Captive Portal with external RADIUS authentications… help?
-
That's not the interface where your RADIUS server resides it appears, since it's a private IP and that's Internet traffic, and no RADIUS traffic there. Probably need to choose LAN, or which ever interface the firewall uses to reach that RADIUS server.
-
Sorry, long time getting back to this, here is what i believe you were asking for:
16:25:26.372534 IP 192.168.5.11.39631 > 192.168.5.1.8000: tcp 0
16:25:26.375570 IP 192.168.5.1.8000 > 192.168.5.11.39631: tcp 0
16:25:26.375675 IP 192.168.5.11.39631 > 192.168.5.1.8000: tcp 0
16:25:26.377047 IP 192.168.5.11.39631 > 192.168.5.1.8000: tcp 734
16:25:26.377070 IP 192.168.5.1.8000 > 192.168.5.11.39631: tcp 0
16:25:26.395575 IP 192.168.5.1 > 192.168.5.11: ICMP echo request, id 30051, seq 0, length 64
16:25:26.395696 IP 192.168.5.11 > 192.168.5.1: ICMP echo reply, id 30051, seq 0, length 64
16:25:26.446909 IP 192.168.5.1.26905 > 192.168.5.11.1812: UDP, length 128
16:25:29.449781 IP 192.168.5.1.26905 > 192.168.5.11.1812: UDP, length 128
16:25:32.560983 IP 192.168.5.1.8000 > 192.168.5.11.39631: tcp 1448
16:25:32.561453 IP 192.168.5.11.39631 > 192.168.5.1.8000: tcp 0
16:25:32.575984 IP 192.168.5.1.8000 > 192.168.5.11.39631: tcp 1347
16:25:32.576325 IP 192.168.5.11.39631 > 192.168.5.1.8000: tcp 0
16:25:32.590979 IP 192.168.5.1.8000 > 192.168.5.11.39631: tcp 5
16:25:32.591076 IP 192.168.5.11.39631 > 192.168.5.1.8000: tcp 0
16:25:32.591207 IP 192.168.5.11.39631 > 192.168.5.1.8000: tcp 0
16:25:32.593984 IP 192.168.5.1.8000 > 192.168.5.11.39631: tcp 0
16:25:32.594080 IP 192.168.5.11.39631 > 192.168.5.1.8000: tcp 0
16:25:32.898495 IP 192.168.5.11.46911 > 128.91.79.58.21: tcp 0
16:25:32.902084 IP 192.168.5.11.54841 > 192.168.5.1.53: UDP, length 41
16:25:32.903003 IP 192.168.5.1.53 > 192.168.5.11.54841: UDP, length 57
16:25:32.903213 IP 192.168.5.11.46913 > 128.91.79.58.21: tcp 0
16:25:33.049014 IP 128.91.79.58.21 > 192.168.5.11.46911: tcp 0
16:25:33.049019 IP 128.91.79.58.21 > 192.168.5.11.46911: tcp 0
16:25:33.049126 IP 192.168.5.11.46911 > 128.91.79.58.21: tcp 0
16:25:33.050014 IP 128.91.79.58.21 > 192.168.5.11.46913: tcp 0
16:25:33.050081 IP 192.168.5.11.46913 > 128.91.79.58.21: tcp 0
16:25:33.069336 IP 192.168.5.11.39631 > 192.168.5.1.8000: tcp 0
16:25:33.263029 IP 192.168.5.1.8000 > 192.168.5.11.39631: tcp 0
16:25:38.699328 IP 192.168.5.11.39633 > 192.168.5.1.8000: tcp 0
16:25:38.730389 IP 192.168.5.1.8000 > 192.168.5.11.39633: tcp 0
16:25:38.730501 IP 192.168.5.11.39633 > 192.168.5.1.8000: tcp 0
16:25:38.730693 IP 192.168.5.11.39633 > 192.168.5.1.8000: tcp 620
16:25:38.730713 IP 192.168.5.1.8000 > 192.168.5.11.39633: tcp 0
16:25:38.750390 IP 192.168.5.1 > 192.168.5.11: ICMP echo request, id 61555, seq 0, length 64
16:25:38.750492 IP 192.168.5.11 > 192.168.5.1: ICMP echo reply, id 61555, seq 0, length 64
16:25:38.814628 IP 192.168.5.1.34064 > 192.168.5.11.1812: UDP, length 128
16:25:41.803629 IP 192.168.5.1.34064 > 192.168.5.11.1812: UDP, length 128
16:25:44.814605 IP 192.168.5.1.8000 > 192.168.5.11.39633: tcp 1448
16:25:44.814952 IP 192.168.5.11.39633 > 192.168.5.1.8000: tcp 0
16:25:44.829794 IP 192.168.5.1.8000 > 192.168.5.11.39633: tcp 1347
16:25:44.830119 IP 192.168.5.11.39633 > 192.168.5.1.8000: tcp 0
16:25:44.844794 IP 192.168.5.1.8000 > 192.168.5.11.39633: tcp 5
16:25:44.844891 IP 192.168.5.11.39633 > 192.168.5.1.8000: tcp 0
16:25:44.845022 IP 192.168.5.11.39633 > 192.168.5.1.8000: tcp 0
16:25:44.850788 IP 192.168.5.1.8000 > 192.168.5.11.39633: tcp 0
16:25:44.850880 IP 192.168.5.11.39633 > 192.168.5.1.8000: tcp 0
16:25:45.321124 IP 192.168.5.11.39633 > 192.168.5.1.8000: tcp 0
16:25:45.339823 IP 192.168.5.1.8000 > 192.168.5.11.39633: tcp 0
16:25:46.170887 IP 192.168.5.11.60527 > 192.168.5.1.53: UDP, length 49
16:25:46.175882 IP 192.168.5.1.53 > 192.168.5.11.60527: UDP, length 83
16:25:46.176064 IP 192.168.5.11.48559 > 192.168.5.1.53: UDP, length 49
16:25:46.179883 IP 192.168.5.1.53 > 192.168.5.11.48559: UDP, length 339
16:25:46.180103 IP 192.168.5.11.40677 > 192.168.5.1.53: UDP, length 49
16:25:46.187885 IP 192.168.5.1.53 > 192.168.5.11.40677: UDP, length 339
16:25:46.188422 IP 192.168.5.11.42383 > 74.125.234.44.80: tcp 0
16:25:46.309902 IP 74.125.234.44.80 > 192.168.5.11.42383: tcp 0
16:25:46.310004 IP 192.168.5.11.42383 > 74.125.234.44.80: tcp 0
16:25:46.310258 IP 192.168.5.11.42383 > 74.125.234.44.80: tcp 1016
16:25:46.400899 IP 74.125.234.44.80 > 192.168.5.11.42383: tcp 0
16:25:46.401892 IP 74.125.234.44.80 > 192.168.5.11.42383: tcp 499
16:25:46.402072 IP 192.168.5.11.42383 > 74.125.234.44.80: tcp 0
16:25:46.402237 IP 192.168.5.11.42383 > 74.125.234.44.80: tcp 0
16:25:46.402951 IP 192.168.5.11.39635 > 192.168.5.1.8000: tcp 0
16:25:46.528915 IP 74.125.234.44.80 > 192.168.5.11.42383: tcp 0
16:25:46.529901 IP 74.125.234.44.80 > 192.168.5.11.42383: tcp 0
16:25:46.529994 IP 192.168.5.11.42383 > 74.125.234.44.80: tcp 0
16:25:46.544908 IP 192.168.5.1.8000 > 192.168.5.11.39635: tcp 0
16:25:46.545141 IP 192.168.5.11.39635 > 192.168.5.1.8000: tcp 0
16:25:46.545318 IP 192.168.5.11.39635 > 192.168.5.1.8000: tcp 554
16:25:46.575443 IP 192.168.5.1 > 192.168.5.11: ICMP echo request, id 24208, seq 0, length 64
16:25:46.575557 IP 192.168.5.11 > 192.168.5.1: ICMP echo reply, id 24208, seq 0, length 64
16:25:46.757923 IP 192.168.5.1.8000 > 192.168.5.11.39635: tcp 0
16:25:46.818927 IP 192.168.5.1.8000 > 192.168.5.11.39635: tcp 1448
16:25:46.819389 IP 192.168.5.11.39635 > 192.168.5.1.8000: tcp 0
16:25:47.151947 IP 192.168.5.1.8000 > 192.168.5.11.39635: tcp 1330
16:25:47.152390 IP 192.168.5.11.39635 > 192.168.5.1.8000: tcp 0
16:25:47.528974 IP 192.168.5.1.8000 > 192.168.5.11.39635: tcp 0Still having the same problem and descperately need it solved.. thanks in advance
-
There you go, here are your access requests.
16:25:26.446909 IP 192.168.5.1.26905 > 192.168.5.11.1812: UDP, length 128
16:25:29.449781 IP 192.168.5.1.26905 > 192.168.5.11.1812: UDP, length 128Note there is nothing in response, so check your RADIUS server's logs.
-
Thanks for that, ill have to try and work out how to find this in the radius server logs and report back. When i am on the radius server i can authenticate so i know its working.. The radius server has no firewall installed so i have to assume there is something wrong with pfSense with this..
-
The radius server has no firewall installed so i have to assume there is something wrong with pfSense with this..
I don't know specifics of your radius server, but some servers have configuration files that can specify access restrictions (e.g. "only talk with clients from these IP addresses").
-
I don't know specifics of your radius server, but some servers have configuration files that can specify access restrictions (e.g. "only talk with clients from these IP addresses").
This. The problem is without question on the RADIUS server, and this is the most likely cause, most all won't answer requests over the network without properly defining the host and its secret.
-
Interesting.. i will have to take a look at this.. I am though defining the host, port and secret in the settings for the RADIUS server uthentication on the captive portal.
SO it possibly has a setting in the RADIUS conf that will not allow authentication from another machine?
-
Every RADIUS server has to have its clients defined in its config.
-
Ok, so by client you are not talking about users right? you mean as in the ip address of the pfsense box has to be defined in the radiusd.conf?
-
Yes, the firewall is the RADIUS client.
-
Can someone tell me how to add the client to radius conf?
Not sure how this is done and i dont want to break something..
-
Depends on what RADIUS server you're using. Generally a better question for the RADIUS server's forum or list, though some here may know the particular server you're using.
-
No worries, i worked it out.. Authentication is now working to my FreeRADIUS server through captive portal.
On a side note, does anyone know of any good software that i can use for billing?