Hi All,
For the last couple of months, we have been working on setting up corporate and
guest access for wireless devices using Packetfence 4.3.
A fantastic product which we would love to be able to leverage in our
environment (a Tasmanian government department).
Currently we have a PF VM, with a dedicated NIC on each VLAN; ie; mgmt, reg,
guest, trusted, isolation.
Access points are OpenWRT on Ubiquiti Unifi. Two flavours....OpenWRT 12.09, and
14.07
Two SSIDs; 'Access' for open mac auth to registration vlan, and 'Secure' for
trusted AD authentication using captive portal and wireless provisioning
profile.
Aps have their dynamic VLAN for hostapd configured as per PF device guide, ie;
replace hostapd.sh, create a hostapd.vlan file etc.
As proof of concept we have managed to get everything we need in PacketFence
working ie; DHCP, radius, captive portal, provisioning, role-based vlan
access,etc.
It would seem that the last hurdle for us to overcome is to configure OpenWRT
in a stable fashion.
I apologise for posting here, as I don't believe this is a problem with
Packetfence at all, but I was hoping that someone may have had a similar
experience, or could offer some suggestions?
Without going into too much logfile detail at this point, here are the two
issues observed...
1. For OpenWRT 12.09, we continually experience the dynamic bridge
interfaces falling over, along the lines of:
Kernel: [xxxxxxx.xxxxx] brvlan340:port 1(wlan0.340) entered disabled state
The only way to recover is to restart wifi, which sometimes works, sometimes
not.
2. For OpenWRT 14.07, because of the move to 'netifd' the configuration
of hostpad, and the location of the hostapd.sh file has changed to
/lib/netifd/hostapd.sh
Replacing the hostapd.sh file with the supplied Packetfence 4.3 file breaks the
radio0 device and gives errors such as:
netifd: radio0 (819): ./mac80211.sh: eval: line 1: config_get: not found
&
netifd: radio0 (819): sh: bad number
Again, I realise that this is more an OpenWRT issue, and likely that the PF4.3
hostapd.sh is not compatible with netifd.
I haven't ruled out the possibility that maybe the Unifi AP chipset is just not
going to cut it, as Ubiquiti have been promising dynamic vlan support in their
firmware for years now.
If anyone is able to offer any advice or experience, on either of these two
issues, it would be greatly appreciated.
Alternatively, if anyone has had PF/OpenWRT success with another model of
access point, would be really helpful too.
Thanks in advance,
Dan Hack
Network Administrator
Corporate Information Technology
DPIPWE
p: (03) 6165 4484
f: (03) 6224 1388
e: [email protected]
________________________________
CONFIDENTIALITY NOTICE AND DISCLAIMER
The information in this transmission may be confidential and/or protected by
legal professional privilege, and is intended only for the person or persons to
whom it is addressed. If you are not such a person, you are warned that any
disclosure, copying or dissemination of the information is unauthorised. If you
have received the transmission in error, please immediately contact this office
by telephone, fax or email, to inform us of the error and to enable
arrangements to be made for the destruction of the transmission, or its return
at our cost. No liability is accepted for any unauthorised use of the
information contained in this transmission.
------------------------------------------------------------------------------
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
