Radius Test in Captive Portal $150



  • to be able to perform a simple radius authentication test from the captive portal configuration page.

    To have an option where you can test using a username and password and validate that radius setup is valid and working.  If yes a popup or message saying success.  If not see the error message in the log.

    I have about 20 firewalls which use Captive Portal for radius.  Sometimes we are not able to go onsite and to test the radius connectivity from that IP or we make changes in the evening after hours and want to validate it is working before the wireless users come in.  Being able to quickly validate would be great!



  • Can it be an external url to do not touch captive portal page?

    If so, I can do that.



  • define external url.  It would have to be within the local network since the RADIUS NAS IP attribute is the ip of the gateway which is used with the radius.  by different URL you mean a different url on the pfsense?



  • @kapara:

    define external url.  It would have to be within the local network since the RADIUS NAS IP attribute is the ip of the gateway which is used with the radius.  by different URL you mean a different url on the pfsense?

    I mean a url on pfsense server but not integrated with captive config gui that does the radius/auth check.



  • so something like https://10.10.10.1/radtest.htm or php

    Field for username
    Field for password

    Have it use the existing radius information for test and provide visual results?

    Ex.

    Radius Server 1

    Sending authentication request to server 111.111.111.111:1812
    Tansmitting packet, code=1 id=0 length=48
    received resp[onse from server in 50 milliseconds
    reply packet code=2 id=0 length=20
    response: access-accept

    Radius Server 2

    Sending authentication request to server 222.222.222.222:2683
    Tansmitting packet, code=1 id=0 length=48
    received resp[onse from server in 50 milliseconds
    reply packet code=2 id=0 length=20
    response: access-accept



  • This will come by default when things will be moved to centralized authentication even for CP.
    Probably with next version of pfSense.
    All the code is there for this as diagnostic authentication just it was never added to CP for lack of interest on this.

    I think you better donate this to pfSense for merging the CP settings with the centralized management rather than this!



  • Is the centralized management going to be part of the pfsense firewall (Built in) or is it going to be a cloud paid service?  I have not heard much on the centralized management.


  • LAYER 8 Moderator

    @ermal: centralized authentication like "all services on one pfSense installation using the same auth method" or like "one device (or an external gui installation)" that controls multiple pfsense installations?



  • Hello, I have been working on it a bit and have been able to put together something like this so far.

    List Radius server status for selected zone. For each zone it will get the Authentication Protocol, all the Radius IPs (upto 4 per zone), and Auth Port if entered (1812 default) and Secret Key for each IP. I have not yet added an ability to change the username and password (just using test//testing123). It should be possible though. It also logs the data to /tmp/radiusstatus.log

    Screen shot for Services -> Captive Portal

    and the resulting Status -> Captive Portal page

    (my radius server was down during the test haha) If you would like I can probably add a tab in Status for Radius Servers if you would like to keep the status of Captive Portals and the Radius Servers separate. Also from what I tried, you need to add the freeradius package. (I only added the FreeBSD one, might be better to add the pfSense one for more control.)

    Let me know if you are interested and if so how you would prefer it. Also if I do end up finishing it for the bounty I would like to be able to provide the changes to everyone.


Log in to reply