Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFSense202 and FR2 won't work together (in my box)

    Scheduled Pinned Locked Moved Captive Portal
    10 Posts 3 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Mark Spillage
      last edited by

      Hi,

      read all I could find about CP and FR2 package but can't manage to make them work together.

      FR2 is running and gives fine results when checked against with radtest from the PF.
      CP is working fine with Vouchers and local user databases.

      When I Set the CP to use Radius, no Login-Page is presented to the user, It just times out.
      Nothing useful can be found in the logfiles. It looks like CP doesn't connects to the FR2.

      If I'm right, the FR2 is connected locally? User requests CP, CP requests FR2. That said, the 127.0.0.1 connects to the FR2, correct?
      FR2 is said to be running on the LAN IP. Any changes between using 127.0.0.1 or the LAN IP didn't help.

      Anybody knows what I am missing?

      Thanks, Mark.

      1 Reply Last reply Reply Quote 0
      • M
        Metu69salemi
        last edited by

        If I'm remembering right you should use LAN ip with FR2, no localhost.

        1 Reply Last reply Reply Quote 0
        • M
          Mark Spillage
          last edited by

          Thanks, yes that's what I did. SF2 listens at LAN-IP,
          NAS/Clients allowed are LAN-IP and 127.0.0.1 as well.

          1 Reply Last reply Reply Quote 0
          • M
            Metu69salemi
            last edited by

            Does it work or not?

            1 Reply Last reply Reply Quote 0
            • M
              Mark Spillage
              last edited by

              No, it doesn't. Already tried your suggestion before.
              Sorry for being unclear.

              1 Reply Last reply Reply Quote 0
              • M
                Metu69salemi
                last edited by

                Can you share screenshots of FR2 settings? at least client list would be nice.

                1 Reply Last reply Reply Quote 0
                • N
                  Nachtfalke
                  last edited by

                  Hi,

                  check this page:
                  http://doc.pfsense.org/index.php/FreeRADIUS_2.x_package#HOW-TO_-FreeRADIUS.2B_Captive_Portal_configuration

                  1.) create a listening interface on freeradius –> interfaces at least with authentication port
                  2.) add the CP as a client on freeradius --> NAS/client. The IP address of the NAS/CP is the NAS-ID you can set on CP I suppose
                  3.) the shared secret on CP and on freeradius --> NAS/clients must be the same. Perhaps try a sharedsecret like "password" to make sure there are no "critical" symbols.

                  Enable logging on freeradius --> settings to syslog

                  1 Reply Last reply Reply Quote 0
                  • M
                    Mark Spillage
                    last edited by

                    Thanks for your help guys.
                    Just set up a new pfsense with new hardware and trying again now.
                    Will let you know about the results.

                    1 Reply Last reply Reply Quote 0
                    • M
                      Mark Spillage
                      last edited by

                      Solved my problem.

                      The client I tried used a different DNS-Server than the PFSenses LAN-Interface.
                      The CP doesn't seem to use a static route to redirect the client to the login page, it just replies all DNS requests with the portal's IP-address.
                      If you use another DNS, you never get there…

                      Could you perhaps add a line to the docs that the DNS-Server used for CP/Radius has to be the pfSense itself?
                      I've seen a note one should use DHCP, but I think this is optional as long as the DNS entry shows to pfSense.

                      Thank you for your help!

                      1 Reply Last reply Reply Quote 0
                      • N
                        Nachtfalke
                        last edited by

                        @Mark:

                        Solved my problem.

                        The client I tried used a different DNS-Server than the PFSenses LAN-Interface.
                        The CP doesn't seem to use a static route to redirect the client to the login page, it just replies all DNS requests with the portal's IP-address.
                        If you use another DNS, you never get there…

                        Could you perhaps add a line to the docs that the DNS-Server used for CP/Radius has to be the pfSense itself?
                        I've seen a note one should use DHCP, but I think this is optional as long as the DNS entry shows to pfSense.

                        Thank you for your help!

                        You wrote in your first post:

                        CP is working fine with Vouchers and local user databases.

                        So I assume that CP worked without RADIUS.

                        The solution you provided is independent from freeradius. The DNS of the clients must always be the LAN's IP address - no matter if CP uses local user database, RADIUS or something else.  :)

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.