Change captive portal detected WAN IP address for radius auth



  • Hello Guys,

    Thanks to Belgacon, our national internet provider, I have a problem with captive portal.

    My internet providers forces users to be inside a LAN subnet behind their own router.

    The problem is that when I try to connect to my freeradius server (on another site), the NAS-IP-Address field sent by pfsense is its WAN address, who is not its real WAN address but the one within the provider's LAN, and so the authentication is rejected with a  Reply-Message = "NAS not found!"  >:(

    I tried to change my captiveportal.inc with the following values but no way….

    function getNasIP()
    {
       $nasIp = "194.78.xxx.xxx" ;

    }

    Has someone experienced it yet? And how to solve it?

    Is it not a way to explicitly tell the captive portal service to send a custom IP instead of the detected WAN address??

    Thank you by advance for the help and please excuse my bad english...

    Thierry



  • Hi everybody,

    It works!

    Finally i've modified /etc/inc.captiveportal.inc with the following values :

    function getNasIP()
    {
        $nasIp = "194.78.xxx.xxx";
        if(!$nasIp)
            $nasIp = "0.0.0.0";
        return $nasIp;
    }

    and rebooted my device… (this is what I did not do first time)

    After this, my radius messages were looking better

    NAS-IP-Address = 194.78.xxx.xxx
            NAS-Identifier = "456.yyyyy.be"
            User-Name = "testuser"
            Acct-Status-Type = Start
            Acct-Authentic = RADIUS
            Service-Type = Login-User
            NAS-Port-Type = Ethernet
            NAS-Port = 7
            Acct-Session-Id = "221de044d5aee762"
            Framed-IP-Address = 10.1.0.10
            Called-Station-Id = "5c:d9:98:aa:bb:cc"
            Calling-Station-Id = "00:21:5d:aa:bb:cc"

    Mister developers, is it not a way to add a field on captive portal configuration page to permit to manually change the WAN IP address? I think it should be grandly appreciated...

    Thierry


Locked