Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Radius server on third NIC

    Captive Portal
    3
    6
    4.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bushtor
      last edited by

      Hi,

      I have a pfsense box normally configured with WAN and LAN NICs.  LAN subnet is 192.168.33.0

      I want to enable the captive portal for WAN access but our w2003 server radius service is on another subnet 10.130.34.0  Whan I have installed a third NIC card in the pfsense box and given it an address in this subnet, what else do I need to do to be able to correctly connect the pfsense box to the radius server on this subnet?

      regards

      Tor

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        http://pfsense.com/mirror.php?section=tutorials/cp_config/radius_win2k3.htm

        1 Reply Last reply Reply Quote 0
        • B
          bushtor
          last edited by

          Yeah,

          This is the tutorial I'm using, however as I mentioned in OP the radius server is connected to a third NIC in my pfsense box.  Hence I need to create rule(s) which gives pfsense proper access to its radius server (and not more than that).  If someone can give me some hints on which rules to apply so the pfsense box can communicate to/from the radius server as if the latter was directly connected to the LAN subnet (as it is in the demo).

          My setup is like this:

          Internet
            |
          DHCP
            |
          WAN NIC (id=rl0)
            |
          pfsense box – OPT nic (id=xl1)  IP 10.130.0.35  <-> win2003 DC w/radius IP 10.130.0.5
            |
          LAN nic (id=xl0)
            |
          subnet 192.168.33.0 (with radius authenticated internet users)

          Thanks a lot if someone has a minute ..

          regards,  Tor

          1 Reply Last reply Reply Quote 0
          • H
            hoba
            last edited by

            Radius communication happens between ports 1812, 1645 for authentication and 1813, 1646 for accounting by default (unless you change these values at your server). You should allow these ports at your OPT interface from source <radiusserver ip="">to destination any (try first with any, then tighten the rules after it's working). I'm not really sure why these rules should be needed as the pfSense is opening the connection to the radius server but give it a try.</radiusserver>

            1 Reply Last reply Reply Quote 0
            • B
              bushtor
              last edited by

              As a beginning I tried to apply a very general rule for the OPT interface (which I call 'RADIUS'):

              proto: * 
              source: RADIUS net
              port: *
              destination: *
              port: *
              gateway: *

              Shouldn't this give the same access to the pfsense config GUI (and to a radius server) from this network as if they were connected to the default LAN nic?

              What else do I need to do to have a third nic (called RADIUS) with the same rules and possibilities as the default LAN nic?

              Tor

              1 Reply Last reply Reply Quote 0
              • J
                jeroen234
                last edited by

                action accept
                proto: tcp
                source: LAN net
                port: any
                destination: RADIUS net
                port: 1812-1813
                gateway: default

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.