Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Adding X amount of Mac Addresses in Captive Portal whitelist (csv etc.)

    Captive Portal
    4
    6
    2130
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      PRNOHFT last edited by

      Hi all,

      I tried searching for a way to add X amount of users to whitelist (1188 users to be precise) onto the captive portal allowed mac address but adding one by one would take a while. Is there a way for us to import a list? I have the XML with me and looking at the backup configs I can see the users that I added in (I only added about 8?). Is there a template that I can follow?

      1 Reply Last reply Reply Quote 0
      • T
        tomj last edited by

        I am also looking for some type of an automated method where I can have a remote Linux server directly add/modify/delete mac address in the Captive Portal Mac Pass-Through in PfSense using a SSH CLI.  I am pretty good with automated telnet/ssh scripts using expect, but I have no idea how to use an automated web interface using a program something like WGET or CURL.

        I have about 1,000 clients and use CP with Radius checks to an external FreeRadius server.  Although it works, it has it's problems.  Sometimes a MAC will be in my Radius users file but CP will not authenticate the MAC.  However, the CP MAC pass-through appears to always work.

        I think I started seeing this problem somewhere around PfSense 2.1.5 where Captive Portal checking to an external Radius server started breaking and not authenticating all MAC address.

        S 1 Reply Last reply Reply Quote 0
        • P
          PRNOHFT last edited by

          OK I might have found a way but it is;
          1.) tedious
          2.) time consuming-ish
          3.) i don't like it

          Save a backup.xml of pfsense (Diagnostics - Backup/Restore) and use an XML Editor (I'm using editix XML editor. its FREE~).
          Look for the function that is <passthrumac></passthrumac>. You should see an example if you have one mac address in the config.
          In an Excel file, add 3 columns. action in one column,  mac in the second and descr in the third.
          For the action column. Just type pass for all the users that you want (i think you can set it to deny as well?).
          The 'mac' column has to be in aa:bb:cc:dd:ee:ff format.
          the descr column can be anything because its description.
          Once you're ready, use an online CSV to XML converter (or if you have one handy. I don't. I use http://www.luxonsoftware.com/converter/csvtoxml)
          Keep the settings to default.

          Here is the tough part.
          In Editix, Ctrl + F your way to replace
          <descr>to to ]]></descr>
          <table1>to <passthrumac></passthrumac></table1> to

          Ensure that when you press Ctrl + F, the options have Case Sensitive and Regular Expressions checked. (this is using Editix XML Editor)

          Once you've done that you should see that the config is similar or CLOSE to what PFSense had. Copy all of the contents and save the XML.
          Restore it.

          Pray to gods of open source it works.

          And you're done!
          Total time I took is around 30 mins for my first time.

          1 Reply Last reply Reply Quote 0
          • P
            PRNOHFT last edited by

            Alright I tried this method but it seems that some devices do not go through Mac Authentication despite the mac address is inside the allowed MAC. Anyone can help / explain?

            Thanks.

            I'm running ESXi + Pfsense w/ FreeRADIUS btw.

            1 Reply Last reply Reply Quote 0
            • S
              serlogo53 @tomj last edited by

              @tomj hi. How do you add Mac adresi in cli? Can you help me?

              Gertjan 1 Reply Last reply Reply Quote 0
              • Gertjan
                Gertjan @serlogo53 last edited by

                @serlogo53
                After more then 6 years, pfSense still doesn't have a API or 'cli' access to all it's settings.
                pfSense is web based.

                It can be done, of course, as the GUI is after all just good old plain PHP.

                If you are using and can work with FreeRadius : https://wiki.freeradius.org/guide/mac-auth#plain-mac-auth

                But ..... check out /usr/local/etc/raddb/sites-enabled/default, line 24 :

                ##### AUTHORIZE FOR PLAIN MAC-AUTH IS DISABLED #####
                

                which means you have to modify the FreeRadius pfSense packet source files yourself .....

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post

                Products

                • Platform Overview
                • TNSR
                • pfSense
                • Appliances

                Services

                • Training
                • Professional Services

                Support

                • Subscription Plans
                • Contact Support
                • Product Lifecycle
                • Documentation

                News

                • Media Coverage
                • Press
                • Events

                Resources

                • Blog
                • FAQ
                • Find a Partner
                • Resource Library
                • Security Information

                Company

                • About Us
                • Careers
                • Partners
                • Contact Us
                • Legal
                Our Mission

                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                Subscribe to our Newsletter

                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                © 2021 Rubicon Communications, LLC | Privacy Policy