplistener viz. pfdhcplistener_eth0. Can it be 
possible (or it may cause other problem)? Which config item do I need to modify 
for that?

Waiting for your help.

Thanks in advance.
--Chinmay

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] pfdhcplistener

[Derek Wuelfrath]

Chinmay,

> The packetfence server is working as a DHCP server.
> I see that two pfdhcplisteners are running: pfdhcplistener_eth0, 
> pfdhcplistener_eth1.
> 
> 
> But I want to run only one pfdhcplistener viz. pfdhcplistener_eth0. Can it be 
> possible (or it may cause other problem)? Which config item do I need to 
> modify for that?

‘pfdhcplistener’, as its name says, listen for dhcp packets.
PacketFence starts a ‘pfdhcplistener’ daemon on each of the required network 
interfaces (in this case, management and inline).

‘pfdhcplistener’ is not acting as a DHCP server, dhcpd is. ‘pfdhcplistener’ is 
only listening to DHCP packet for MAC <-> IP association useful in PacketFence.

If you do a 
ps uafx | grep dhcpd
you should see the dhcpd daemon running with only eth0 as listening interface.

Cheers!
dw.

—
Derek Wuelfrath
dwuelfr...@inverse.ca :: +1.514.447.4918 (x110) :: +1.866.353.6153 (x110)
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

> On Oct 8, 2015, at 10:42 AM, Chinmay Mahata  
> wrote:
> 
> Hi, 
> I have setup packetfence(5.4.0) with inline enforcement having below 
> interface details (LAN: eth0, WAN: eth1).
> 
> [interface eth0]
> enforcement=inlinel2
> type=internal
> 
> [interface eth1]
> type=management
> 
> The packetfence server is working as a DHCP server.
> I see that two pfdhcplisteners are running: pfdhcplistener_eth0, 
> pfdhcplistener_eth1.
> 
> 
> But I want to run only one pfdhcplistener viz. pfdhcplistener_eth0. Can it be 
> possible (or it may cause other problem)? Which config item do I need to 
> modify for that?
> 
> Waiting for your help.
> 
> Thanks in advance.
> --Chinmay
> 
> 
>  
> 
> Get your own FREE website, FREE domain & FREE mobile app with Company email.  
> Know More > 
> --
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] pfdhcplistener fails to start automatically

[Graeme Hamilton]

Hi Olivier,

I can confirm that the supplied patch fixes the problem for me.

Thanks,
Graeme

-Original Message-
From: Olivier Bilodeau [mailto:obilod...@inverse.ca] 
Sent: 11 September 2012 15:22
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] pfdhcplistener fails to start automatically

Hi Graeme,

I opened ticket #1545: pfdhcplistener management regression[1] regarding your 
problem.

[1]: http://packetfence.org/bugs/view.php?id=1545

On 09/07/2012 10:40 AM, Graeme Hamilton wrote:
 Hello,
 
 I've just carried out a new installation of PacketFence 3.5.1 on Debian and 
 everything seems to be working properly, apart from pfdhcplistener. It isn't 
 being started by the PacketFence init script, apparently because it's already 
 running:
 
 $ sudo /usr/local/pf/bin/pfcmd service pfdhcplistener status
 service|shouldBeStarted|pid
 pfdhcplistener|1|1954 1956 1958
 $
 
 $ sudo /usr/local/pf/bin/pfcmd service pfdhcplistener start Checking 
 configuration sanity...
 service|command
 config files|start
 iptables|start
 pfdhcplistener|already running
 $
 
 $ sudo /usr/local/pf/bin/pfcmd service pfdhcplistener stop
 service|command
 pfdhcplistener|stop
 $
 
 $ sudo /usr/local/pf/bin/pfcmd service pfdhcplistener status
 service|shouldBeStarted|pid
 pfdhcplistener|1|2067 2069 2071
 $
 
 The packetfence.log file contains the following for the period during which 
 the above command were run:
 
 Sep 07 15:25:16 pfcmd(1953) INFO: Executing pfcmd service 
 pfdhcplistener status (main::service) Sep 07 15:25:16 pfcmd(1953) 
 INFO: /usr/local/pf/sbin/pfdhcplistener status 
 (pf::services::service_ctl) Sep 07 15:25:16 pfcmd(1953) INFO: 
 pfdhcplistener pids eth0.3299 = 1954, eth0.3199 = 1956, eth0 = 1958 
 (pf::services::service_ctl) Sep 07 15:25:20 pfcmd(1961) INFO: 
 Executing pfcmd service pfdhcplistener start (main::service) Sep 07 
 15:25:22 pfcmd(1961) INFO: /usr/sbin/named status 
 (pf::services::service_ctl) Sep 07 15:25:22 pfcmd(1961) INFO: pidof -x 
 named returned 0 (pf::services::service_ctl) Sep 07 15:25:22 
 pfcmd(1961) INFO: /usr/sbin/dhcpd status (pf::services::service_ctl) 
 Sep 07 15:25:22 pfcmd(1961) INFO: pidof -x dhcpd returned 0 
 (pf::services::service_ctl) Sep 07 15:25:22 pfcmd(1961) INFO: 
 /usr/sbin/snort status (pf::services::service_ctl) Sep 07 15:25:22 
 pfcmd(1961) INFO: pidof -x snort returned 0 
 (pf::services::service_ctl) Sep 07 15:25:22 pfcmd(1961) INFO: 
 /usr/bin/suricata status (pf::services::service_ctl) Sep 07 15:25:22 
 pfcmd(1961) INFO: pidof -x suricata returned 0 
 (pf::services::service_ctl) Sep 07 15:25:22 pfcmd(1961) INFO: 
 /usr/sbin/freeradius status (pf::services::service_ctl) Sep 07 
 15:25:22 pfcmd(1961) INFO: pidof -x freeradius returned 1642 
 (pf::services::service_ctl) Sep 07 15:25:22 pfcmd(1961) INFO: 
 /usr/sbin/apache2 status (pf::services::service_ctl) Sep 07 15:25:22 
 pfcmd(1961) INFO: pidof -x apache2 returned 1703 1702 1701 1700 1699 
 1686 (pf::services::service_ctl) Sep 07 15:25:22 pfcmd(1961) INFO: 
 /usr/sbin/snmptrapd status (pf::services::service_ctl) Sep 07 15:25:22 
 pfcmd(1961) INFO: pidof -x snmptrapd returned 1688 
 (pf::services::service_ctl) Sep 07 15:25:22 pfcmd(1961) INFO: 
 /usr/local/pf/sbin/pfdetect status (pf::services::service_ctl) Sep 07 
 15:25:22 pfcmd(1961) INFO: pidof -x pfdetect returned 0 
 (pf::services::service_ctl) Sep 07 15:25:22 pfcmd(1961) INFO: 
 /usr/local/pf/sbin/pfredirect status (pf::services::service_ctl) Sep 
 07 15:25:22 pfcmd(1961) INFO: pidof -x pfredirect returned 0 
 (pf::services::service_ctl) Sep 07 15:25:22 pfcmd(1961) INFO: 
 /usr/local/pf/sbin/pfsetvlan status (pf::services::service_ctl) Sep 07 
 15:25:22 pfcmd(1961) INFO: pidof -x pfsetvlan returned 1696 
 (pf::services::service_ctl) Sep 07 15:25:22 pfcmd(1961) INFO: 
 /usr/local/pf/sbin/pfdhcplistener status (pf::services::service_ctl) 
 Sep 07 15:25:22 pfcmd(1961) INFO: pfdhcplistener pids eth0.3299 = 
 1975, eth0.3199 = 1977, eth0 = 1979 (pf::services::service_ctl) Sep 
 07 15:25:22 pfcmd(1961) INFO: /usr/local/pf/sbin/pfmon status 
 (pf::services::service_ctl) Sep 07 15:25:22 pfcmd(1961) INFO: pidof -x 
 pfmon returned 1695 (pf::services::service_ctl) Sep 07 15:25:23 
 pfcmd(1961) INFO: restoring iptables from 
 /usr/local/pf/var/conf/iptables.conf (pf::iptables::iptables_restore) 
 Sep 07 15:26:05 pfcmd(1986) INFO: Executing pfcmd service 
 pfdhcplistener stop (main::service) Sep 07 15:26:05 pfcmd(1986) INFO: 
 /usr/local/pf/sbin/pfdhcplistener stop (pf::services::service_ctl) Sep 
 07 15:26:05 pfcmd(1986) INFO: Stopping pfdhcplistener with 
 '/usr/bin/pkill pfdhcplistener' (pf::services::service_ctl) Sep 07 
 15:26:05 pfcmd(1986) INFO: /usr/local/pf/sbin/pfdhcplistener status 
 (pf::services::service_ctl) Sep 07 15:26:05 pfcmd(1986) INFO: 
 pfdhcplistener pids eth0.3299 = 1988, eth0.3199 = 1990, eth0 = 1992 
 (pf::services::service_ctl) Sep 07 15:26:05 pfcmd(1986) INFO: Waiting 
 for pfdhcplistener to stop (pf::services

Re: [PacketFence-users] pfdhcplistener fails to start automatically

[Olivier Bilodeau]

Hi Graeme,

I opened ticket #1545: pfdhcplistener management regression[1] regarding
your problem.

[1]: http://packetfence.org/bugs/view.php?id=1545

On 09/07/2012 10:40 AM, Graeme Hamilton wrote:
 Hello,
 
 I've just carried out a new installation of PacketFence 3.5.1 on Debian and 
 everything seems to be working properly, apart from pfdhcplistener. It isn't 
 being started by the PacketFence init script, apparently because it's already 
 running:
 
 $ sudo /usr/local/pf/bin/pfcmd service pfdhcplistener status
 service|shouldBeStarted|pid
 pfdhcplistener|1|1954 1956 1958
 $
 
 $ sudo /usr/local/pf/bin/pfcmd service pfdhcplistener start
 Checking configuration sanity...
 service|command
 config files|start
 iptables|start
 pfdhcplistener|already running
 $
 
 $ sudo /usr/local/pf/bin/pfcmd service pfdhcplistener stop
 service|command
 pfdhcplistener|stop
 $
 
 $ sudo /usr/local/pf/bin/pfcmd service pfdhcplistener status
 service|shouldBeStarted|pid
 pfdhcplistener|1|2067 2069 2071
 $
 
 The packetfence.log file contains the following for the period during which 
 the above command were run:
 
 Sep 07 15:25:16 pfcmd(1953) INFO: Executing pfcmd service pfdhcplistener 
 status (main::service)
 Sep 07 15:25:16 pfcmd(1953) INFO: /usr/local/pf/sbin/pfdhcplistener status 
 (pf::services::service_ctl)
 Sep 07 15:25:16 pfcmd(1953) INFO: pfdhcplistener pids eth0.3299 = 1954, 
 eth0.3199 = 1956, eth0 = 1958 (pf::services::service_ctl)
 Sep 07 15:25:20 pfcmd(1961) INFO: Executing pfcmd service pfdhcplistener 
 start (main::service)
 Sep 07 15:25:22 pfcmd(1961) INFO: /usr/sbin/named status 
 (pf::services::service_ctl)
 Sep 07 15:25:22 pfcmd(1961) INFO: pidof -x named returned 0 
 (pf::services::service_ctl)
 Sep 07 15:25:22 pfcmd(1961) INFO: /usr/sbin/dhcpd status 
 (pf::services::service_ctl)
 Sep 07 15:25:22 pfcmd(1961) INFO: pidof -x dhcpd returned 0 
 (pf::services::service_ctl)
 Sep 07 15:25:22 pfcmd(1961) INFO: /usr/sbin/snort status 
 (pf::services::service_ctl)
 Sep 07 15:25:22 pfcmd(1961) INFO: pidof -x snort returned 0 
 (pf::services::service_ctl)
 Sep 07 15:25:22 pfcmd(1961) INFO: /usr/bin/suricata status 
 (pf::services::service_ctl)
 Sep 07 15:25:22 pfcmd(1961) INFO: pidof -x suricata returned 0 
 (pf::services::service_ctl)
 Sep 07 15:25:22 pfcmd(1961) INFO: /usr/sbin/freeradius status 
 (pf::services::service_ctl)
 Sep 07 15:25:22 pfcmd(1961) INFO: pidof -x freeradius returned 1642 
 (pf::services::service_ctl)
 Sep 07 15:25:22 pfcmd(1961) INFO: /usr/sbin/apache2 status 
 (pf::services::service_ctl)
 Sep 07 15:25:22 pfcmd(1961) INFO: pidof -x apache2 returned 1703 1702 1701 
 1700 1699 1686 (pf::services::service_ctl)
 Sep 07 15:25:22 pfcmd(1961) INFO: /usr/sbin/snmptrapd status 
 (pf::services::service_ctl)
 Sep 07 15:25:22 pfcmd(1961) INFO: pidof -x snmptrapd returned 1688 
 (pf::services::service_ctl)
 Sep 07 15:25:22 pfcmd(1961) INFO: /usr/local/pf/sbin/pfdetect status 
 (pf::services::service_ctl)
 Sep 07 15:25:22 pfcmd(1961) INFO: pidof -x pfdetect returned 0 
 (pf::services::service_ctl)
 Sep 07 15:25:22 pfcmd(1961) INFO: /usr/local/pf/sbin/pfredirect status 
 (pf::services::service_ctl)
 Sep 07 15:25:22 pfcmd(1961) INFO: pidof -x pfredirect returned 0 
 (pf::services::service_ctl)
 Sep 07 15:25:22 pfcmd(1961) INFO: /usr/local/pf/sbin/pfsetvlan status 
 (pf::services::service_ctl)
 Sep 07 15:25:22 pfcmd(1961) INFO: pidof -x pfsetvlan returned 1696 
 (pf::services::service_ctl)
 Sep 07 15:25:22 pfcmd(1961) INFO: /usr/local/pf/sbin/pfdhcplistener status 
 (pf::services::service_ctl)
 Sep 07 15:25:22 pfcmd(1961) INFO: pfdhcplistener pids eth0.3299 = 1975, 
 eth0.3199 = 1977, eth0 = 1979 (pf::services::service_ctl)
 Sep 07 15:25:22 pfcmd(1961) INFO: /usr/local/pf/sbin/pfmon status 
 (pf::services::service_ctl)
 Sep 07 15:25:22 pfcmd(1961) INFO: pidof -x pfmon returned 1695 
 (pf::services::service_ctl)
 Sep 07 15:25:23 pfcmd(1961) INFO: restoring iptables from 
 /usr/local/pf/var/conf/iptables.conf (pf::iptables::iptables_restore)
 Sep 07 15:26:05 pfcmd(1986) INFO: Executing pfcmd service pfdhcplistener stop 
 (main::service)
 Sep 07 15:26:05 pfcmd(1986) INFO: /usr/local/pf/sbin/pfdhcplistener stop 
 (pf::services::service_ctl)
 Sep 07 15:26:05 pfcmd(1986) INFO: Stopping pfdhcplistener with 
 '/usr/bin/pkill pfdhcplistener' (pf::services::service_ctl)
 Sep 07 15:26:05 pfcmd(1986) INFO: /usr/local/pf/sbin/pfdhcplistener status 
 (pf::services::service_ctl)
 Sep 07 15:26:05 pfcmd(1986) INFO: pfdhcplistener pids eth0.3299 = 1988, 
 eth0.3199 = 1990, eth0 = 1992 (pf::services::service_ctl)
 Sep 07 15:26:05 pfcmd(1986) INFO: Waiting for pfdhcplistener to stop 
 (pf::services::service_ctl)
 Sep 07 15:26:07 pfcmd(1986) INFO: /usr/local/pf/sbin/pfdhcplistener status 
 (pf::services::service_ctl)
 Sep 07 15:26:08 pfcmd(1986) INFO: pfdhcplistener pids eth0.3299 = 1994, 
 eth0.3199 = 1996, eth0 = 1998 (pf::services::service_ctl)
 Sep 07 15:26:08 pfcmd(1986) INFO: Waiting for pfdhcplistener to stop 
 

[PacketFence-users] pfdhcplistener fails to start automatically

[Graeme Hamilton]

Hello,

I've just carried out a new installation of PacketFence 3.5.1 on Debian and 
everything seems to be working properly, apart from pfdhcplistener. It isn't 
being started by the PacketFence init script, apparently because it's already 
running:

$ sudo /usr/local/pf/bin/pfcmd service pfdhcplistener status
service|shouldBeStarted|pid
pfdhcplistener|1|1954 1956 1958
$

$ sudo /usr/local/pf/bin/pfcmd service pfdhcplistener start
Checking configuration sanity...
service|command
config files|start
iptables|start
pfdhcplistener|already running
$

$ sudo /usr/local/pf/bin/pfcmd service pfdhcplistener stop
service|command
pfdhcplistener|stop
$

$ sudo /usr/local/pf/bin/pfcmd service pfdhcplistener status
service|shouldBeStarted|pid
pfdhcplistener|1|2067 2069 2071
$

The packetfence.log file contains the following for the period during which the 
above command were run:

Sep 07 15:25:16 pfcmd(1953) INFO: Executing pfcmd service pfdhcplistener status 
(main::service)
Sep 07 15:25:16 pfcmd(1953) INFO: /usr/local/pf/sbin/pfdhcplistener status 
(pf::services::service_ctl)
Sep 07 15:25:16 pfcmd(1953) INFO: pfdhcplistener pids eth0.3299 = 1954, 
eth0.3199 = 1956, eth0 = 1958 (pf::services::service_ctl)
Sep 07 15:25:20 pfcmd(1961) INFO: Executing pfcmd service pfdhcplistener start 
(main::service)
Sep 07 15:25:22 pfcmd(1961) INFO: /usr/sbin/named status 
(pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: pidof -x named returned 0 
(pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: /usr/sbin/dhcpd status 
(pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: pidof -x dhcpd returned 0 
(pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: /usr/sbin/snort status 
(pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: pidof -x snort returned 0 
(pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: /usr/bin/suricata status 
(pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: pidof -x suricata returned 0 
(pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: /usr/sbin/freeradius status 
(pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: pidof -x freeradius returned 1642 
(pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: /usr/sbin/apache2 status 
(pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: pidof -x apache2 returned 1703 1702 1701 1700 
1699 1686 (pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: /usr/sbin/snmptrapd status 
(pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: pidof -x snmptrapd returned 1688 
(pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: /usr/local/pf/sbin/pfdetect status 
(pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: pidof -x pfdetect returned 0 
(pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: /usr/local/pf/sbin/pfredirect status 
(pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: pidof -x pfredirect returned 0 
(pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: /usr/local/pf/sbin/pfsetvlan status 
(pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: pidof -x pfsetvlan returned 1696 
(pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: /usr/local/pf/sbin/pfdhcplistener status 
(pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: pfdhcplistener pids eth0.3299 = 1975, 
eth0.3199 = 1977, eth0 = 1979 (pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: /usr/local/pf/sbin/pfmon status 
(pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: pidof -x pfmon returned 1695 
(pf::services::service_ctl)
Sep 07 15:25:23 pfcmd(1961) INFO: restoring iptables from 
/usr/local/pf/var/conf/iptables.conf (pf::iptables::iptables_restore)
Sep 07 15:26:05 pfcmd(1986) INFO: Executing pfcmd service pfdhcplistener stop 
(main::service)
Sep 07 15:26:05 pfcmd(1986) INFO: /usr/local/pf/sbin/pfdhcplistener stop 
(pf::services::service_ctl)
Sep 07 15:26:05 pfcmd(1986) INFO: Stopping pfdhcplistener with '/usr/bin/pkill 
pfdhcplistener' (pf::services::service_ctl)
Sep 07 15:26:05 pfcmd(1986) INFO: /usr/local/pf/sbin/pfdhcplistener status 
(pf::services::service_ctl)
Sep 07 15:26:05 pfcmd(1986) INFO: pfdhcplistener pids eth0.3299 = 1988, 
eth0.3199 = 1990, eth0 = 1992 (pf::services::service_ctl)
Sep 07 15:26:05 pfcmd(1986) INFO: Waiting for pfdhcplistener to stop 
(pf::services::service_ctl)
Sep 07 15:26:07 pfcmd(1986) INFO: /usr/local/pf/sbin/pfdhcplistener status 
(pf::services::service_ctl)
Sep 07 15:26:08 pfcmd(1986) INFO: pfdhcplistener pids eth0.3299 = 1994, 
eth0.3199 = 1996, eth0 = 1998 (pf::services::service_ctl)
Sep 07 15:26:08 pfcmd(1986) INFO: Waiting for pfdhcplistener to stop 
(pf::services::service_ctl)
Sep 07 15:26:10 pfcmd(1986) INFO: /usr/local/pf/sbin/pfdhcplistener status 
(pf::services::service_ctl)
Sep 07 15:26:10 pfcmd(1986) INFO: pfdhcplistener pids eth0.3299 = 2000, 
eth0.3199 = 2002, eth0 = 2004 (pf::services::service_ctl)
Sep 07 15:26:10 pfcmd(1986) INFO: Waiting for