Hi jake, Its ok.. thats what I had understood
im just surprised that registration / isolation works with an external dhcp server. I guess thats what the dhcp listener process is there for (snooping the dhcp client information). In general I always expected packetfence to identify the client by the fact that its acting as dhcp server for the registration/isolation networks. In fact, while external dhcp servers can be used for production traffic, isolation/registration is meant to be handled with the internal dhcp (as far as I understand). I mean, the system seems to be working for you otherwise so it probably works fine... but the whole thing is very strange. sorry for derailing the topic. *Diego Garcia del Rio* | CTO | Mediatel S.A. | Tel: +54 11 5218 0463 (x103) | Cel: +54 9 11 4530-4697 | www.mediatel.com.ar | Juan Carlos Cruz 2360 – 4B (1636), Vicente López, Buenos Aires, Argentina | https://goo.gl/maps/NZCFPwVkFFf14cR67 On Thu, 8 Jul 2021 at 15:31, Sallee, Jake via PacketFence-users < packetfence-users@lists.sourceforge.net> wrote: > I apologize if I did not phrase that correctly. > > We ARE using PF for isolation and registration, what we are not using is > the DHCP functionality that PF offers. > > We are using our own DHCP servers to provide IPs to clients for > registration and isolation, as well as the standard production networks. > > Jake Sallee > Godfather of Bandwidth > System Engineer and Security Specialist > University of Mary Hardin-Baylor > WWW.UMHB.EDU > > 900 College St. > Belton, Texas > 76513 > > Fone: 254-295-4658 > Phax: 254-295-4221 > > ________________________________________ > From: Diego García del Río <dgar...@mediatel.com.ar> > Sent: Thursday, July 8, 2021 1:06 PM > To: packetfence-users@lists.sourceforge.net > Cc: Sallee, Jake > Subject: Re: [PacketFence-users] Captive Portal Issue on Mobile Devices > > EXTERNAL Exercise Caution > not using packetfence for isolation/registration is quite surprising. Is > that supported at all? > > Im guessing it works for you.. but still quite surprising. (unless you're > using the built-in captive portal of your APs) > > but if you're using an external dhcp server then the RFC7710 path seems > moot... > > > > Diego Garcia del Rio | CTO | Mediatel S.A. | Tel: +54 11 5218 0463 (x103) > | Cel: +54 9 11 4530-4697 | www.mediatel.com.ar< > http://www.mediatel.com.ar/> | Juan Carlos Cruz 2360 – 4B (1636), Vicente > López, Buenos Aires, Argentina | > https://goo.gl/maps/NZCFPwVkFFf14cR67 > > > On Thu, 8 Jul 2021 at 14:16, Sallee, Jake via PacketFence-users < > packetfence-users@lists.sourceforge.net<mailto: > packetfence-users@lists.sourceforge.net>> wrote: > > you might want to check /usr/local/pg/logs for the file > httpd.portal.access and look for the string rfc7710 in there? > > First, thank you for the effort but I didn't see anything in the logs > about rfc7710. But, I have not enabled debugging in the logs yet so there > is still hope. > > Quick question though, currently we do not use PF for our DHCP (even for > registration or isolation). With that in mind would the info you mention > still show up in the logs? > > Jake Sallee > Godfather of Bandwidth > System Engineer and Security Specialist > University of Mary Hardin-Baylor > WWW.UMHB.EDU<http://WWW.UMHB.EDU> > > 900 College St. > Belton, Texas > 76513 > > Fone: 254-295-4658 > Phax: 254-295-4221 > > ________________________________________ > From: Diego García del Río <dgar...@mediatel.com.ar<mailto: > dgar...@mediatel.com.ar>> > Sent: Wednesday, July 7, 2021 5:47 PM > To: packetfence-users@lists.sourceforge.net<mailto: > packetfence-users@lists.sourceforge.net> > Cc: Sallee, Jake > Subject: Re: [PacketFence-users] Captive Portal Issue on Mobile Devices > > EXTERNAL Exercise Caution > you might want to check /usr/local/pg/logs for the file > httpd.portal.access and look for the string rfc7710 in there... > > (and sorry, its RFC 7710bis, not 7720bis) > > Diego Garcia del Rio | CTO | Mediatel S.A. | Tel: +54 11 5218 0463 (x103) > | Cel: +54 9 11 4530-4697 | www.mediatel.com.ar<http://www.mediatel.com.ar > ><http://www.mediatel.com.ar/> | Juan Carlos Cruz 2360 – 4B (1636), > Vicente López, Buenos Aires, Argentina | > https://goo.gl/maps/NZCFPwVkFFf14cR67 > > > On Wed, 7 Jul 2021 at 19:45, Diego García del Río <dgar...@mediatel.com.ar > <mailto:dgar...@mediatel.com.ar><mailto:dgar...@mediatel.com.ar<mailto: > dgar...@mediatel.com.ar>>> wrote: > Hi.. I asume you're running your portal on https? release 10.2 had > introduced dhcp-based portal discovery (RFC 7720bis support) and apple > devices, most of which should be running a 2020 or newer os, should support > it. if you can capture traffic on the portal interface on your cluster, you > should see that the url for packetfence should be returned in a dhcp option > (that finishes in "/rfc7710"). I believe the logs might show it (but only > maybe in debug level) > > the clients then query that url. Can you check if the proper, > load-balanced url is being returned? > > somehow maybe the device is failing to contact the /rfc7710 endpoint or > something, like the client being authenticated is being returned and thus > the apple device think its logged in? > > its a wild guess.. but it would be one option why you see this on apple > devices. > > (newer windows releases should support it as well, but not 100% sure when > /what release it would be). Android 11 also added support, but of course, > there you have a much more fragmented ecosystem and i haven't seen > non-google devices implementing it yet. > > > > > Diego Garcia del Rio | CTO | Mediatel S.A. | Tel: +54 11 5218 0463 (x103) > | Cel: +54 9 11 4530-4697 | www.mediatel.com.ar<http://www.mediatel.com.ar > ><http://www.mediatel.com.ar/> | Juan Carlos Cruz 2360 – 4B (1636), > Vicente López, Buenos Aires, Argentina | > https://goo.gl/maps/NZCFPwVkFFf14cR67 > > > On Wed, 7 Jul 2021 at 18:35, Sallee, Jake via PacketFence-users < > packetfence-users@lists.sourceforge.net<mailto: > packetfence-users@lists.sourceforge.net><mailto: > packetfence-users@lists.sourceforge.net<mailto: > packetfence-users@lists.sourceforge.net>>> wrote: > Hello all! > > This is a strange one and I hope someone out there has faced this demon > before and can help. > > We are running PF 10.3 (with latest maintenance patches) in a 3 node > cluster. > > TLDR: Captive portal issues on iPhones and some mobile devices, cant find > any reason in the logs as to why it would be happening. Started happening > out of the blue, updated to 10.3 and applied all patches but nothing helped. > > Long version: > > The issue seems to be centered around WiFi on iPhones and some mobile > computers (laptops, tables, etc) where some are Apple products and some are > not. Android phones seem not to be affected. > > When an unregistered endpoint is assigned an IP in the registration > network the device notices the captive portal and tries to open a browser > window to facilitate the registration process. > > However this is where things begin to go wrong. > > Some of the time the page does not load at all, after a brief wait of > perhaps 7 seconds, the mobile browser generates an error saying the page > cannot be loaded. When the error is dismissed the browser automatically > closes and the user is dumped to the home screen on their device. > > Sometimes it does load but the custom logo is not displayed (loads a > broken jpg). Sometimes the page loads as plain text and no CSS. > > If the page does load enough for the user to accept the AUP and fill out > the registration form. When the user submits the form, however the same > browser error is displayed and the user id bounced out of the browser app. > > If the error occurs AFTER submitting the registration form, the device > still shows as unregistered in PF. However, if the user rejoins the > network the captive portal page will be presented but it will be the > enabling access page with the progress bar (and a still broken jpg). > Interestingly, the device will now show as registered in PF and will have > the correct role assigned. > > I have been scouring the logs and can?t seem to find any entries that > would point to a cause. Desktops and Laptops with full OS on them do not > seem to have the issue. > > Any help would be greatly appreciated. > > Jake Sallee > Godfather of Bandwidth > System Engineer and Security Specialist > University of Mary Hardin-Baylor > WWW.UMHB.EDU<http://WWW.UMHB.EDU><http://WWW.UMHB.EDU> > > 900 College St. > Belton, Texas > 76513 > > Fone: 254-295-4658 > Phax: 254-295-4221 > > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net<mailto: > PacketFence-users@lists.sourceforge.net><mailto: > PacketFence-users@lists.sourceforge.net<mailto: > PacketFence-users@lists.sourceforge.net>> > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net<mailto: > PacketFence-users@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users