It uses https 443. It's the worst idea they have ever come up with. Disable the tunneling of dns. It breaks captive portals and also geolocation to get to the cdn closest to you.
Sent from my iPhone > On Mar 1, 2017, at 10:01 PM, Buhagiar, Jon <buhagiar....@ptcollege.edu> wrote: > > Group, > > > We have had PacketFence in place for about a year now. We are using > PacketFence as a captive portal for our Cisco WLC. Once a user has > authenticated it sends the COA to the WLC and it switches the user to the > appropriate VLAN. Runs rock solid! Over the past month I've had a few users > that cannot get to the captive portal. PacketFence gives them an IP, but they > cannot get the captive portal. They can ping it, no problem and admittedly I > have not had them try it by the IP. All of the users are running Windows 10 > and have some sort of AV installed, the last one had Kapersky installed. I > ran across this article > https://sourceforge.net/p/packetfence/mailman/message/35354458/ and it seems > logical. I have not had a person down since I ran across the article. Since > we are a school and do not maintain the user's laptop(s), we hesitate to > suggest removing the AV. > > > Once thought has come to mind... What if we transparent proxy the DNS > traffic back to Packetfence for 53/UDP? That is assuming that the AV software > is using 53/UDP for it's DNS client. Has anyone run into this? If we > transparent proxy the DNS back to PacketFence, is it a fix? Since this > problem looks like it's not going away. > > > Thank you, > > > Jon Buhagiar > > > > > > This message and any attachments are intended only for the use of the > addressee and may contain information that is privileged and confidential. If > the reader of the message is not the intended recipient or an authorized > representative of the intended recipient, you are hereby notified that any > dissemination of this communication is strictly prohibited. If you have > received this communication in error, notify the sender immediately by return > email and delete the message and any attachments from your system. > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
