Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CP using remote RADIUS server prevents Wireless AP's connecting to RADIUS

    Scheduled Pinned Locked Moved
    Captive Portal
    3
    4
    2.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      w1r3b0y
      last edited by

      I have many Access Points on the internal networks which are configured to perform 802.1x RADIUS authentication for clients to connect. The radius server is remote on an external network. When users connect their authentication packets are routed via the PFSense box and to the remote RADIUS server. This works and is a good config.

      When i enable the Captive Portal and configure RADIUS authentication for clients (using the same remote server) this causes the packets from the Access Points to be blocked (or caught) by the PFSense box rather than traversing to the remote network.

      I enabled an exclusion for the AP's in the Allowed IP addresses (inputting the AP addresses) and when i disabled/re-enabled the Captive Portal, this worked but is quickly broken again.

      But once a client has been connected and disconnects, they are not able to connect to the AP's again. In fact the only way to fix the issue is to stop and restart the Captive Portal process. This again only provides temporary connectivity until a client disconnects and the issue starts again.

      can anyone please advise, i suspect that this is either a bug or there is a workaround. any help is much appreciated, ive been up for 2 days trying to solve this one  ;)

      many thanks in advance

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        Did you try adding the mac adresses of the APs? Haven't seen this before. Anything strange in the systemlogs that might explain the behaviour?

        1 Reply Last reply Reply Quote 0
        • W
          w1r3b0y
          last edited by

          thanks for the response.

          i disabled the CP function and found that adding the access points ip addresses to the allowed IP addresses first and saving before then enabling the captive portal (with all the radius server config stuff) seemed to fix this.

          the captive portal is working now in conjunction with the radius auth, so this enables the users to logon to the wireless network using their RADIUS credentials, then when using web browser , i can capture them (for the purposes of redirection to a portal site) and they can use same credentials there.

          1 Reply Last reply Reply Quote 0
          • S
            sullrich
            last edited by

            Thanks, this should be fixed now.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post