Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Feature lost in transaction? M0n0 MAC addreses are gone?

    Captive Portal
    4
    30
    12399
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      alexus last edited by

      I've just solve many RADIUS problems so that FreeRadius can easily work with Captive portal…. but I did noticed that pfSense Caprive portal and M0n0 are diferent,... Mono sens all data that I need such as User MAC and NAS (Mono or pfSense box) MAC... but with pfSense in getting only half of the information send to me? Why? here is what Radius gets when I'm ratting in debug mode:

      Service-Type = Login-User
              User-Name = "alexus"
              NAS-Identifier = "pfSense.local"
              NAS-Port = 0
              NAS-Port-Type = Ethernet
              Acct-Status-Type = Start
              Acct-Authentic = RADIUS
              Acct-Session-Id = "327d19a986eadf00"
              Framed-IP-Address = 192.168.1.199

      I thought we are running exact clone of M0n0 here? Dont we? ???

      1 Reply Last reply Reply Quote 0
      • S
        sullrich last edited by

        Yes we do.  So I am not sure what the problem is.

        1 Reply Last reply Reply Quote 0
        • A
          alexus last edited by

          Basically, the pfSense sends less informattion for radius accounting, I dot know why but it is… it doesnt send Calling Staton ID and Called Staton ID....  I have absolutly the same configs for Mono and Pfsense, but I getting diferent accounting responses..

          Ive made a txt file where you can see the diferense in accounting records... as you can seee everything is identical but mono sends more informatiom. Also the hardware is the same, I just swaped the CF cards....  I dono, maybe some part of orogonal mono file was missing? well it has only 3 files to it... but i see you added extra page that shows the user status, and maybe that one "kill" the wariables or something?

          Any ideas?

          [pfSense Acc debug.txt](/public/imported_attachments/1/pfSense Acc debug.txt)

          1 Reply Last reply Reply Quote 0
          • S
            sullrich last edited by

            No, I don't think we missed anything. We sync'd everything that I could find.

            Word is that there will be a new m0n0wall release soon.  If so, then we'll most likely import the captive portal changes (again).

            1 Reply Last reply Reply Quote 0
            • A
              alexus last edited by

              yes they have 1.23b

              1 Reply Last reply Reply Quote 0
              • S
                sullrich last edited by

                Isn't that the FreeBSD 6 beta?  Not exactly what I am talking about.

                1 Reply Last reply Reply Quote 0
                • A
                  alexus last edited by

                  well I didnt really paid attention on what it runs but I know it has impruvcements for captive portal anyway…

                  1 Reply Last reply Reply Quote 0
                  • A
                    alexus last edited by

                    what is the file name for captive portal index.php? and what is the name for accounting.php (or whatever it used to be called in mono) I want to chek if it cheks for MAC?  Because in original it will not let it work if there is no user MAC….

                    1 Reply Last reply Reply Quote 0
                    • J
                      jeroen234 last edited by

                      dit you eneable the mac check on the pfsense portal pages ?
                      if not than mac adress is ignored and ipadress is used

                      1 Reply Last reply Reply Quote 0
                      • A
                        alexus last edited by

                        Isnt that function is tryyingto use MAC as both username and pass to identify user?
                        I will try it too? Just in case

                        1 Reply Last reply Reply Quote 0
                        • A
                          alexus last edited by

                          jeroen234, I did the trial ran for what u sudgested, and as I said it didnt work, because this fature is designed for diferent purpuse… it works like major cable troviders do for theit clients... so that they dont have to use username and passwords... they just go online right away...

                          BUT, what  I found is that this feature dosnt work as it desined too... It suppose to send Radius-Request when I open web brower but it doesnt... Debug off everything is attached, I used my username to login...

                          So, I dont know why, but big part of m0n0 functionality is gone?  :(

                          Ready to process requests.
                          rad_recv: Access-Request packet from host 192.168.0.102:60873, id=214, length=79
                                  Service-Type = Login-User
                                  User-Name = "alexus"
                                  User-Password = "xxxxxxxx"
                                  NAS-Identifier = "pfSense.local"
                                  NAS-Port = 0
                                  NAS-Port-Type = Ethernet
                          rlm_sql (sql): Reserving sql socket id: 3
                          rlm_sql (sql): Released sql socket id: 3
                          Sending Access-Accept of id 214 to 192.168.0.102 port 60873
                          rad_recv: Accounting-Request packet from host 192.168.0.102:50951, id=195, length=97
                                  Service-Type = Login-User
                                  User-Name = "alexus"
                                  NAS-Identifier = "pfSense.local"
                                  NAS-Port = 0
                                  NAS-Port-Type = Ethernet
                                  Acct-Status-Type = Start
                                  Acct-Authentic = RADIUS
                                  Acct-Session-Id = "1285ff05b364519a"
                                  Framed-IP-Address = 192.168.1.199
                          rlm_sql (sql): Reserving sql socket id: 2
                          rlm_sql (sql): Released sql socket id: 2
                          Sending Accounting-Response of id 195 to 192.168.0.102 port 50951

                          1 Reply Last reply Reply Quote 0
                          • S
                            sullrich last edited by

                            The code is there, I promise you.  Why its not working is beyond me.

                            1 Reply Last reply Reply Quote 0
                            • A
                              alexus last edited by

                              I think, i found the proble, did you use the Captive Portal from M0n0 SVN? (http://svn.m0n0.ch/wall/branches/freebsd5/captiveportal/)  Because I'm looking at the file right now and I think it is different from the one that they have in actual relseae.

                              1 Reply Last reply Reply Quote 0
                              • S
                                sullrich last edited by

                                Their file in SVN has not even been released yet!  We are not using that until they release it.

                                1 Reply Last reply Reply Quote 0
                                • A
                                  alexus last edited by

                                  ok, … can i take a look on the file that you are using? did you keep the original names? and what is the location of files?

                                  1 Reply Last reply Reply Quote 0
                                  • S
                                    sullrich last edited by

                                    Look in cvsweb.

                                    1 Reply Last reply Reply Quote 0
                                    • A
                                      alexus last edited by

                                      i serched all over the plce but missed the directory i need (murphy's law) can u just tell me the location?

                                      1 Reply Last reply Reply Quote 0
                                      • S
                                        sullrich last edited by

                                        http://pfsense.com/cgi-bin/cvsweb.cgi/pfSense/etc/inc/captiveportal.inc
                                        http://pfsense.com/cgi-bin/cvsweb.cgi/pfSense/usr/local/captiveportal/

                                        1 Reply Last reply Reply Quote 0
                                        • A
                                          alexus last edited by

                                          ok, I think the problem is in Dropdown menu that select either "defult" or "cisco" type … thats the only thing that I can think off....

                                          1 Reply Last reply Reply Quote 0
                                          • S
                                            sullrich last edited by

                                            Did not modify that…

                                            1 Reply Last reply Reply Quote 0
                                            • A
                                              alexus last edited by

                                              :-(

                                              1 Reply Last reply Reply Quote 0
                                              • J
                                                jeroen234 last edited by

                                                @alexus:

                                                jeroen234, I did the trial ran for what u sudgested, and as I said it didnt work, because this fature is designed for diferent purpuse… it works like major cable troviders do for theit clients... so that they dont have to use username and passwords... they just go online right away...

                                                BUT, what  I found is that this feature dosnt work as it desined too... It suppose to send Radius-Request when I open web brower but it doesnt... Debug off everything is attached, I used my username to login...

                                                So, I dont know why, but big part of m0n0 functionality is gone?  :(

                                                Ready to process requests.
                                                rad_recv: Access-Request packet from host 192.168.0.102:60873, id=214, length=79
                                                        Service-Type = Login-User
                                                        User-Name = "alexus"
                                                        User-Password = "xxxxxxxx"
                                                        NAS-Identifier = "pfSense.local"
                                                        NAS-Port = 0
                                                        NAS-Port-Type = Ethernet
                                                rlm_sql (sql): Reserving sql socket id: 3
                                                rlm_sql (sql): Released sql socket id: 3
                                                Sending Access-Accept of id 214 to 192.168.0.102 port 60873
                                                rad_recv: Accounting-Request packet from host 192.168.0.102:50951, id=195, length=97
                                                        Service-Type = Login-User
                                                        User-Name = "alexus"
                                                        NAS-Identifier = "pfSense.local"
                                                        NAS-Port = 0
                                                        NAS-Port-Type = Ethernet
                                                        Acct-Status-Type = Start
                                                        Acct-Authentic = RADIUS
                                                        Acct-Session-Id = "1285ff05b364519a"
                                                        Framed-IP-Address = 192.168.1.199
                                                rlm_sql (sql): Reserving sql socket id: 2
                                                rlm_sql (sql): Released sql socket id: 2
                                                Sending Accounting-Response of id 195 to 192.168.0.102 port 50951

                                                on this debug list you are oke

                                                the only thing i can think off is that you dit'n open on youre wan conection the ports 1812 and 1813
                                                on witch you radius server has to send its radius pakets to pfsense

                                                1 Reply Last reply Reply Quote 0
                                                • A
                                                  alexus last edited by

                                                  isnt it reverse? NAS send request to the radius server? and then gets replay with Access_accept or Access-Reject… ?  Actuall accounting packets are stored in radius itself or im My Sql, but nas does not send accounting info

                                                  1 Reply Last reply Reply Quote 0
                                                  • J
                                                    jeroen234 last edited by

                                                    the access data is send on port 1812 to the radius server
                                                    and will be send back on port 1812 from the radius server a oke or a reject

                                                    same for accounting now using port 1813

                                                    1 Reply Last reply Reply Quote 0
                                                    • A
                                                      alexus last edited by

                                                      but avvording to standard the acc paks are not sent back to NAS… thet sent from NAS to Radius and that is it... mean while AVPs are sent on 1812 in both directioons

                                                      1 Reply Last reply Reply Quote 0
                                                      • J
                                                        jeroen234 last edited by

                                                        accounting pakets are not send back
                                                        but what is send is a oke or a reject
                                                        on a reject bv when the time is empty for that user

                                                        when portal resieves the reject it disconect the user
                                                        on oke the user can contineu to surf

                                                        i have pfsense check every 60 sec. with the radius server if the user is still oke to surf

                                                        1 Reply Last reply Reply Quote 0
                                                        • A
                                                          alexus last edited by

                                                          yes, but I didnt say that I have problems with logging in, the user is authenticfated and allowed to access external network, the accounting pakt is sent to MySQL server and recorded, the problem is that accounting packt is not full, it is mising banch of stuff such as MAC addreses and octans etc…

                                                          1 Reply Last reply Reply Quote 0
                                                          • A
                                                            alexus last edited by

                                                            jeroen234, to make sure that im not mostaken, I set WAN rules to Allow * to * from *  (aka "hakers are welcome"  ;) ) well as I assdumd it didnt work…

                                                            I also posted the probmen in mono list and someone wrote me that this could be because pfSense is using diferent web server and or OS? is that correct??

                                                            1 Reply Last reply Reply Quote 0
                                                            • A
                                                              aldo last edited by

                                                              i dont see the trouble accounting packets are not forwarded back to the radius server till the session is finished.
                                                              the access request was made the accounting request is recorded.

                                                              where is the rest of you data. close your session in the captive portal and then check the cleanup on your radius server.
                                                              nothing else is needed at stage one. i looks just like our sessions from our NAs boxes to the radius server.

                                                              1 Reply Last reply Reply Quote 0
                                                              • A
                                                                alexus last edited by

                                                                yep u are correct, everywjhere exept the part tha MAC addresses are sent during Accounting-Start…. all other junk thta I dont care about is sent when Accounting-Stop is sent :-(

                                                                1 Reply Last reply Reply Quote 0
                                                                • First post
                                                                  Last post