RE: [pfSense Support] Captive Portal RADIUS authentication - "Authentication error - Username and/or password invalid"

[Tancinco, Jon]

Secret key works under m0n0wall and the same key is used in pfSense.
Not sure what you mean about the IP of the NAS.

 

Thanks for your help!

 

 

Jon

 

From: Michael Vinocur [mailto:michaelvino...@hotmail.com] 
Sent: Wednesday, December 09, 2009 2:28 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Captive Portal RADIUS authentication -
"Authentication error - Username and/or password invalid"

 

Could be the secret key or check is you added the IP of the NAS.

 

Mike

 

From: Tancinco, Jon   

Sent: Wednesday, December 09, 2009 11:37 AM

To: support@pfsense.com 

Subject: [pfSense Support] Captive Portal RADIUS authentication -
"Authentication error - Username and/or password invalid"

 

Same error on Versions 1.2.2 and 1.2.3


Using the pfSense Captive Portal. I am getting the "Authentication error
- Username and/or password invalid." message when trying to
authenticate. The password is correctly submitted, but get the error
everytime. RADIUS server reports incorrect password. Using m0n0wall,
Captive Portal and RADIUS authentication works with no problems using
the same username, password and RADIUS server.

Any help would be appreciated.

 

 

 

 

Jon

 

Re: [pfSense Support] Captive Portal RADIUS authentication - "Authentication error - Username and/or password invalid"

[Michael Vinocur]

Could be the secret key or check is you added the IP of the NAS.

Mike


From: Tancinco, Jon 
Sent: Wednesday, December 09, 2009 11:37 AM
To: support@pfsense.com 
Subject: [pfSense Support] Captive Portal RADIUS authentication - 
"Authentication error - Username and/or password invalid"


Same error on Versions 1.2.2 and 1.2.3


Using the pfSense Captive Portal. I am getting the "Authentication error - 
Username and/or password invalid." message when trying to authenticate. The 
password is correctly submitted, but get the error everytime. RADIUS server 
reports incorrect password. Using m0n0wall, Captive Portal and RADIUS 
authentication works with no problems using the same username, password and 
RADIUS server.

Any help would be appreciated.

 

 

 

 

Jon

 

[pfSense Support] Captive Portal RADIUS authentication - "Authentication error - Username and/or password invalid"

[Tancinco, Jon]

Same error on Versions 1.2.2 and 1.2.3


Using the pfSense Captive Portal. I am getting the "Authentication error
- Username and/or password invalid." message when trying to
authenticate. The password is correctly submitted, but get the error
everytime. RADIUS server reports incorrect password. Using m0n0wall,
Captive Portal and RADIUS authentication works with no problems using
the same username, password and RADIUS server.

Any help would be appreciated.

 

 

 

 

Jon

 

Re: [pfSense Support] 1.2.3-RC3 PPPoE

[RB]

On 2009-12-09, Jim Pingle  wrote:
> Are you sure that your DSL link is solid and noise-free? I have seen
> cases where routers would sign on but could not pass traffic and it
> turned out to be a weak DSL signal. Does this same line work with any
> other router?

It works with the same physical setup and 1.2.3-RC1 but not 1.2.3-RC3.

> As Ermal said, posting the full log might help, even if you don't see
> anything out of the ordinary. Some other info that would be helpful
> would be the output of "ifconfig -a" and "netstat -rn" while connected.
> Perhaps also a traceroute to the next hop and DNS servers.

I made a special trip - log attached.  A check of my tcpdump
monitoring actually indicates that while ng0 does not see return
traffic, the physical interface (actually fxp3) does.  It's also
indicating that the return packets are 2 bytes larger than it expects
(86B versus 84B for ICMP to 4.2.2.2).


mpd.log
Description: Binary data
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] 1.2.3-RC3 PPPoE

[Jim Pingle]

On 12/9/2009 9:01 AM, RB wrote:
> On Wed, Dec 9, 2009 at 01:34, Ermal Luçi  wrote:
>> Please provide logs of mpd and explain more what you are trying to do and
>> how you are trying to achive it!
> 
> What I'm trying to achieve is awfully simple - with a fresh install of
> 1.2.3-RC3, I'm plugging a dumb Speedport ADSL modem in to one ethernet
> port (fxp1) and a switch into the other (fxp0).  After configuring
> pfSense with the right PPPoE credentials and _nothing else_, the WAN
> interface comes up with a valid IP from my ISP and proper-looking MPD
> logs (I'm running it from the CLI to be certain).  However, pinging my
> next hop or issuing requests to the outside DNS servers results in
> outbound traffic with no returns (monitoring with "tcpdump -s0 -vni "
> on fxp1 and ng0).  With 1.2.3-RC1, traffic flows smoothly.
> 
> I don't have logs with me because the system is down, inaccessible due to 
> this.

I've been using 1.2.3 snapshots on my pfSense router at home, and at
customer sites, from RC1 through RC3 (and the release images that are
pending right now even) and I haven't had any trouble, either on AT&T
DSL or Verizon DSL both using PPPoE.

Are you sure that your DSL link is solid and noise-free? I have seen
cases where routers would sign on but could not pass traffic and it
turned out to be a weak DSL signal. Does this same line work with any
other router?

As Ermal said, posting the full log might help, even if you don't see
anything out of the ordinary. Some other info that would be helpful
would be the output of "ifconfig -a" and "netstat -rn" while connected.
Perhaps also a traceroute to the next hop and DNS servers.

Jim

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] 1.2.3-RC3 PPPoE

[Ermal Luçi]

On Wed, Dec 9, 2009 at 3:01 PM, RB  wrote:

> On Wed, Dec 9, 2009 at 01:34, Ermal Luçi  wrote:
> > Please provide logs of mpd and explain more what you are trying to do and
> > how you are trying to achive it!
>
> What I'm trying to achieve is awfully simple - with a fresh install of
> 1.2.3-RC3, I'm plugging a dumb Speedport ADSL modem in to one ethernet
> port (fxp1) and a switch into the other (fxp0).  After configuring
> pfSense with the right PPPoE credentials and _nothing else_, the WAN
> interface comes up with a valid IP from my ISP and proper-looking MPD
> logs (I'm running it from the CLI to be certain).  However, pinging my
> next hop or issuing requests to the outside DNS servers results in
> outbound traffic with no returns (monitoring with "tcpdump -s0 -vni "
> on fxp1 and ng0).  With 1.2.3-RC1, traffic flows smoothly.
>
> I don't have logs with me because the system is down, inaccessible due to
> this.
>
>
> Sorry but without any logging other suggestions would be a jump in crystal
ball.


-- 
Ermal

Re: [pfSense Support] 1.2.3-RC3 PPPoE

[RB]

On Wed, Dec 9, 2009 at 01:34, Ermal Luçi  wrote:
> Please provide logs of mpd and explain more what you are trying to do and
> how you are trying to achive it!

What I'm trying to achieve is awfully simple - with a fresh install of
1.2.3-RC3, I'm plugging a dumb Speedport ADSL modem in to one ethernet
port (fxp1) and a switch into the other (fxp0).  After configuring
pfSense with the right PPPoE credentials and _nothing else_, the WAN
interface comes up with a valid IP from my ISP and proper-looking MPD
logs (I'm running it from the CLI to be certain).  However, pinging my
next hop or issuing requests to the outside DNS servers results in
outbound traffic with no returns (monitoring with "tcpdump -s0 -vni "
on fxp1 and ng0).  With 1.2.3-RC1, traffic flows smoothly.

I don't have logs with me because the system is down, inaccessible due to this.

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] a pfSense/radius/paypal captive portal solution

[Michael Vinocur]

The captive portal within PFSENSE supports authenticating against an external 
radius server; I had to set it up on a separate machine running centos. Once 
that is done I use a web base program called daloeadius @ www.daloradius.com to 
add/remove users an NAS's. Daloradius says it has an integrated billing feature 
thru paypal, and although I do see it under the billing option I have not used 
it.

Mike


From: Ermal Luçi 
Sent: Wednesday, December 09, 2009 7:15 AM
To: support@pfsense.com 
Subject: Re: [pfSense Support] a pfSense/radius/paypal captive portal solution


I did not understand you question throughly but if you are asking about 
integrating CP with paypal i think only a sponsored work will
achieve this.


On Wed, Dec 9, 2009 at 12:40 PM, Christoph Fahle  wrote:

  My dearest PF Sense Support Mailinglist, 

  I have some things I want to achieve with the help of PF Sense and I am not 
quite sure if this a) make sense and b) is possible with our technical set up. 
Nevertheless I am also looking for somebody that could help us with further 
developing a package for pf sense and open sourcing it, if that would help our 
needs. But anyway, let's get started: 

  We do run a coworking space in berlin (www.betahaus.de) wich host around 120 
coworkers and is running on a pfSense 1.2.2. as the heart of the Wifi and Lan 
infrastructur. We basically do only have Wifi APs from Linksys (WRT 54 GL) 
running on OpenWRT. Our Users book their plan (weekly, monthly or part time 
desks) via paypal subscription or handish (they just pay cash)

  To ease up usermanagement and billing issues, we would love to have the 
following features:  


a.. a captive portal solution that prompts you to either authenticate or 
signup for a monthly plan on paypal or similar if you open your laptop and 
connect to the WLAN.  
b.. an API that hand over Ids of users that are logged on , e.g. are 
situated inside the coworking space, so that you can check out how is present 
(of course only if the agreed earlier!) 
c.. an API that hands over some activity data to play around with on our 
external website (e.g. total users online, location of users inside the 
building/access point wise, downstream, upstream, anonymous voip traffic, 
whatever makes sense,) 
  With my knowledge which is limited it seems that for the furst bullet point 
we just need to make a radius server check with paypal if the users has paid 
his plan and at what schedule he is allowed to work at our coworking space. the 
rest is done by the captive portal function of the pfsense, I guess. But still 
I am not an expert and maybe there are smarter ways to conduct what I have in 
mind. 


  I would be very glad to get some hints into the right direction and would be 
happy if we could get closer to a good solution. 


  I you happen to be in Berlin anyway just pass by betahaus at Moritzplatz to 
have a chat about it. We are open all day and serve good coffee... ;)


  Cheers


  Christoph










-- 
Ermal

Re: [pfSense Support] ipsec vpn with overlapping LAN networks

[Paul Mansfield]

you'll have to renumber, or some some horrendous bodging with multiple
nat boxes at both sites which will cause more pain!

meanwhile, a message from 13 years ago in rfc1918.

http://www.faqs.org/rfcs/rfc1918.html

"If two (or more) organizations follow the address allocation
   specified in this document and then later wish to establish IP
   connectivity with each other, then there is a risk that address
   uniqueness would be violated.
To minimize the risk it is strongly
   recommended that an organization using private IP addresses choose
   randomly from the reserved pool of private addresses, when allocating
   sub-blocks for its internal allocation.
"

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] a pfSense/radius/paypal captive portal solution

[Ermal Luçi]

I did not understand you question throughly but if you are asking about
integrating CP with paypal i think only a sponsored work will
achieve this.

On Wed, Dec 9, 2009 at 12:40 PM, Christoph Fahle wrote:

> My dearest PF Sense Support Mailinglist,
>
> I have some things I want to achieve with the help of PF Sense and I am not
> quite sure if this a) make sense and b) is possible with our technical set
> up. Nevertheless I am also looking for somebody that could help us with
> further developing a package for pf sense and open sourcing it, if that
> would help our needs. But anyway, let's get started:
>
> We do run a coworking space in berlin (www.betahaus.de) wich host around
> 120 coworkers and is running on a pfSense 1.2.2. as the heart of the Wifi
> and Lan infrastructur. We basically do only have Wifi APs from Linksys (WRT
> 54 GL) running on OpenWRT. Our Users book their plan (weekly, monthly or
> part time desks) via paypal subscription or handish (they just pay cash)
>
> To ease up usermanagement and billing issues, we would love to have the
> following features:
>
>
>- a captive portal solution that prompts you to either authenticate or
>signup for a monthly plan on paypal or similar if you open your laptop and
>connect to the WLAN.
>- an API that hand over Ids of users that are logged on , e.g. are
>situated inside the coworking space, so that you can check out how is
>present (of course only if the agreed earlier!)
>- an API that hands over some activity data to play around with on our
>external website (e.g. total users online, location of users inside the
>building/access point wise, downstream, upstream, anonymous voip traffic,
>whatever makes sense,)
>
> With my knowledge which is limited it seems that for the furst bullet point
> we just need to make a radius server check with paypal if the users has paid
> his plan and at what schedule he is allowed to work at our coworking space.
> the rest is done by the captive portal function of the pfsense, I guess. But
> still I am not an expert and maybe there are smarter ways to conduct what I
> have in mind.
>
> I would be very glad to get some hints into the right direction and would
> be happy if we could get closer to a good solution.
>
> I you happen to be in Berlin anyway just pass by betahaus at Moritzplatz to
> have a chat about it. We are open all day and serve good coffee... ;)
>
> Cheers
>
> Christoph
>
>
>
>
>
>


-- 
Ermal

[pfSense Support] a pfSense/radius/paypal captive portal solution

[Christoph Fahle]

My dearest PF Sense Support Mailinglist,

I have some things I want to achieve with the help of PF Sense and I am not
quite sure if this a) make sense and b) is possible with our technical set
up. Nevertheless I am also looking for somebody that could help us with
further developing a package for pf sense and open sourcing it, if that
would help our needs. But anyway, let's get started:

We do run a coworking space in berlin (www.betahaus.de) wich host around 120
coworkers and is running on a pfSense 1.2.2. as the heart of the Wifi and
Lan infrastructur. We basically do only have Wifi APs from Linksys (WRT 54
GL) running on OpenWRT. Our Users book their plan (weekly, monthly or part
time desks) via paypal subscription or handish (they just pay cash)

To ease up usermanagement and billing issues, we would love to have the
following features:


   - a captive portal solution that prompts you to either authenticate or
   signup for a monthly plan on paypal or similar if you open your laptop and
   connect to the WLAN.
   - an API that hand over Ids of users that are logged on , e.g. are
   situated inside the coworking space, so that you can check out how is
   present (of course only if the agreed earlier!)
   - an API that hands over some activity data to play around with on our
   external website (e.g. total users online, location of users inside the
   building/access point wise, downstream, upstream, anonymous voip traffic,
   whatever makes sense,)

With my knowledge which is limited it seems that for the furst bullet point
we just need to make a radius server check with paypal if the users has paid
his plan and at what schedule he is allowed to work at our coworking space.
the rest is done by the captive portal function of the pfsense, I guess. But
still I am not an expert and maybe there are smarter ways to conduct what I
have in mind.

I would be very glad to get some hints into the right direction and would be
happy if we could get closer to a good solution.

I you happen to be in Berlin anyway just pass by betahaus at Moritzplatz to
have a chat about it. We are open all day and serve good coffee... ;)

Cheers

Christoph

Re: [pfSense Support] 1.2.3-RC3 PPPoE

[Ermal Luçi]

On Wed, Dec 9, 2009 at 8:58 AM, RB  wrote:

> I've been fighting a losing battle with an update from 1.2.3-RC1 to
> 1.2.3-RC3 and am at the end of my options.  This also exhibits in the
> 2.0-ALPHA-ALPHA 8.0-based snapshot I grabbed two days ago.
>
> With both an upgrade and a fresh install, when I configure a simple
> LAN + PPPoE WAN, the WAN negotiates and comes up with an appropriate
> address, but does not get return traffic.  I'm able to see outbound
> traffic on both the physical interface and the generated ng0
> interface, but nothing returns.  Last time I ran into something like
> this it was the tcpmssfix/ng_tcpmss.ko stuff
> (http://forum.pfsense.org/index.php/topic,17644.0.html).  Although not
> precisely the same (mpd isn't dying), I saw the same thing then -
> packets pass outbound but the returns get dropped somewhere.
>
> Suggestions?  A fresh 1.2.3-RC1 install does not exhibit this behavior.
>
> Please provide logs of mpd and explain more what you are trying to do and
how you are trying to achive it!


-- 
Ermal