Re: [pfSense Support] Public ip bgp routing
Hello, On Mon, Oct 19, 2009 at 19:45, Nathan Eisenberg nat...@atlasnetworks.us wrote: But the BGP implementation in PFSense needs further development - the web interface for it has bugs, and I'm not sure if the daemon recognizes iBGP vs eBGP (same AS# vs external), or public AS numbers vs Private. Route reflectors are also incredibly useful in the BGP world - and they're nowhere to be found in the implementation. OpenBGPd knows all of it, the pfsense gui supports them in the raw config-mode (but you need to read bgpd.conf(5)). And what good is a border gateway protocol (BGP) without an internal gateway protocol (IGP) to manage the internal routing? And no, RIP doesn't count as an IGP these days. :-) OpenOSPF is on my task-/wishlist... -Aarno -- Aarno Aukia Atrila GmbH Switzerland - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Login with email address + curl don't work in local
This message is the same than :
http://forum.pfsense.org/index.php/topic,19926.0.html
Hi pfSense users!
I'm new to pfSense and want to customize the captive portal. I want it to do
a simple thing: users on the LAN are redirected to the captive portal which
ask them for their email address. If the address is valid, they are
logged-in, else a message warn them of invalid email address.
I created login.php, a simple form which auto-post $PORTAL_REDIRURL$ and
$PORTAL_ACTION$ (they are not replaced in another php-only page).
It seems that I cannot execute php script more than ~200 bytes long in
login.php: the start of them is interpreted, and after a certain point,
script content is outputed as-is in the html source. It's why it splitted
the code into 2 php files:
form name=login_form method=post action=captiveportal-login.php
input type=hidden name=portal_redirurl
value=$PORTAL_REDIRURL$
input type=hidden name=portal_action
value=$PORTAL_ACTION$
input type=submit
/form
script language=JavaScript
login_form.submit();
/script
I want the second file, *captiveportal-login.php* to ask for the email
address, and connect as a defined user (ie: guest). I think the better way
to do this is that the script itself check email address and post to
$PORTAL_ACTION$.
Here is the simplified code of *captiveportal-login.php*:
if (!isset($_POST[email]))
{
showLoginForm($portal_action, $portal_redirurl);
die();
}
// Got a mail address
$email = trim($_POST[email]);
// If email if invalid, shows a failure message
if (!validEmail($email))
{
showLoginForm($portal_action, $portal_redirurl, 'HTMLThe mail you
entered is invalid!');
die();
}
// Got a valid email, post user and password to the portal login form
//*
echo server respond: . Post($portal_action ,
auth_user=guestauth_pass=passw0rdredirurl=$portal_redirurlaccept=Continue);
//**
/**
Validate an email address.
Provide email address (raw input)
Returns true if the email address has the email
address format and the domain exists.
*/
function validEmail($email)
{
[... check email and set result in $isValid]
return $isValid;
}
/**
* Shows the login form
*/
function showLoginForm($portal_action, $portal_redirurl, $message = )
{
echo '
h2Login/h2
p
Please enter your email address to log-in to the portal.br /
b' . $message . '/b
/p
p
form method=POST action=captiveportal-login.php
Email address:
input type=text name=email
input type=hidden name=portal_action value=' .
$portal_action . '
input type=hidden name=portal_redirurl value=' .
$portal_redirurl . '
input type=submit value=Connect
/form
/p';
}
/**
* POST content to a page
*/
function Post($url, $post)
{
$ch = curl_init($url);
curl_setopt ($ch, CURLOPT_POST, 1);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
$result = curl_exec ($ch);
curl_close ($ch);
return $result;
}
?
My problem come from the Post function: I tried curl, fopen, readfile,
exec(curl)... It can post to and get the response from an external page, but
when I try getting $PORTAL_ACTION$ (for me *http://1.2.3.4:8000*) I get an
error saying that the destination is unreacheable or a timeout, or simply
nothing (instead exec('ls') shows me a result).
Do you think this code is the best way to do email-authentification?
Do you know why curl sucks so much in local?
Thanks for your help !
Re: [pfSense Support] Filter Rules for OpenVPN connections
Andreas Fuchs wrote: I upgraded to 1.2.3 RC3 today. I'm now able to crate an interface on my tun1 for the OpenVPN, after a reboot the coneection is working. But the filter rules don't work. Based on the description i set the interface to a bridging interface to my LAN, but that way the network connection works but a deny everithing rule does not work nor log something. Don't do that. Then i changed the interface to non bridging with an ip of 192.168.15.1 (which is the ip of tun1) also here network connection is fine, but filter rules don't work. Don't do that either. :-) What am i doeing worng? Save/apply at each step where needed. #1: Go to system advanced, check Disable all auto-added vpn rules #2: Manually add in rules on WAN to allow your VPN peers to connect to the appropriate ports #3: Assign OpenVPN interface as an OPT #4: Enable this opt interface, rename if you want, and put 'none' in for the IP #5: Add your firewall rules to the OPT interface tab That should do the trick. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] traffic shaper multiwan
Hi, I have traffic shaper issue (that will be for the most of us). I have one SDSL 1/1mbit, and one VDSL PPPoE connection (as thus, this is the WAN, and the SDSL being the OPT1). When using the traffic shaper wizard, and defining the SDSL (OPT1) as being 1024/1024 - it also shapes my VDSL to a 1024/1024 channel... which is not my intention ofcourse ! Is there a way to circumvent this, by modifying some parameters ? I already asked a question (some time ago) for manually adding shaping-rules, and someone implied by using the full URL that you get after the wizard... but this just tumbles me into the wizard again :) I am using the SDSL mainly for terminal-server traffic, and due to the fixed ip-adress, as an SMTP server as well... so I want to lower the needed speed of my SMTP server to a 256/256 (or something). Any clues someone... or is this also a 2.0 related matter :) (then I will have patience) Kind regards, Michel - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Public ip bgp routing
Nathan, Your in seattle? HAve you setup BGP on pfsense? -chris flugstad Nathan Eisenberg wrote: -Original Message- From: Aarno Aukia [mailto:aarnoau...@gmail.com] Sent: Tuesday, October 20, 2009 12:24 AM To: support@pfsense.com Subject: Re: [pfSense Support] Public ip bgp routing Hello, OpenOSPF is on my task-/wishlist... -Aarno -- Aarno Aukia Atrila GmbH Switzerland Then you are my new favorite person. Once implemented, you will have a free beer anytime you visit Seattle, USA. :-) Best Regards, Nathan Eisenberg - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
