Change captive portal detected WAN IP address for radius auth

rocca

Hello Guys,

Thanks to Belgacon, our national internet provider, I have a problem with captive portal.

My internet providers forces users to be inside a LAN subnet behind their own router.

The problem is that when I try to connect to my freeradius server (on another site), the NAS-IP-Address field sent by pfsense is its WAN address, who is not its real WAN address but the one within the provider's LAN, and so the authentication is rejected with a  Reply-Message = "NAS not found!"  >:(

I tried to change my captiveportal.inc with the following values but no way….

function getNasIP()
{
   $nasIp = "194.78.xxx.xxx" ;

}

Has someone experienced it yet? And how to solve it?

Is it not a way to explicitly tell the captive portal service to send a custom IP instead of the detected WAN address??

Thank you by advance for the help and please excuse my bad english...

Thierry

rocca

Hi everybody,

It works!

Finally i've modified /etc/inc.captiveportal.inc with the following values :

function getNasIP()
{
    $nasIp = "194.78.xxx.xxx";
    if(!$nasIp)
        $nasIp = "0.0.0.0";
    return $nasIp;
}

and rebooted my device… (this is what I did not do first time)

After this, my radius messages were looking better

NAS-IP-Address = 194.78.xxx.xxx
        NAS-Identifier = "456.yyyyy.be"
        User-Name = "testuser"
        Acct-Status-Type = Start
        Acct-Authentic = RADIUS
        Service-Type = Login-User
        NAS-Port-Type = Ethernet
        NAS-Port = 7
        Acct-Session-Id = "221de044d5aee762"
        Framed-IP-Address = 10.1.0.10
        Called-Station-Id = "5c:d9:98:aa:bb:cc"
        Calling-Station-Id = "00:21:5d:aa:bb:cc"

Mister developers, is it not a way to add a field on captive portal configuration page to permit to manually change the WAN IP address? I think it should be grandly appreciated...

Thierry