PFSense202 and FR2 won't work together (in my box)
-
Hi,
read all I could find about CP and FR2 package but can't manage to make them work together.
FR2 is running and gives fine results when checked against with radtest from the PF.
CP is working fine with Vouchers and local user databases.When I Set the CP to use Radius, no Login-Page is presented to the user, It just times out.
Nothing useful can be found in the logfiles. It looks like CP doesn't connects to the FR2.If I'm right, the FR2 is connected locally? User requests CP, CP requests FR2. That said, the 127.0.0.1 connects to the FR2, correct?
FR2 is said to be running on the LAN IP. Any changes between using 127.0.0.1 or the LAN IP didn't help.Anybody knows what I am missing?
Thanks, Mark.
-
If I'm remembering right you should use LAN ip with FR2, no localhost.
-
Thanks, yes that's what I did. SF2 listens at LAN-IP,
NAS/Clients allowed are LAN-IP and 127.0.0.1 as well.
-
Does it work or not?
-
No, it doesn't. Already tried your suggestion before.
Sorry for being unclear.
-
Can you share screenshots of FR2 settings? at least client list would be nice.
-
Hi,
check this page:
http://doc.pfsense.org/index.php/FreeRADIUS_2.x_package#HOW-TO_-FreeRADIUS.2B_Captive_Portal_configuration1.) create a listening interface on freeradius –> interfaces at least with authentication port
2.) add the CP as a client on freeradius --> NAS/client. The IP address of the NAS/CP is the NAS-ID you can set on CP I suppose
3.) the shared secret on CP and on freeradius --> NAS/clients must be the same. Perhaps try a sharedsecret like "password" to make sure there are no "critical" symbols.Enable logging on freeradius --> settings to syslog
-
Thanks for your help guys.
Just set up a new pfsense with new hardware and trying again now.
Will let you know about the results.
-
Solved my problem.
The client I tried used a different DNS-Server than the PFSenses LAN-Interface.
The CP doesn't seem to use a static route to redirect the client to the login page, it just replies all DNS requests with the portal's IP-address.
If you use another DNS, you never get there…Could you perhaps add a line to the docs that the DNS-Server used for CP/Radius has to be the pfSense itself?
I've seen a note one should use DHCP, but I think this is optional as long as the DNS entry shows to pfSense.Thank you for your help!
-
Solved my problem.
The client I tried used a different DNS-Server than the PFSenses LAN-Interface.
The CP doesn't seem to use a static route to redirect the client to the login page, it just replies all DNS requests with the portal's IP-address.
If you use another DNS, you never get there…Could you perhaps add a line to the docs that the DNS-Server used for CP/Radius has to be the pfSense itself?
I've seen a note one should use DHCP, but I think this is optional as long as the DNS entry shows to pfSense.Thank you for your help!
You wrote in your first post:
CP is working fine with Vouchers and local user databases.
So I assume that CP worked without RADIUS.
The solution you provided is independent from freeradius. The DNS of the clients must always be the LAN's IP address - no matter if CP uses local user database, RADIUS or something else. :)