subject:"\[pfSense Support\] captive portal"

[pfSense Support] captive portal

2005-07-29 Thread alan walters









Just was reviewing the captive portal implementation.

 

All the port forwards work great now but I don’t know
where the rules are being kept for the ip’s allowed section.

 

Checked out rules debug and they are not there???

 

Where do they live at the moment???

 

Regards

 

alan

[pfSense Support] captive portal

2005-08-23 Thread Tobias Frank


Hello,

when trying to use the captive portal on 0.79 there is a strange thing.
Following ports work without authentication:
MySQL, smtp, ping, ssh, name. Others I didn´t check.
m0n0wall (1.2b9) doesn´t show this behaviour.
Is this a bug or a feature?

heres my configuration

212.x.x.x   192.168.0.x / 24192.168.1.x / 24
 --  --  ---
-| Router |--| FW |--| pfsense |-
 --  --  ---
(WAN - 192.168.0.129)   (LAN - 192.168.1.1)

I didn´t check the checkbox "block private networks" because one of the 
Mail-Servers has a private ip-address (192.168.99.x)


Another feature of m0n0wall which i think its very useful is the 
Reauthentication in current beta version.
So accounting works good for our use. Is it planned to integrate this 
feature in a future pfsense version?


Greeting from Munich

Tobias Frank


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Captive Portal

2006-07-27 Thread pablo hide

Hi.. how i can disable captive portal in RC1?
sorry for my english.

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Captive Portal

2007-03-03 Thread Fuchs, Martin

Hi !

I'm trying to use captive portal on ath0 interface...

WLAN-client gets dhcp-lease and everything bit cannot tonnect to any
network...

If i add the mac-adress to the captive portal it works wothout auth...

But i want auth for this client, so i remove the mac... but there does
not pop up any auth page...

When adding tcp 8000 from wlan-subnet to localhost there still is no
popup...

When looking to pfsense/status.php it looks like the rule for captive
portal is generated without the rule having added by hand (so as it
should be in the new version)

Can anyone affirm this or is there just something i have overseen ?

Greets, Martin !

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Captive Portal ?

2007-05-18 Thread David Strout

Now that I plowed through the VLAN issue.  I have
been presented with another config question.

Is there any way to have captive portal active on
multiple interfaces?

I dug through the mail lists and the forum, but it
seems that the answer is a resounding "no".  So
naturally the next question is ... is there any
plan to modify the captive portal to address
multiple interfaces?  I am sure it would be a
coding nightmare, but in retrospect, have been
presented with the question and seeing the value
in their request, it sure would be a nice feature
for a future release.

--
David L. Strout
Engineering Systems Plus, LLC




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Captive Portal

2008-03-21 Thread Dimitri Rodis

If I wanted to display a user's IP address AND MAC address on the
captive portal page, does anyone have a code snippet that would do that
on the pfSense captive portal page? Is this possible?

 

Basically, I want to make it really easy for someone to call us and have
us provision them for access, and if I am able to display that
information on the Captive Portal, I can just have them read it to me as
opposed to trying to step them through all of the hoops to get the mac
address.

 

Thanks,

 

Dimitri Rodis

Integrita Systems LLC

[pfSense Support] captive portal

2010-08-25 Thread Hans Maes


Hi,

I'm running a few (6 at the moment) pfsense 1.2.3-RELEASE boxes on a 
rather large scale wireless network, as border routers and firewalls 
between the internet uplinks and the rest of the network. (network 
background info: +600 subnets, +150 router nodes, 6 internet uplinks, 
about 1000 unique mac-address clients per 24h, www.wirelessbelgie.be , 
non-profit organisation running on volunteers )


The traffic shaper is active on the pfsense boxes to allow different 
internet speeds to different subnets on the network.
I'm currently using very large alias lists to manage the +600 private 
subnets in the traffic shaper.


We are currently looking at switching to a captive portal + traffic 
shaper + freeradius, so we can set speeds based on user/pass combination 
in stead of IP subnet.
Tests are successful up till now, and we are going to switch this into 
production pretty soon.


However, I have one problem:
The network contains a lot of 'dumb' devices (ipcams, sound encoders, 
serial2ip, ...) which also need internet access, but have no clue on how 
to log in to the captive portal.


I cannot use mac-authentication with the captive portal and the radius 
server because there are routers in between the pfsense boxes and the 
devices.


From what I see now the only way to allow these devices access to the 
internet is to add them to the "Allowed IP" list in the captive portal.
But managing this list seperately on every box would be a lot of work. I 
would prefer to use an alias containing all my allowed ip's which I can 
then update through the "fetch alias list from url" package.



First Question: Is there any way to use aliases in the captive "Allowed 
IP" list, or to automate managing this list in any way ? (maybe some 
radius attribute I don't know about?)


Second question: Are the devices in the "allowed list" allowed to pass 
through the captive portal right away, or do they need to open an HTTP 
connection first to 'trigger' the captive portal logic ?


Third Question: I'm currently running 1.2.3 but switching to 2.0 would 
be possible, if this would help me in this situation. What would you 
guys recommend for this situation, 1.2.3 or 2.0 ?


Thanks!

Regards,

Hans

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

[pfSense Support] Captive Portal

2010-10-08 Thread Atkins, Dwane P

We are wondering if there is any information available that explains in detail 
how the Captive Portal on pfsense works?  We know it's function, but we are 
wondering what is happening behind the scene?

Any documentation would be nice.

Thank you

Dwane

Re: [pfSense Support] captive portal

2005-07-11 Thread Scott Ullrich

Can you plaese file a ticket?

On 7/11/05, alan walters <[EMAIL PROTECTED]> wrote:
>  
>  
> 
> Allow ip addresses does not seem to be functioning on 0.68.10 in the captive
> portal 
>  
> 
> --
>  No virus found in this outgoing message.
>  Checked by AVG Anti-Virus.
>  Version: 7.0.323 / Virus Database: 267.8.11/45 - Release Date: 09/07/2005
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Captive Portal Question :-)

2005-07-28 Thread James Mellor


Hi pfSense,

I'm using m0n0wall and have recently found pfSense by googling and was 
wondering if it suffered the same captive portal radius authentication 
with per-user bandwidth issues ?


I would like to setup a captive portal with radius authentication, which 
m0n0wall or pfSense can do but I am hoping to implement per-user 
bandwidth control, could someone please tell me if this works fine on 
the latest version of pfSense as if it does I'll ditch m0n0wall and use 
pfSense :-)



Cheers, James...




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] captive portal

2005-07-29 Thread Scott Ullrich

They are kept in pf tables.   The table in question is captiveportal.

Try this command at a command prompt after you have some ppl auth'd:

pfctl -t captiveportal -T show

Scott


On 7/29/05, alan walters <[EMAIL PROTECTED]> wrote:
>  
>  
> 
> Just was reviewing the captive portal implementation. 
> 
>   
> 
> All the port forwards work great now but I don't know where the rules are
> being kept for the ip's allowed section. 
> 
>   
> 
> Checked out rules debug and they are not there??? 
> 
>   
> 
> Where do they live at the moment??? 
> 
>   
> 
> Regards 
> 
>   
> 
> alan

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] captive portal

2005-07-29 Thread alan walters

They are kept in pf tables.   The table in question is captiveportal.

Try this command at a command prompt after you have some ppl auth'd:

pfctl -t captiveportal -T show

Scott

Ok the allowed ip addresses are in that table, but what I really wanted 
Was the rule that was being applied to the captive portal for allowed ip
addresses and active clients.

I had a problem before where some clients are connected through a
wireless repeater and the mac address is the same for each client. Even
though there ip address is different.

Can you show me how to find the rule or just let me know what it is.
Should this Mac addresses issue really be a problem with captive portal
and allowed IP addresses.

Thanks

alan

On 7/29/05, alan walters <[EMAIL PROTECTED]> wrote:
>  
>  
> 
> Just was reviewing the captive portal implementation. 
> 
>   
> 
> All the port forwards work great now but I don't know where the rules
are
> being kept for the ip's allowed section. 
> 
>   
> 
> Checked out rules debug and they are not there??? 
> 
>   
> 
> Where do they live at the moment??? 
> 
>   
> 
> Regards 
> 
>   
> 
> alan

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] captive portal

2005-07-29 Thread Scott Ullrich

On 7/29/05, alan walters <[EMAIL PROTECTED]> wrote:
> Ok the allowed ip addresses are in that table, but what I really wanted
> Was the rule that was being applied to the captive portal for allowed ip
> addresses and active clients.

# cat /tmp/rules.debug | grep captiveportal
no rdr on fxp2 proto tcp from  to any
table 
pass in on fxp2 from  to any keep state label "allow
captive portal authd users"
 
> I had a problem before where some clients are connected through a
> wireless repeater and the mac address is the same for each client. Even
> though there ip address is different.

Thats normal if the device is doing nat.
 
Scott

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] captive portal

2005-07-29 Thread alan walters


On 7/29/05, alan walters <[EMAIL PROTECTED]> wrote:
> Ok the allowed ip addresses are in that table, but what I really
wanted
> Was the rule that was being applied to the captive portal for allowed
ip
> addresses and active clients.

# cat /tmp/rules.debug | grep captiveportal
no rdr on fxp2 proto tcp from  to any
table 
pass in on fxp2 from  to any keep state label "allow
captive portal authd users"
 
ok thanks it looks ok for allowed IP's, is the rule the same for captive
portal clients that are being authenticated through the captive portal
or are they authenticated on there mac address

> I had a problem before where some clients are connected through a
> wireless repeater and the mac address is the same for each client.
Even
> though there ip address is different.

Thats normal if the device is doing nat.

No it is a bridge. Within the ip subnet but seems to nat or mask the mac
address. It sucks big time
 
Scott

alan


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] captive portal

2005-07-29 Thread Scott Ullrich

On 7/29/05, alan walters <[EMAIL PROTECTED]> wrote:
> ok thanks it looks ok for allowed IP's, is the rule the same for captive
> portal clients that are being authenticated through the captive portal
> or are they authenticated on there mac address

Yes

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] captive portal problems

2005-08-02 Thread alan walters









Have a couple of rules to
allow access to our webservers in the captive portal.

 

But when I make a rule to
allow all to this ip address it just returns to the
captive portal

Re: [pfSense Support] captive portal

2005-08-23 Thread Scott Ullrich

On 8/23/05, Tobias Frank <[EMAIL PROTECTED]> wrote:
> Hello,
> 
> when trying to use the captive portal on 0.79 there is a strange thing.
> Following ports work without authentication:
> MySQL, smtp, ping, ssh, name. Others I didn´t check.
> m0n0wall (1.2b9) doesn´t show this behaviour.
> Is this a bug or a feature?

That's rather strange.  It's not doing that here.   Can you send me
your config.xml to [EMAIL PROTECTED] (remove the passwrods).

> 
> heres my configuration
> 
> 212.x.x.x   192.168.0.x / 24192.168.1.x / 24
>   --  --  ---
> -| Router |--| FW |--| pfsense |-
>   --  --  ---
> (WAN - 192.168.0.129)   (LAN - 192.168.1.1)
> 
> I didn´t check the checkbox "block private networks" because one of the
> Mail-Servers has a private ip-address (192.168.99.x)
> 
> Another feature of m0n0wall which i think its very useful is the
> Reauthentication in current beta version.
> So accounting works good for our use. Is it planned to integrate this
> feature in a future pfsense version?

I thought we where pretty much in sync.   I'll take a look at it.

Scott

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] captive portal question?

2005-08-24 Thread Dan Swartzendruber



I was looking at the setup screen, and it doesn't look like it will 
let me pick the OPT1 interface (which is where my guest WLAN will 
come in on...)




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] captive portal

2005-08-25 Thread Scott Ullrich

I cannot reproduce this problem.  Can anyone else test?   Alan?

Scott


On 8/23/05, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> On 8/23/05, Tobias Frank <[EMAIL PROTECTED]> wrote:
> > Hello,
> >
> > when trying to use the captive portal on 0.79 there is a strange thing.
> > Following ports work without authentication:
> > MySQL, smtp, ping, ssh, name. Others I didn´t check.
> > m0n0wall (1.2b9) doesn´t show this behaviour.
> > Is this a bug or a feature?
> 
> That's rather strange.  It's not doing that here.   Can you send me
> your config.xml to [EMAIL PROTECTED] (remove the passwrods).
> 
> >
> > heres my configuration
> >
> > 212.x.x.x   192.168.0.x / 24192.168.1.x / 24
> >   --  --  ---
> > -| Router |--| FW |--| pfsense |-
> >   --  --  ---
> > (WAN - 192.168.0.129)   (LAN - 192.168.1.1)
> >
> > I didn´t check the checkbox "block private networks" because one of the
> > Mail-Servers has a private ip-address (192.168.99.x)
> >
> > Another feature of m0n0wall which i think its very useful is the
> > Reauthentication in current beta version.
> > So accounting works good for our use. Is it planned to integrate this
> > feature in a future pfsense version?
> 
> I thought we where pretty much in sync.   I'll take a look at it.
> 
> Scott
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] captive portal

2005-08-25 Thread Bill Marquette

I noticed this behaviour this morning.  https didn't work, http sent
me to the login page, but ping worked (usually) and I could SSH
through the firewall.  Oddly, last night after I setup CP, it worked
as intended.

--Bill

On 8/23/05, Tobias Frank <[EMAIL PROTECTED]> wrote:
> Hello,
> 
> when trying to use the captive portal on 0.79 there is a strange thing.
> Following ports work without authentication:
> MySQL, smtp, ping, ssh, name. Others I didn´t check.
> m0n0wall (1.2b9) doesn´t show this behaviour.
> Is this a bug or a feature?
> 
> heres my configuration
> 
> 212.x.x.x   192.168.0.x / 24192.168.1.x / 24
>   --  --  ---
> -| Router |--| FW |--| pfsense |-
>   --  --  ---
> (WAN - 192.168.0.129)   (LAN - 192.168.1.1)
> 
> I didn´t check the checkbox "block private networks" because one of the
> Mail-Servers has a private ip-address (192.168.99.x)
> 
> Another feature of m0n0wall which i think its very useful is the
> Reauthentication in current beta version.
> So accounting works good for our use. Is it planned to integrate this
> feature in a future pfsense version?
> 
> Greeting from Munich
> 
> Tobias Frank
> 
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Captive portal broken?

2005-08-25 Thread Dan Swartzendruber



Well, it doesn't seem to work at all.  Here's what I'm seeing:

1.  I'm allowed to pass whatever traffic I feel like before being 
authenticated.


2.  When I launch the browser, and see the default pfsense captive 
portal page, typing an invalid user or password gives no indication 
of an error.




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] captive portal

2005-08-25 Thread Bill Marquette

Uhhh...duh, I had a rule on the CP interface that allowed all.  That
test box is currently powered off, but I pretty much promise that was
the issue (at least for me).  It's too late tonight, long day at work,
but I'll confirm this tomorrow after pulling down the latest firmware
which fixes the redirect placement (which didn't affect me) and
contains a few fixes for some other stuff I'm working on.

--Bill

On 8/25/05, Bill Marquette <[EMAIL PROTECTED]> wrote:
> I noticed this behaviour this morning.  https didn't work, http sent
> me to the login page, but ping worked (usually) and I could SSH
> through the firewall.  Oddly, last night after I setup CP, it worked
> as intended.
> 
> --Bill
> 
> On 8/23/05, Tobias Frank <[EMAIL PROTECTED]> wrote:
> > Hello,
> >
> > when trying to use the captive portal on 0.79 there is a strange thing.
> > Following ports work without authentication:
> > MySQL, smtp, ping, ssh, name. Others I didn´t check.
> > m0n0wall (1.2b9) doesn´t show this behaviour.
> > Is this a bug or a feature?
> >
> > heres my configuration
> >
> > 212.x.x.x   192.168.0.x / 24192.168.1.x / 24
> >   --  --  ---
> > -| Router |--| FW |--| pfsense |-
> >   --  --  ---
> > (WAN - 192.168.0.129)   (LAN - 192.168.1.1)
> >
> > I didn´t check the checkbox "block private networks" because one of the
> > Mail-Servers has a private ip-address (192.168.99.x)
> >
> > Another feature of m0n0wall which i think its very useful is the
> > Reauthentication in current beta version.
> > So accounting works good for our use. Is it planned to integrate this
> > feature in a future pfsense version?
> >
> > Greeting from Munich
> >
> > Tobias Frank
> >
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Captive portal update

2005-08-26 Thread Dan Swartzendruber



Running latest 80.4.  Part of my problem was a basic 
misunderstanding.  I had assumed that the portal would block access 
until you authenticated, so I left the default OPT1 => Any rule in I 
had before.  So... I removed it and now access is not allowed until I 
go through the portal page.  Still some issues though:


1. Even if I disconnect the session in the webGUI, pings can still get out.

2. Default portal page allows any username/password with no errors 
and allows access.


3. Once I disconnected the session, bringing up another browser 
window did not get me back into the portal page, and I was hosed...




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Captive Portal

2006-07-28 Thread pablo hide

Yes, but it gives me an error when I do it. Did
someone try it?

--- Gertjan KROEB <[EMAIL PROTECTED]> wrote:

> Euuuh,
> 
> How did you put it ON in the first place ?
> Use that to put it OFF.
> 
> More serious: You'll find your answer on the main
> web page -> Services -> Captive Portal :: the first
> selectable option named "Enable captive portal "-
> and Save (on the bottom of the page).


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Captive portal leak?

2006-10-20 Thread Roberto Greiner

Hi,I running a test on pfSense. I've added a single machine to the lan port, connected it, and configured Captive Portal to a 120 minutes hard timeout. sure enough, the user was disconnected. The problem is that the aplication I left running continued to communicate. The application is bittorrent sharing a Knoppix torrent.
-- --  --- | Marcos Roberto Greiner| |   | 
| Os otimistas acham que estamos no melhor dos mundos   | | Os pessimistas tem medo de que isto seja verdade  | | Murphy| 
 --- | [EMAIL PROTECTED]   |  ---

[pfSense Support] Captive portal leak?

2006-10-20 Thread Roberto Greiner

Sorry, the previous message was incomplete. Gmail usage inexperience :-(Hi,I running a test on pfSense. I've added a single machine to
the LAN port, and connected a user after configuring Captive Portal to a 120
minutes hard timeout. Sure enough, the user was disconnected after the timeout period. The
problem is that the aplication I left running on the client continued to communicate.
The application is bittorrent sharing a Knoppix torrent. The upload speed was about 170KB/sIs that the suposed behavior? Should Captive portal block all conections from the disconnected user or only new connections? The behavior I'm seeing indicates the second case. Is that correct?
Thank you,Marcos Roberto Greiner-- --  --- | Marcos Roberto Greiner| 
|   | 
| Os otimistas acham que estamos no melhor dos mundos   | | Os pessimistas tem medo de que isto seja verdade  | | Murphy| 
 --- | [EMAIL PROTECTED]
   |  ---

[pfSense Support] Captive Portal Limitations

2007-02-07 Thread Tim Roberts

I have setup 3 PFSense servers (P4-2.4GHZ, 512MB). All 3 run DHCP and give 
themselves out as a gateway. We have a small userbase of around 400 broadband 
connections. These 3 servers run the user base flawless now and only perform 
NAT with no rules. We would like to use captive portal to authenticate every 
user. We use FreeRadius and Rodopi Billing software. We cant "Idle" any 
connection nor "hard" time them out since they are paying 24x7 for service and 
many have voip. So that only leaves me to "re-uthenticate every 1 minute" in 
order to terminate a connection if the user falls out of RADIUS. We are runnig 
1.0.1

We set the "re-authenitcate every 1 minute" setting on a test box. It seems to 
work great with our own offices and a few guinne pigs.

#1: How many simultainious connections do you think this will support per 
server?
#2 Will adding a few Gig's of RAM help to increase any limitation on this?
#3 Is there any way to change it from 1 minute to 1 hour or 1 day? We only need 
it to "check back" with the client in case they are terminated in our billing 
system and fall out of RADIUS users file. That only happens at midnight when 
the billing system runs. Is there any file we can manually edit to temporarily 
hack this? Or does this make the load on the server worse by connection 
tracking? Sorry that was 3 in 1 :)

#4 I read many posts and saw the suggestion to hit monowall archives. I found 
only one detail of someone asking to make it support 50,000 connections which 
sounds silly. There was a mention in another post of 50 maxium 
re-authentication requests at one time until it was setup to thread the 
process. That was Oct. 2006, any update on that?

We have 6 PFSense gateway servers, 3 for clients, 3 for servers. We now have a 
120+ day uptime and not one single outage.Keep up the good work!

Tim Roberts

Re: [pfSense Support] Captive Portal

2007-03-03 Thread Scott Ullrich


On 3/3/07, Fuchs, Martin <[EMAIL PROTECTED]> wrote:

Hi !

I'm trying to use captive portal on ath0 interface...

WLAN-client gets dhcp-lease and everything bit cannot tonnect to any
network...

If i add the mac-adress to the captive portal it works wothout auth...

But i want auth for this client, so i remove the mac... but there does
not pop up any auth page...

When adding tcp 8000 from wlan-subnet to localhost there still is no
popup...

When looking to pfsense/status.php it looks like the rule for captive
portal is generated without the rule having added by hand (so as it
should be in the new version)

Can anyone affirm this or is there just something i have overseen ?

Greets, Martin !


If you are speaking of WPA then I just fixed that.   Please test a new
snapshot in a couple of hours.

Scott

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

AW: [pfSense Support] Captive Portal

2007-03-03 Thread Fuchs, Martin

Well, yes, it's wpa-2 aes :-)

Best work !!!

I'll check it !!!

Just tell me when, else I'll test it in 2 hours :-)

-Ursprüngliche Nachricht-
Von: Scott Ullrich [mailto:[EMAIL PROTECTED] 
Gesendet: Samstag, 3. März 2007 20:52
An: support@pfsense.com
Betreff: Re: [pfSense Support] Captive Portal

On 3/3/07, Fuchs, Martin <[EMAIL PROTECTED]> wrote:
> Hi !
>
> I'm trying to use captive portal on ath0 interface...
>
> WLAN-client gets dhcp-lease and everything bit cannot tonnect to any
> network...
>
> If i add the mac-adress to the captive portal it works wothout auth...
>
> But i want auth for this client, so i remove the mac... but there does
> not pop up any auth page...
>
> When adding tcp 8000 from wlan-subnet to localhost there still is no
> popup...
>
> When looking to pfsense/status.php it looks like the rule for captive
> portal is generated without the rule having added by hand (so as it
> should be in the new version)
>
> Can anyone affirm this or is there just something i have overseen ?
>
> Greets, Martin !

If you are speaking of WPA then I just fixed that.   Please test a new
snapshot in a couple of hours.

Scott

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

AW: [pfSense Support] Captive Portal

2007-03-03 Thread Holger Bauer

Just monitor the build dates. You need the next available build from now.

holger

-Ursprüngliche Nachricht-
Von: Fuchs, Martin [mailto:[EMAIL PROTECTED] 
Gesendet: Samstag, 3. März 2007 21:29
An: support@pfsense.com
Betreff: AW: [pfSense Support] Captive Portal

Well, yes, it's wpa-2 aes :-)

Best work !!!

I'll check it !!!

Just tell me when, else I'll test it in 2 hours :-)

-Ursprüngliche Nachricht-
Von: Scott Ullrich [mailto:[EMAIL PROTECTED] 
Gesendet: Samstag, 3. März 2007 20:52
An: support@pfsense.com
Betreff: Re: [pfSense Support] Captive Portal

On 3/3/07, Fuchs, Martin <[EMAIL PROTECTED]> wrote:
> Hi !
>
> I'm trying to use captive portal on ath0 interface...
>
> WLAN-client gets dhcp-lease and everything bit cannot tonnect to any
> network...
>
> If i add the mac-adress to the captive portal it works wothout auth...
>
> But i want auth for this client, so i remove the mac... but there does
> not pop up any auth page...
>
> When adding tcp 8000 from wlan-subnet to localhost there still is no
> popup...
>
> When looking to pfsense/status.php it looks like the rule for captive
> portal is generated without the rule having added by hand (so as it
> should be in the new version)
>
> Can anyone affirm this or is there just something i have overseen ?
>
> Greets, Martin !

If you are speaking of WPA then I just fixed that.   Please test a new
snapshot in a couple of hours.

Scott

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

AW: [pfSense Support] Captive Portal

2007-03-03 Thread Fuchs, Martin

Just started monitoring :-)

-Ursprüngliche Nachricht-
Von: Holger Bauer [mailto:[EMAIL PROTECTED] 
Gesendet: Samstag, 3. März 2007 21:39
An: support@pfsense.com
Betreff: AW: [pfSense Support] Captive Portal

Just monitor the build dates. You need the next available build from now.

holger

-Ursprüngliche Nachricht-
Von: Fuchs, Martin [mailto:[EMAIL PROTECTED] 
Gesendet: Samstag, 3. März 2007 21:29
An: support@pfsense.com
Betreff: AW: [pfSense Support] Captive Portal

Well, yes, it's wpa-2 aes :-)

Best work !!!

I'll check it !!!

Just tell me when, else I'll test it in 2 hours :-)

-Ursprüngliche Nachricht-
Von: Scott Ullrich [mailto:[EMAIL PROTECTED] 
Gesendet: Samstag, 3. März 2007 20:52
An: support@pfsense.com
Betreff: Re: [pfSense Support] Captive Portal

On 3/3/07, Fuchs, Martin <[EMAIL PROTECTED]> wrote:
> Hi !
>
> I'm trying to use captive portal on ath0 interface...
>
> WLAN-client gets dhcp-lease and everything bit cannot tonnect to any
> network...
>
> If i add the mac-adress to the captive portal it works wothout auth...
>
> But i want auth for this client, so i remove the mac... but there does
> not pop up any auth page...
>
> When adding tcp 8000 from wlan-subnet to localhost there still is no
> popup...
>
> When looking to pfsense/status.php it looks like the rule for captive
> portal is generated without the rule having added by hand (so as it
> should be in the new version)
>
> Can anyone affirm this or is there just something i have overseen ?
>
> Greets, Martin !

If you are speaking of WPA then I just fixed that.   Please test a new
snapshot in a couple of hours.

Scott

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

AW: [pfSense Support] Captive Portal

2007-03-04 Thread Fuchs, Martin

Hmmm, tried the latest snapshot... wpa2 does not seem to work with the captive 
portal until now... site cannot be found... :(

-Ursprüngliche Nachricht-
Von: Holger Bauer [mailto:[EMAIL PROTECTED] 
Gesendet: Samstag, 3. März 2007 21:39
An: support@pfsense.com
Betreff: AW: [pfSense Support] Captive Portal

Just monitor the build dates. You need the next available build from now.

holger

-Ursprüngliche Nachricht-
Von: Fuchs, Martin [mailto:[EMAIL PROTECTED] 
Gesendet: Samstag, 3. März 2007 21:29
An: support@pfsense.com
Betreff: AW: [pfSense Support] Captive Portal

Well, yes, it's wpa-2 aes :-)

Best work !!!

I'll check it !!!

Just tell me when, else I'll test it in 2 hours :-)

-Ursprüngliche Nachricht-
Von: Scott Ullrich [mailto:[EMAIL PROTECTED] 
Gesendet: Samstag, 3. März 2007 20:52
An: support@pfsense.com
Betreff: Re: [pfSense Support] Captive Portal

On 3/3/07, Fuchs, Martin <[EMAIL PROTECTED]> wrote:
> Hi !
>
> I'm trying to use captive portal on ath0 interface...
>
> WLAN-client gets dhcp-lease and everything bit cannot tonnect to any
> network...
>
> If i add the mac-adress to the captive portal it works wothout auth...
>
> But i want auth for this client, so i remove the mac... but there does
> not pop up any auth page...
>
> When adding tcp 8000 from wlan-subnet to localhost there still is no
> popup...
>
> When looking to pfsense/status.php it looks like the rule for captive
> portal is generated without the rule having added by hand (so as it
> should be in the new version)
>
> Can anyone affirm this or is there just something i have overseen ?
>
> Greets, Martin !

If you are speaking of WPA then I just fixed that.   Please test a new
snapshot in a couple of hours.

Scott

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Captive Portal

2007-03-04 Thread Scott Ullrich


On 3/4/07, Fuchs, Martin <[EMAIL PROTECTED]> wrote:

Hmmm, tried the latest snapshot... wpa2 does not seem to work with the captive 
portal until now... site cannot be found... :(


Reinstall?   The options are definitely back.

# pfsense requires for WPA
add 1100 set 1 pass layer2 mac-type 0x888e

Scott

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Captive Portal

2007-03-04 Thread Scott Ullrich


Also, please install a working version and from the shell do a:

ipfw show

Then reinstall the non working version and from a shell do:

ipfw show

Scott


On 3/4/07, Scott Ullrich <[EMAIL PROTECTED]> wrote:

On 3/4/07, Fuchs, Martin <[EMAIL PROTECTED]> wrote:
> Hmmm, tried the latest snapshot... wpa2 does not seem to work with the 
captive portal until now... site cannot be found... :(

Reinstall?   The options are definitely back.

# pfsense requires for WPA
add 1100 set 1 pass layer2 mac-type 0x888e

Scott



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

AW: [pfSense Support] Captive Portal

2007-03-05 Thread Fuchs, Martin

What should it read on the fresh install ?
It's a productive system... it's hard to reinstall in between...

On the non-working-system it reads:

# ipfw show
00030 147403 130387849 skipto 5 ip from any to any in via fxp0 keep-state
00030  43395  63498221 skipto 5 ip from any to any in via fxp2 keep-state
00030  0 0 skipto 5 ip from any to any in via fxp1 keep-state
00030  0 0 skipto 5 ip from any to any in via fxp3 keep-state
00050  0 0 skipto 29900 ip from any to any MAC 00:0e:35:6c:bf:d8 
any keep-state
00050  0 0 skipto 29900 ip from any to any MAC any 
00:0e:35:6c:bf:d8 keep-state
00050  0 0 skipto 29900 ip from any to any MAC 00:14:6c:6c:f4:58 
any keep-state
00050  0 0 skipto 29900 ip from any to any MAC any 
00:14:6c:6c:f4:58 keep-state
00050  0 0 skipto 29900 ip from any to any MAC 00:18:de:a0:f7:2e 
any keep-state
00050  0 0 skipto 29900 ip from any to any MAC any 
00:18:de:a0:f7:2e keep-state
00050  0 0 skipto 29900 ip from any to any MAC 00:80:5a:35:4f:7b 
any keep-state
00050  0 0 skipto 29900 ip from any to any MAC any 
00:80:5a:35:4f:7b keep-state
01000  76193  64802776 skipto 5 ip from any to any not layer2 not via ath0
01001  32161   1841212 allow ip from any to any layer2 not via ath0
01100  0 0 allow ip from any to any layer2 mac-type 0x0806
01100  4   460 allow ip from any to any layer2 mac-type 0x888e
01100  0 0 allow ip from any to any layer2 mac-type 0x8863
01100  0 0 allow ip from any to any layer2 mac-type 0x8864
01100  0 0 allow ip from any to any layer2 mac-type 0x8863
01100  0 0 allow ip from any to any layer2 mac-type 0x8864
01100  0 0 allow ip from any to any layer2 mac-type 0x888e
01101  0 0 deny ip from any to any layer2 not mac-type 0x0800
01102103  6114 skipto 2 ip from any to any layer2
01200  0 0 allow udp from any 68 to 255.255.255.255 dst-port 67 in
01201  0 0 allow udp from any 68 to 10.100.101.1 dst-port 67 in
01202  0 0 allow udp from 10.100.101.1 67 to any dst-port 68 out
01203  0 0 allow icmp from 10.100.101.1 to any out icmptypes 8
01204  0 0 allow icmp from any to 10.100.101.1 in icmptypes 0
01300  0 0 allow udp from any to 10.100.101.1 dst-port 53 in
01301  0 0 allow udp from 10.100.101.1 53 to any out
01302 29  1655 allow tcp from any to 10.100.101.1 dst-port 8000 in
01303 23   976 allow tcp from 10.100.101.1 8000 to any out
19902  0 0 fwd 127.0.0.1,8000 tcp from any to any dst-port 80 in
19903  0 0 allow tcp from any 80 to any out
19904 51  3483 deny ip from any to any
29900382 54201 allow ip from any to any layer2
65535 267263 258737393 allow ip from any to any

-Ursprüngliche Nachricht-
Von: Scott Ullrich [mailto:[EMAIL PROTECTED] 
Gesendet: Sonntag, 4. März 2007 19:06
An: support@pfsense.com
Betreff: Re: [pfSense Support] Captive Portal

Also, please install a working version and from the shell do a:

ipfw show

Then reinstall the non working version and from a shell do:

ipfw show

Scott


On 3/4/07, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> On 3/4/07, Fuchs, Martin <[EMAIL PROTECTED]> wrote:
> > Hmmm, tried the latest snapshot... wpa2 does not seem to work with the 
> > captive portal until now... site cannot be found... :(
>
> Reinstall?   The options are definitely back.
>
> # pfsense requires for WPA
> add 1100 set 1 pass layer2 mac-type 0x888e
>
> Scott
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Captive Portal

2007-03-05 Thread Scott Ullrich


On 3/5/07, Fuchs, Martin <[EMAIL PROTECTED]> wrote:

What should it read on the fresh install ?
It's a productive system... it's hard to reinstall in between...


Right, but it must work, correct? :)   If you could get a reading from
a box that works, it would be most helpful.

Scott

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

AW: [pfSense Support] Captive Portal

2007-03-05 Thread Fuchs, Martin

I'll try to get a fresh install on the same system as soon as possible...


-Ursprüngliche Nachricht-
Von: Scott Ullrich [mailto:[EMAIL PROTECTED] 
Gesendet: Montag, 5. März 2007 20:52
An: support@pfsense.com
Betreff: Re: [pfSense Support] Captive Portal

On 3/5/07, Fuchs, Martin <[EMAIL PROTECTED]> wrote:
> What should it read on the fresh install ?
> It's a productive system... it's hard to reinstall in between...

Right, but it must work, correct? :)   If you could get a reading from
a box that works, it would be most helpful.

Scott

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

AW: [pfSense Support] Captive Portal

2007-03-05 Thread Fuchs, Martin

Hi, Scott !

Fresh install shows the following, but does not work also :-(

00030  7882 4784874 skipto 5 ip from any to any in via fxp0 keep-state
00030  1445 1633539 skipto 5 ip from any to any in via fxp2 keep-state
00030 0   0 skipto 5 ip from any to any in via fxp1 keep-state
00030 0   0 skipto 5 ip from any to any in via fxp3 keep-state
00050 0   0 skipto 29900 ip from any to any MAC 00:0e:35:6c:bf:d7 any 
keep-state
00050 0   0 skipto 29900 ip from any to any MAC any 00:0e:35:6c:bf:d7 
keep-state
00050 0   0 skipto 29900 ip from any to any MAC 00:14:6c:6c:f4:58 any 
keep-state
00050 0   0 skipto 29900 ip from any to any MAC any 00:14:6c:6c:f4:58 
keep-state
00050 0   0 skipto 29900 ip from any to any MAC 00:18:de:a0:f7:2e any 
keep-state
00050 0   0 skipto 29900 ip from any to any MAC any 00:18:de:a0:f7:2e 
keep-state
00050 0   0 skipto 29900 ip from any to any MAC 00:80:5a:35:4f:7b any 
keep-state
00050 0   0 skipto 29900 ip from any to any MAC any 00:80:5a:35:4f:7b 
keep-state
01000  4528 1890097 skipto 5 ip from any to any not layer2 not via ath0
01001  2595  246062 allow ip from any to any layer2 not via ath0
01100 0   0 allow ip from any to any layer2 mac-type 0x0806
01100 0   0 allow ip from any to any layer2 mac-type 0x888e
01100 0   0 allow ip from any to any layer2 mac-type 0x8863
01100 0   0 allow ip from any to any layer2 mac-type 0x8864
01100 0   0 allow ip from any to any layer2 mac-type 0x8863
01100 0   0 allow ip from any to any layer2 mac-type 0x8864
01100 0   0 allow ip from any to any layer2 mac-type 0x888e
01101 0   0 deny ip from any to any layer2 not mac-type 0x0800
01102 0   0 skipto 2 ip from any to any layer2
01200 0   0 allow udp from any 68 to 255.255.255.255 dst-port 67 in
01201 0   0 allow udp from any 68 to 10.100.101.1 dst-port 67 in
01202 0   0 allow udp from 10.100.101.1 67 to any dst-port 68 out
01203 0   0 allow icmp from 10.100.101.1 to any out icmptypes 8
01204 0   0 allow icmp from any to 10.100.101.1 in icmptypes 0
01300 0   0 allow udp from any to 10.100.101.1 dst-port 53 in
01301 0   0 allow udp from 10.100.101.1 53 to any out
01302 0   0 allow tcp from any to 10.100.101.1 dst-port 8000 in
01303 0   0 allow tcp from 10.100.101.1 8000 to any out
19902 0   0 fwd 127.0.0.1,8000 tcp from any to any dst-port 80 in
19903 0   0 allow tcp from any 80 to any out
19904 0   0 deny ip from any to any
29900 0   0 allow ip from any to any layer2
65535 13855 8308510 allow ip from any to any

-Ursprüngliche Nachricht-
Von: Fuchs, Martin [mailto:[EMAIL PROTECTED] 
Gesendet: Montag, 5. März 2007 21:00
An: support@pfsense.com
Betreff: AW: [pfSense Support] Captive Portal

I'll try to get a fresh install on the same system as soon as possible...


-Ursprüngliche Nachricht-
Von: Scott Ullrich [mailto:[EMAIL PROTECTED] 
Gesendet: Montag, 5. März 2007 20:52
An: support@pfsense.com
Betreff: Re: [pfSense Support] Captive Portal

On 3/5/07, Fuchs, Martin <[EMAIL PROTECTED]> wrote:
> What should it read on the fresh install ?
> It's a productive system... it's hard to reinstall in between...

Right, but it must work, correct? :)   If you could get a reading from
a box that works, it would be most helpful.

Scott

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

AW: [pfSense Support] Captive Portal

2007-03-05 Thread Fuchs, Martin

What really irritates m eis the fact that the mac filtering in the captive 
portal works well with wpa_2.
Any cohenerce between mac and username auth ?

Any clues for that ?

Greets, Martin !

-Ursprüngliche Nachricht-
Von: Fuchs, Martin [mailto:[EMAIL PROTECTED] 
Gesendet: Montag, 5. März 2007 21:35
An: support@pfsense.com
Betreff: AW: [pfSense Support] Captive Portal

Hi, Scott !

Fresh install shows the following, but does not work also :-(

00030  7882 4784874 skipto 5 ip from any to any in via fxp0 keep-state
00030  1445 1633539 skipto 5 ip from any to any in via fxp2 keep-state
00030 0   0 skipto 5 ip from any to any in via fxp1 keep-state
00030 0   0 skipto 5 ip from any to any in via fxp3 keep-state
00050 0   0 skipto 29900 ip from any to any MAC 00:0e:35:6c:bf:d7 any 
keep-state
00050 0   0 skipto 29900 ip from any to any MAC any 00:0e:35:6c:bf:d7 
keep-state
00050 0   0 skipto 29900 ip from any to any MAC 00:14:6c:6c:f4:58 any 
keep-state
00050 0   0 skipto 29900 ip from any to any MAC any 00:14:6c:6c:f4:58 
keep-state
00050 0   0 skipto 29900 ip from any to any MAC 00:18:de:a0:f7:2e any 
keep-state
00050 0   0 skipto 29900 ip from any to any MAC any 00:18:de:a0:f7:2e 
keep-state
00050 0   0 skipto 29900 ip from any to any MAC 00:80:5a:35:4f:7b any 
keep-state
00050 0   0 skipto 29900 ip from any to any MAC any 00:80:5a:35:4f:7b 
keep-state
01000  4528 1890097 skipto 5 ip from any to any not layer2 not via ath0
01001  2595  246062 allow ip from any to any layer2 not via ath0
01100 0   0 allow ip from any to any layer2 mac-type 0x0806
01100 0   0 allow ip from any to any layer2 mac-type 0x888e
01100 0   0 allow ip from any to any layer2 mac-type 0x8863
01100 0   0 allow ip from any to any layer2 mac-type 0x8864
01100 0   0 allow ip from any to any layer2 mac-type 0x8863
01100 0   0 allow ip from any to any layer2 mac-type 0x8864
01100 0   0 allow ip from any to any layer2 mac-type 0x888e
01101 0   0 deny ip from any to any layer2 not mac-type 0x0800
01102 0   0 skipto 2 ip from any to any layer2
01200 0   0 allow udp from any 68 to 255.255.255.255 dst-port 67 in
01201 0   0 allow udp from any 68 to 10.100.101.1 dst-port 67 in
01202 0   0 allow udp from 10.100.101.1 67 to any dst-port 68 out
01203 0   0 allow icmp from 10.100.101.1 to any out icmptypes 8
01204 0   0 allow icmp from any to 10.100.101.1 in icmptypes 0
01300 0   0 allow udp from any to 10.100.101.1 dst-port 53 in
01301 0   0 allow udp from 10.100.101.1 53 to any out
01302 0   0 allow tcp from any to 10.100.101.1 dst-port 8000 in
01303 0   0 allow tcp from 10.100.101.1 8000 to any out
19902 0   0 fwd 127.0.0.1,8000 tcp from any to any dst-port 80 in
19903 0   0 allow tcp from any 80 to any out
19904 0   0 deny ip from any to any
29900 0   0 allow ip from any to any layer2
65535 13855 8308510 allow ip from any to any

-Ursprüngliche Nachricht-
Von: Fuchs, Martin [mailto:[EMAIL PROTECTED] 
Gesendet: Montag, 5. März 2007 21:00
An: support@pfsense.com
Betreff: AW: [pfSense Support] Captive Portal

I'll try to get a fresh install on the same system as soon as possible...


-Ursprüngliche Nachricht-
Von: Scott Ullrich [mailto:[EMAIL PROTECTED] 
Gesendet: Montag, 5. März 2007 20:52
An: support@pfsense.com
Betreff: Re: [pfSense Support] Captive Portal

On 3/5/07, Fuchs, Martin <[EMAIL PROTECTED]> wrote:
> What should it read on the fresh install ?
> It's a productive system... it's hard to reinstall in between...

Right, but it must work, correct? :)   If you could get a reading from
a box that works, it would be most helpful.

Scott

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Captive Portal

2007-03-05 Thread Scott Ullrich


On 3/5/07, Fuchs, Martin <[EMAIL PROTECTED]> wrote:

Hi, Scott !

Fresh install shows the following, but does not work also :-(

[snip]

01100 0   0 allow ip from any to any layer2 mac-type 0x888e


I don't see the traffic counter increasing on this test.  Did you
actually test login again?  The prior output shows the counter at 4.

Scott

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Captive Portal

2007-03-05 Thread Scott Ullrich

I found a potential issue.  Please test a snapshot around two hours from now.

Scott

On 3/5/07, Scott Ullrich <[EMAIL PROTECTED]> wrote:

On 3/5/07, Fuchs, Martin <[EMAIL PROTECTED]> wrote:
> Hi, Scott !
>
> Fresh install shows the following, but does not work also :-(
[snip]
> 01100 0   0 allow ip from any to any layer2 mac-type 0x888e

I don't see the traffic counter increasing on this test.  Did you
actually test login again?  The prior output shows the counter at 4.

Scott

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

AW: [pfSense Support] Captive Portal

2007-03-06 Thread Fuchs, Martin

Until now it behaviour did not change ...

Using:
1.0.1-SNAPSHOT-02-27-2007
built on Tue Mar 6 09:35:38 EST 2007

# ipfw show
00030 22320  9418077 skipto 5 ip from any to any in via fxp0 keep-state
00030  4883  2515916 skipto 5 ip from any to any in via fxp2 keep-state
00030 00 skipto 5 ip from any to any in via fxp1 keep-state
00030 00 skipto 5 ip from any to any in via fxp3 keep-state
00050 4  524 skipto 29900 ip from any to any MAC 00:0e:35:6c:bf:d7 any 
keep-state
00050 00 skipto 29900 ip from any to any MAC any 00:0e:35:6c:bf:d7 
keep-state
00050 00 skipto 29900 ip from any to any MAC 00:14:6c:6c:f4:58 any 
keep-state
00050 00 skipto 29900 ip from any to any MAC any 00:14:6c:6c:f4:58 
keep-state
00050 00 skipto 29900 ip from any to any MAC 00:18:de:a0:f7:2e any 
keep-state
00050 00 skipto 29900 ip from any to any MAC any 00:18:de:a0:f7:2e 
keep-state
00050 00 skipto 29900 ip from any to any MAC 00:80:5a:35:4f:7b any 
keep-state
00050 00 skipto 29900 ip from any to any MAC any 00:80:5a:35:4f:7b 
keep-state
01000 16617  3892662 skipto 5 ip from any to any not layer2 not via ath0
01001  8152  1184059 allow ip from any to any layer2 not via ath0
0110014  392 allow ip from any to any layer2 mac-type 0x0806
01100 8  934 allow ip from any to any layer2 mac-type 0x888e
01100 00 allow ip from any to any layer2 mac-type 0x88c7
01100 00 allow ip from any to any layer2 mac-type 0x8863
01100 00 allow ip from any to any layer2 mac-type 0x8864
01100 00 allow ip from any to any layer2 mac-type 0x8863
01100 00 allow ip from any to any layer2 mac-type 0x8864
01100 00 allow ip from any to any layer2 mac-type 0x888e
01101 16 deny ip from any to any layer2 not mac-type 0x0800
01102   39553712 skipto 2 ip from any to any layer2
01200 2  682 allow udp from any 68 to 255.255.255.255 dst-port 67 in
01201 00 allow udp from any 68 to 10.100.101.1 dst-port 67 in
01202 00 allow udp from 10.100.101.1 67 to any dst-port 68 out
01203 00 allow icmp from 10.100.101.1 to any out icmptypes 8
01204 00 allow icmp from any to 10.100.101.1 in icmptypes 0
01300 00 allow udp from any to 10.100.101.1 dst-port 53 in
01301 00 allow udp from 10.100.101.1 53 to any out
01302 00 allow tcp from any to 10.100.101.1 dst-port 8000 in
01303 00 allow tcp from 10.100.101.1 8000 to any out
19902 00 fwd 127.0.0.1,8000 tcp from any to any dst-port 80 in
19903 00 allow tcp from any 80 to any out
19904   39152372 deny ip from any to any
29900   39954236 allow ip from any to any layer2
65535 43828 15827315 allow ip from any to any

-Ursprüngliche Nachricht-
Von: Scott Ullrich [mailto:[EMAIL PROTECTED] 
Gesendet: Dienstag, 6. März 2007 01:17
An: support@pfsense.com
Betreff: Re: [pfSense Support] Captive Portal

I found a potential issue.  Please test a snapshot around two hours from now.

Scott

On 3/5/07, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> On 3/5/07, Fuchs, Martin <[EMAIL PROTECTED]> wrote:
> > Hi, Scott !
> >
> > Fresh install shows the following, but does not work also :-(
> [snip]
> > 01100 0   0 allow ip from any to any layer2 mac-type 0x888e
>
> I don't see the traffic counter increasing on this test.  Did you
> actually test login again?  The prior output shows the counter at 4.
>
> Scott
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Captive portal sugesstion

2007-05-03 Thread Mohd Saidy


Hi,

1. Congratulation to developer that will release a new version of pfsense. 
Nice jobs guys!
2. I'm using captive portal for authenticate my wireless user (right now 
have about 700 users with approximately 100 cocurrent users), but when i 
want to add user i take some memory and time to read all existing users. My 
suggestions, why not split or group all user by 10 or 20 user by pages. For 
example as below;



Users
1. abc1
2. abc2
3. abc3
4. abc4
5. abc5
6. abc6
7. abc7
8. abc8
9. abc9
10. abc10

<< 1 2 3 4 5 6 7 8 9 10 >>


Thank you 




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Captive Portal ?

2007-05-18 Thread Scott Ullrich


On 5/18/07, David Strout <[EMAIL PROTECTED]> wrote:

Now that I plowed through the VLAN issue.  I have
been presented with another config question.

Is there any way to have captive portal active on
multiple interfaces?

I dug through the mail lists and the forum, but it
seems that the answer is a resounding "no".  So
naturally the next question is ... is there any
plan to modify the captive portal to address
multiple interfaces?  I am sure it would be a
coding nightmare, but in retrospect, have been
presented with the question and seeing the value
in their request, it sure would be a nice feature
for a future release.


No it will not work on multiple interfaces and there are no plans to
work on this.

Scott

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Captive Portal trouble

2008-01-20 Thread Yannick Fauconnier

Hi all,

I'm using now pfsense for a few months (old user of monowall) and I wanted 
today to activate captive portal.

So I'm using pfsense 1.2 - RC3 with squid, bandwithd, ntop, and all the other 
usual ones :p

Problem I got, when wanted to activate captive portal, and seems doesn't work 
at all. Traffic always going fine without any requirement for authentication.

Thought maybe transparent proxy would cause that so disabled the transparent 
proxy and still the same thing :s

Config is as followed :


captiveportal-pirate.swf
141920
 

lan


30
local







192.168.200.252




pass

default


 



Any idea why ?

Regards

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Captive Portal question

2008-02-25 Thread Ugo Bellavance


Hi,

	A question about the captive portal.  I'm looking for a way to disallow 
concurrent user logins.  However, most customers will use MAC address 
for authentication, so if I disallw concurrent user logins, they can 
still access the 'net from the MAC address and give their 
username/password to their neighbor.  Is there a way to prevent that 
apart from using MAC auth for everyone?


Thanks,

Ugo


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Captive Portal

2008-03-22 Thread Chris Buechler


Dimitri Rodis wrote:


If I wanted to display a user’s IP address AND MAC address on the 
captive portal page, does anyone have a code snippet that would do 
that on the pfSense captive portal page? Is this possible?




I suggest opening a feature request ticket on cvstrac.pfsense.org, 
and/or starting a bounty. Somebody would probably be willing to pick 
this up for relatively cheap.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] Captive Portal

2008-03-22 Thread Dimitri Rodis

If I made the modifications to display the mac/client IP on the
"default" captive portal page, would you commit it and make it the
default captive portal page? I would just throw a couple of lines right
beneath the login button that say: 
Client MAC: xx:xx:xx:xx:xx:xx
Client IP: xxx.xxx.xxx.xxx

Dimitri Rodis
Integrita Systems LLC 

-Original Message-
From: Chris Buechler [mailto:[EMAIL PROTECTED] 
Sent: Saturday, March 22, 2008 6:41 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Captive Portal

Dimitri Rodis wrote:
>
> If I wanted to display a user's IP address AND MAC address on the 
> captive portal page, does anyone have a code snippet that would do 
> that on the pfSense captive portal page? Is this possible?
>

I suggest opening a feature request ticket on cvstrac.pfsense.org, 
and/or starting a bounty. Somebody would probably be willing to pick 
this up for relatively cheap.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Captive Portal

2008-03-23 Thread Chris Buechler


Dimitri Rodis wrote:

If I made the modifications to display the mac/client IP on the
"default" captive portal page, would you commit it and make it the
default captive portal page? I would just throw a couple of lines right
beneath the login button that say: 
	Client MAC: xx:xx:xx:xx:xx:xx

Client IP: xxx.xxx.xxx.xxx
  


Sure, that's a worthwhile addition to the default page. If you send it 
to coreteam@ someone will get it committed.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] Captive Portal

2008-03-23 Thread Dimitri Rodis

Email just sent to [EMAIL PROTECTED] with the captive portal changes.

I also emailed some freeradius package changes to coreteam back on 3/19.
Were those committed?

Thanks,

Dimitri Rodis
Integrita Systems LLC 

-Original Message-
From: Chris Buechler [mailto:[EMAIL PROTECTED] 
Sent: Sunday, March 23, 2008 7:03 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Captive Portal

Dimitri Rodis wrote:
> If I made the modifications to display the mac/client IP on the
> "default" captive portal page, would you commit it and make it the
> default captive portal page? I would just throw a couple of lines
right
> beneath the login button that say: 
>   Client MAC: xx:xx:xx:xx:xx:xx
>   Client IP: xxx.xxx.xxx.xxx
>   

Sure, that's a worthwhile addition to the default page. If you send it 
to coreteam@ someone will get it committed.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Captive portal questions

2008-11-06 Thread DLStrout

I've been running CP on a 1.2 install for about 6
months now and we now are noticing that there is
no authentication happening.

Thing we've tried:

> Moving the CP to another interface (ie WLAN (WAP
connected ethernet)).
> Starting and restarting the CP service (fails
the webConfigurator when we restart CP service.
> tail the /var/log/lighttpd.error.log (here is
what we are seeing when a client hits the CP ...

2008-11-06 21:44:02: (connections.c.279) SSL: 1
error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca
2008-11-06 21:44:02: (connections.c.279) SSL: 1
error:140940E5:SSL routines:SSL3_READ_BYTES:ssl
handshake failure

Any ideas on how to revive the CP functionality
are greatly appreciated

--
David L. Strout
Engineering Systems Plus, LLC




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Commercial support available - https://portal.pfsense.org

[pfSense Support] captive portal ldap

2008-11-23 Thread Mikel Jimenez Fernandez



--- Begin Message ---

Hello
Is possible to configure captive portal with ldap authentication?

I have a linksys wrtg54 in my LAN, acting as AP. Is possible to 
configure this AP (with the default firmware or DD-wrt/openwrt) to 
authenticate to captive portal of pfsense?


Thanks


--- End Message ---
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Commercial support available - https://portal.pfsense.org

[pfSense Support] Captive Portal Issues

2009-03-03 Thread Atkins, Dwane P

We have been running pfSense as a Captive Portal for quite sometime.
Lately, our flenses have had services that were locking up.  You could
view items on the GUI, but could not execute a Captive Portal lookup or
a Halt System or Reboot System.  And if you ssh'ed into the system, you
could not execute either or a web configurator restart either.

 

On the particular system we had this happen to lately, we were using
1.2.1-RC2 and have had it happen on 1.2.2.  We did recently upgrade to
1.2.3-PRERELEASE-TESTING-VERSION and have not had it up long enough to
determine if this version had the same issue.

 

This is the error that was in the /var/log/ lighttpd.error.log

 

2009-03-03 09:04:58: (mod_fastcgi.c.2956) backend died; we'll disable it
for 5 seconds and send the request to another backend instead:
reconnects: 0 load: 192 

2009-03-03 09:04:59: (mod_fastcgi.c.3568) all handlers for  /index.php
on .php are down.

 

This was on the monitor hooked up to the pfSense device

 

 

IPFW: IPV6 - Unknown Extension Header(10), ext 2

IPFW: IPV6 - Unknown Extension Header(5), ext 2

 

Thanks

[pfSense Support] Captive Portal Question

2009-05-07 Thread Tim Dressel

Hi folks,

I've got a captive portal deployed on a simple LAN/WAN configured
current PFsense box.

All clients that I want to have transparent access to the internet
have a MAC bypass entry.

All other clients authenticate against the active portal.

The mac-bypass has over 300 entries in it.

I get network drops, slow traffic internal and external, and in
general network unhappiness (slow ping times, things just dropping off
the network, adding an additional MAC address when applying the
settings causes the web interface to hang). Disabling the captive
portal instantly makes everything work well again.

So, two questions please:

1. What is the limitation on the number of mac-bypass entries? And is
what I am seeing expected with 300 entries?

2. If I should not be doing this with 300 clients, is anyone using
another FOSS product to do MAC authenticated control outbound from
their firewall?

Thanks in advance...

Tim

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

[pfSense Support] Captive Portal Page

2009-05-14 Thread Curtis LaMasters

Does anyone know where I can find a nice templated captive portal
page. Something with a simple header, ULA and Login.  I know it sounds
so simple, but my web skillz are limited...

Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

[pfSense Support] Captive portal redirect

2010-06-08 Thread Cristian Del Carlo

Hi,

i use pfsense 2.0 as a captive portal.

Everything works fine except the redirect after user authentication.

I set up captive portal to redirect connections to
http://www.google.it after authentication, but often after giving
username and password correctly the page of the authentication remains
.

What could be the problem?

Thanks in advance.

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] captive portal

2010-08-28 Thread Chris Buechler

On Wed, Aug 25, 2010 at 7:19 AM, Hans Maes  wrote:
> Hi,
>
> I'm running a few (6 at the moment) pfsense 1.2.3-RELEASE boxes on a rather
> large scale wireless network, as border routers and firewalls between the
> internet uplinks and the rest of the network. (network background info: +600
> subnets, +150 router nodes, 6 internet uplinks, about 1000 unique
> mac-address clients per 24h, www.wirelessbelgie.be , non-profit organisation
> running on volunteers )
>
> The traffic shaper is active on the pfsense boxes to allow different
> internet speeds to different subnets on the network.
> I'm currently using very large alias lists to manage the +600 private
> subnets in the traffic shaper.
>
> We are currently looking at switching to a captive portal + traffic shaper +
> freeradius, so we can set speeds based on user/pass combination in stead of
> IP subnet.
> Tests are successful up till now, and we are going to switch this into
> production pretty soon.
>
> However, I have one problem:
> The network contains a lot of 'dumb' devices (ipcams, sound encoders,
> serial2ip, ...) which also need internet access, but have no clue on how to
> log in to the captive portal.
>
> I cannot use mac-authentication with the captive portal and the radius
> server because there are routers in between the pfsense boxes and the
> devices.
>
> From what I see now the only way to allow these devices access to the
> internet is to add them to the "Allowed IP" list in the captive portal.
> But managing this list seperately on every box would be a lot of work. I
> would prefer to use an alias containing all my allowed ip's which I can then
> update through the "fetch alias list from url" package.
>
>
> First Question: Is there any way to use aliases in the captive "Allowed IP"
> list, or to automate managing this list in any way ?

No way to use aliases. Scripting with curl can automate management.


> Second question: Are the devices in the "allowed list" allowed to pass
> through the captive portal right away, or do they need to open an HTTP
> connection first to 'trigger' the captive portal logic ?
>

They're automatically allowed through.


> Third Question: I'm currently running 1.2.3 but switching to 2.0 would be
> possible, if this would help me in this situation. What would you guys
> recommend for this situation, 1.2.3 or 2.0 ?
>

Don't think there would be much difference in this particular scenario
for you. 2.0 may let you push the CP function further upstream since
it can run on multiple interfaces, giving you fewer boxes to manage.

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

[pfSense Support] Captive Portal Issues

2010-09-17 Thread Atkins, Dwane P

Good afternoon.

I am trying to install  pfSense-2.0-BETA4-20100915-0900.iso to just run a 
captive portal.  I am having issues even getting the captive portal to work.  
When I initiate a web page, I should get something requesting authentication.  
Instead, I get the web page requested if it is internal, but the page will 
timeout if it is external.

Are there checkboxes that need to be checked or unchecked to just have the 
pfsense default login appear?

Thanks

Dwane

Re: [pfSense Support] Captive Portal

2010-10-08 Thread Christian Veith


 Hi Dwane,

in my oppinion, there's not much documentation on that topic available. 
But it's working that way:


1. Receives an IP Packet
2. Blocks it until authenticated / Answers with HTML Website if Port 80 
is talked to

3. Receives credentials from User
4. Authenticates with internal Database / Radius Server
5. Stores logon Information ( MAC-Adress / IP Adress / Timestamp) 
internally to revoke access after an configured time

6. Allows Access to requested resource and opens an popup window to logout.

regards

Christian

Am 08.10.2010 16:25, schrieb Atkins, Dwane P:


We are wondering if there is any information available that explains 
in detail how the Captive Portal on pfsense works? We know it’s 
function, but we are wondering what is happening behind the scene?



Any documentation would be nice.


Thank you


Dwane




-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

[pfSense Support] Captive Portal & Logging

2010-11-05 Thread Michel Servaes

Hi,


I was wondering, if it would be possible to log all traffic from a captive
portal point of view ?

When handing out "captive portal" - access keys to users, it's use and
whereabouts should be logged in case of misuse !
Can I log per login on CaptivePortal level to some kind of database ??

Ideally, it would keep it's records into a MySQL database centrally (and in
case of offline, to cache it's records locally)... but then again, this
would be the ideal situation ofcourse :)



If pfsense can't handle this, can pfsense be used together with some other
product that can log this use ?
It really should need to log the username, and his whereabouts when he
visits the internet.

Maybe I should use a dedicated pfsense machine, and install proxy on it...
that would be a workaround I guess (that is, if not using transparant proxy
ofcourse - but to my knowledge, this would only log HTTP traffic (which is
already quite good, but I want it all logged ofcourse).


I've heard about Untangle a lot - but I have no idea whatsoever what to
expect about this software... (I've seen nifty screenshots, and it looks
quite cool - but I just hope all the eyecandy isn't a cover-up for it's real
use)


Kind regards,
Michel

[pfSense Support] Captive Portal Redirection

2011-06-17 Thread Atkins, Dwane P

I am experiencing an issue again where the Captive Portal is not redirecting 
automatically.  WE can web into http://pfsense.domain.local:8000  and it will 
redirect.  However, if we just click on a browser and go to a homepage, it will 
not redirect.

I have seen this before and thought I had the documentation to fix it, but that 
is not so.

Dwane

[pfSense Support] Captive Portal Allowed IP

2005-07-15 Thread William Armstrong

Captive portal  Allowed IP

 I configured captive portal for not to ask for to password
when having access 1 determined ip address.

 any > to > 200.xxx.yyy.zzz




But when I try to have access this address it show  the 
authentication page standard (that I placed in captive portal) so that
the user introduces the name and password to continue the navigation. 

Iignoring the configuration that I made previously liberating this
site.-- -=-=-=-=-=-=-=-=-=-William David ArmstrongBio Systems Security.ICQ 10253747 MSN [EMAIL PROTECTED]--
"Ninguém nasce sabendo de tudo.Mas tudo pode ser Aprendido;E principalmente porque tudo pode ser Ensinado" By Bio.--

Re: [pfSense Support] Captive Portal Question :-)

2005-07-29 Thread Scott Ullrich

On 7/28/05, James Mellor <[EMAIL PROTECTED]> wrote:
> Hi pfSense,
> 
> I'm using m0n0wall and have recently found pfSense by googling and was
> wondering if it suffered the same captive portal radius authentication
> with per-user bandwidth issues ?

We do not have this option.  
 
> I would like to setup a captive portal with radius authentication, which
> m0n0wall or pfSense can do but I am hoping to implement per-user
> bandwidth control, could someone please tell me if this works fine on
> the latest version of pfSense as if it does I'll ditch m0n0wall and use
> pfSense :-)

Not going to work. Sorry.

Scott

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Captive Portal Question :-)

2005-07-29 Thread James Mellor


Thanks for the quick reply Scott,

In the features section of the pfsense website it says that a freeradius 
is available within pfsense and when looking at the screenshot of this 
there are fields for entering a users upload and download bandwidth 
limits and so would I be correct in assuming that if I used pfsense's 
built in freeradius server the captive portal would be able to 
authenticate registered users and limit there bandwidth individualy ?


If this is the case then I would not need a seperate radius server :-)

The only issue then would be how to setup a process whereby I could 
create a script on another system that would connect to the pfsense 
machine, via ssh perhaps, and automaticaly add, amend, or delete users 
from the pfsense radius server as needed so that I would not need to 
manualy log into pfsense.



Cheers, James

Scott Ullrich wrote:


On 7/28/05, James Mellor <[EMAIL PROTECTED]> wrote:
 


Hi pfSense,

I'm using m0n0wall and have recently found pfSense by googling and was
wondering if it suffered the same captive portal radius authentication
with per-user bandwidth issues ?
   



We do not have this option.  

 


I would like to setup a captive portal with radius authentication, which
m0n0wall or pfSense can do but I am hoping to implement per-user
bandwidth control, could someone please tell me if this works fine on
the latest version of pfSense as if it does I'll ditch m0n0wall and use
pfSense :-)
   



Not going to work. Sorry.

Scott


 






-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Captive Portal Question :-)

2005-07-29 Thread Scott Ullrich

On 7/29/05, James Mellor <[EMAIL PROTECTED]> wrote:
> Thanks for the quick reply Scott,
> 
> In the features section of the pfsense website it says that a freeradius
> is available within pfsense and when looking at the screenshot of this
> there are fields for entering a users upload and download bandwidth
> limits and so would I be correct in assuming that if I used pfsense's
> built in freeradius server the captive portal would be able to
> authenticate registered users and limit there bandwidth individualy ?

No.
 
> If this is the case then I would not need a seperate radius server :-)
> 
> The only issue then would be how to setup a process whereby I could
> create a script on another system that would connect to the pfsense
> machine, via ssh perhaps, and automaticaly add, amend, or delete users
> from the pfsense radius server as needed so that I would not need to
> manualy log into pfsense.

It would be possible for someone to create a ipfw package that does
this but there is no support for this currently.

Scott

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Captive Portal Question :-)

2005-07-29 Thread James Mellor


Hi Scott,

So the bandwidth fields on the freeradius screenshot within the features 
section of the website don't actualy work on the captive portal then ?


What I'm actualy after is the capability to have a user log in via the 
captive portal and have there bandwidth set to a specific level, could 
you please tell me if pfsense supports this ?


The other thing I'm looking for is the ability to add, amend or delete a 
user without logging into pfsense manualy, by perhaps creating a script 
that runs on an external PC and connects to pfsense to run shell 
commands that would perform this task, I have to be honest I don't know 
how to do it but if I can get confirmation that it's possible to add, 
amend and delete users via ssh then I'll learn how to do it and 
implement it myself - I just don't want to waste my time if it's not 
going to be possible afterall.


Thanks for all your help.

Cheers, James...

Scott Ullrich wrote:


On 7/29/05, James Mellor <[EMAIL PROTECTED]> wrote:
 


Thanks for the quick reply Scott,

In the features section of the pfsense website it says that a freeradius
is available within pfsense and when looking at the screenshot of this
there are fields for entering a users upload and download bandwidth
limits and so would I be correct in assuming that if I used pfsense's
built in freeradius server the captive portal would be able to
authenticate registered users and limit there bandwidth individualy ?
   



No.

 


If this is the case then I would not need a seperate radius server :-)

The only issue then would be how to setup a process whereby I could
create a script on another system that would connect to the pfsense
machine, via ssh perhaps, and automaticaly add, amend, or delete users
from the pfsense radius server as needed so that I would not need to
manualy log into pfsense.
   



It would be possible for someone to create a ipfw package that does
this but there is no support for this currently.

Scott


 






-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Captive Portal Question :-)

2005-07-29 Thread Scott Ullrich

On 7/29/05, James Mellor <[EMAIL PROTECTED]> wrote:
> Hi Scott,
> 
> So the bandwidth fields on the freeradius screenshot within the features
> section of the website don't actualy work on the captive portal then ?

NO.  Your freeradius package is out of date.
 
> What I'm actualy after is the capability to have a user log in via the
> captive portal and have there bandwidth set to a specific level, could
> you please tell me if pfsense supports this ?

It would require some script writing to modify the captiveportal pf
table.  Shouldn't be very difficult if you want to invest the time
into it.
 
Scott

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Captive Portal Question :-)

2005-07-29 Thread James Mellor


Thanks Scott,

I think I now have the full picture - captive portal works on pfsense 
but doesn't support bandwidth restrictions due to the freeradius server 
package being out of date, but it is possible to creat a script to 
connect to pfsense via ssh and alter the pf table.


Looks like it's impossible to set bandwidth limits for a captive portal 
user on pfsense for now then.


Cheers,  James

Scott Ullrich wrote:


On 7/29/05, James Mellor <[EMAIL PROTECTED]> wrote:
 


Hi Scott,

So the bandwidth fields on the freeradius screenshot within the features
section of the website don't actualy work on the captive portal then ?
   



NO.  Your freeradius package is out of date.

 


What I'm actualy after is the capability to have a user log in via the
captive portal and have there bandwidth set to a specific level, could
you please tell me if pfsense supports this ?
   



It would require some script writing to modify the captiveportal pf
table.  Shouldn't be very difficult if you want to invest the time
into it.

Scott


 






-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Captive Portal Problems 0.73.6

2005-08-05 Thread Paul Taylor


I'm not sure what's going on, but every time we enable the Captive Portal in
0.73.6 (and older versions we were trying yesterday), the WebGUI starts to
hang.  Just after enabling it (with "Local User Manager" being the only
setting not at the default value), the WebGUI responds and states that the
settings were applied, but after that, nothing I do in the WebGUI works.. I
can't get to any other WebGUI page, nor can I change any setting and Save
settings...  It's like the WebGUI goes out to lunch.

Other info:
- We're using the Metallic theme.  
- Our WebGUI runs on HTTPS. (Though we have had the same results on HTTP)
- We have had the Squid package installed, but have removed it after running
into this problem, thinking it may be related.  Even though it has been
removed, the problem persists...  Is it possible that something was "left
behind" in the uninstall?
- We have Advanced Outbound NAT enabled (with only the default rule) with
registered IPs on the LAN segment handed out via DHCP.
- We have only the default firewall rules in place.

Paul


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] captive portal question?

2005-08-24 Thread Scott Ullrich

The interface must be enabled and configured to show up.

Scott


On 8/24/05, Dan Swartzendruber <[EMAIL PROTECTED]> wrote:
> 
> I was looking at the setup screen, and it doesn't look like it will
> let me pick the OPT1 interface (which is where my guest WLAN will
> come in on...)
> 
> 
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] captive portal question?

2005-08-24 Thread Dan Swartzendruber

At 07:10 PM 8/24/2005, Scott Ullrich wrote:

The interface must be enabled and configured to show up.

Aha, thanks.  I was before, but I got bit by that bug you just fixed 
in the vlan checking code.  Haven't pulled down 0.80 yet.  Thx...

Scott

On 8/24/05, Dan Swartzendruber <[EMAIL PROTECTED]> wrote:
>
> I was looking at the setup screen, and it doesn't look like it will
> let me pick the OPT1 interface (which is where my guest WLAN will
> come in on...)
>
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Captive portal broken?

2005-08-25 Thread Scott Ullrich

I have just commited a change for this.  Please test on 0.80.4

On 8/25/05, Dan Swartzendruber <[EMAIL PROTECTED]> wrote:
> 
> Well, it doesn't seem to work at all.  Here's what I'm seeing:
> 
> 1.  I'm allowed to pass whatever traffic I feel like before being
> authenticated.
> 
> 2.  When I launch the browser, and see the default pfsense captive
> portal page, typing an invalid user or password gives no indication
> of an error.
> 
> 
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Captive portal update

2005-08-26 Thread Chris Buechler

On 8/26/05, Dan Swartzendruber <[EMAIL PROTECTED]> wrote:
> 
> Running latest 80.4.  Part of my problem was a basic
> misunderstanding.  I had assumed that the portal would block access
> until you authenticated, so I left the default OPT1 => Any rule in I
> had before.  

Not a misunderstanding, that is how it's *supposed* to work.  This is
a bug.  Should be able to get nowhere other than the interface's IP
itself (for DNS purposes) before authenticating, and after
authenticating, your defined rules should apply as normal.

-cmb

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Captive portal update

2005-08-26 Thread Dan Swartzendruber

At 07:23 PM 8/26/2005, Chris Buechler wrote:

On 8/26/05, Dan Swartzendruber <[EMAIL PROTECTED]> wrote:
>
> Running latest 80.4.  Part of my problem was a basic
> misunderstanding.  I had assumed that the portal would block access
> until you authenticated, so I left the default OPT1 => Any rule in I
> had before.

Not a misunderstanding, that is how it's *supposed* to work.  This is
a bug.  Should be able to get nowhere other than the interface's IP
itself (for DNS purposes) before authenticating, and after
authenticating, your defined rules should apply as normal.

hmmm, so i should have left the OPT1 -> Any rule enabled?

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Captive portal update

2005-08-26 Thread Chris Buechler

On 8/26/05, Dan Swartzendruber <[EMAIL PROTECTED]> wrote:
> At 07:23 PM 8/26/2005, Chris Buechler wrote:
> >On 8/26/05, Dan Swartzendruber <[EMAIL PROTECTED]> wrote:
> > >
> > > Running latest 80.4.  Part of my problem was a basic
> > > misunderstanding.  I had assumed that the portal would block access
> > > until you authenticated, so I left the default OPT1 => Any rule in I
> > > had before.
> >
> >Not a misunderstanding, that is how it's *supposed* to work.  This is
> >a bug.  Should be able to get nowhere other than the interface's IP
> >itself (for DNS purposes) before authenticating, and after
> >authenticating, your defined rules should apply as normal.
> 
> hmmm, so i should have left the OPT1 -> Any rule enabled?
> 

yeah, if that's the controls you want applied to authenticated
clients.  Sounds like that's a bug though.  Scott or someone will have
to comment there.

-cmb

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Captive portal update

2005-08-26 Thread Scott Ullrich

On 8/26/05, Chris Buechler <[EMAIL PROTECTED]> wrote:
> yeah, if that's the controls you want applied to authenticated
> clients.  Sounds like that's a bug though.  Scott or someone will have
> to comment there.

Chris is absolutely correct.

I'll drag all the equipment back out tomorrow and retest this.

Scott

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] captive portal redirection problem

2005-12-02 Thread Denny

i just try out captive portal.

it's ok when i try open, say, www.google.com
and it's redirected to login page.

but problems occur when i try to open, say, www.google.com/talk
or www.somedomain.com/whatever/after/dot/com
it will give me a 404 error not found.

imho, this will cause confuse for newbies trying to access the internet.


rgds,
dny.

... but that which cometh out of the mouth,
this defileth a man.   Mat 15:11

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] captive portal webgui prob

2006-04-12 Thread barney gumbo

I'm having a problem with making changes to the captive portal webgui page.  If I attempt to change the idle or hard timeout settings, then hit the save button, I then get a page cannot be displayed.  I can disable/enable captive portal without getting that error.  I don't see anything obvious in the log files, and rebooting doesn't help.   I'm running 
1.0 beta 2.  Any help or pointers will be appreciated.

[pfSense Support] Captive portal bypass rule

2006-07-28 Thread Tim Roberts




I was wondering how difficult it would be to 
be able to enter an IP range in captive portal to bypass instead of specifying 
IP by IP. Is there a command line way to do it? I have a large /16 block with 
only a few hundred IPs located in it, but their scattered around and some cannot 
be determined. 
 
I also wanted to know if there was a reason that 
captive portal would not re-authenticate every one minute if the there was no 
idle or hard timeout time specified. I would actually like captive portal to 
endlessly re-authenticate until RADIUS returns a fail (preferably only once per 
say each hour). Out of the norm, but could evolve 
into something really useful for a small ISP in controlling a broadband 
userbase.
 
And last but not least, any way to make radius 
re-authenticate every X minutes instead of it being hard coded to 1 
minute?
 
Great job on the project all in all!
 
Thanks
Tim

Re: [pfSense Support] Captive portal leak?

2006-10-20 Thread Scott Ullrich


That is very interesting as IPFW should have cut the conversation off.

I'll look into calling pfctl -k for the ip in question to make sure
that all of the states are removed.

Scott


On 10/20/06, Roberto Greiner <[EMAIL PROTECTED]> wrote:

Sorry, the previous message was incomplete. Gmail usage inexperience :-(

Hi,

I running a test on pfSense. I've added a single machine to the LAN port,
and connected a user after configuring Captive Portal to a 120 minutes hard
timeout. Sure enough, the user was disconnected after the timeout period.
The problem is that the aplication I left running on the client continued to
communicate. The application is bittorrent sharing a Knoppix torrent. The
upload speed was about 170KB/s

Is that the suposed behavior? Should Captive portal block all conections
from the disconnected user or only new connections? The behavior I'm seeing
indicates the second case. Is that correct?

Thank you,

Marcos Roberto Greiner



--
--
---
| Marcos Roberto Greiner
 |
|
|
| Os otimistas acham que estamos no melhor dos mundos   |
| Os pessimistas tem medo de que isto seja verdade  |
|
Murphy|
---
| [EMAIL PROTECTED]|
---


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Captive Portal bug + resource

2006-12-11 Thread Roberto Greiner

Him

I was doing a small test with the captive portal, and noticed a minor
glitch with the setup pages. In the Services/Captive Portal/Allowed IP
Addresses, when clicking to add a new IP, if you simply click save
without adding anything, the error message appears out of place, thrown
to the right side, when using firefox (I'm using 1.5, didn't test with
2.0). IE 6 renders the page properly.

Also about the captive portal, is it possible to send messages to
devices (like snmp) when a user logs in to the portal, or when he fails
to log?

Thank you,

Marcos Roberto Greiner

-- 
  -
Marcos Roberto Greiner

   Os otimistas acham que estamos no melhor dos mundos
Os pessimistas tem medo de que isto seja verdade
   Murphy
  -


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Captive Portal and DNS

2007-03-03 Thread Kelvin Chiang

Hi, anyone has any information how to pass DNS request packet through
captive portal? The problem I faced was that the computers configured
with a DNS server IP address instead of obtaining DNS server IP
dynamically cannot invoke the captive portal.
 
Regards,
Kelvin

[pfSense Support] captive portal "apply" button

2007-03-18 Thread Fuchs, Martin

Hi !

I think it might be an error in captive portal:

When changing some entry and then save them, there appear two "apply"
buttons:

http://pfsense.trendchiller.com/pics/cp_apply_error.jpg

Regards, Martin


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Captive portal sugesstion

2007-05-03 Thread Scott Ullrich


On 5/3/07, Mohd Saidy <[EMAIL PROTECTED]> wrote:

Hi,

1. Congratulation to developer that will release a new version of pfsense.
Nice jobs guys!
2. I'm using captive portal for authenticate my wireless user (right now
have about 700 users with approximately 100 cocurrent users), but when i
want to add user i take some memory and time to read all existing users. My
suggestions, why not split or group all user by 10 or 20 user by pages. For
example as below;


Users
1. abc1
2. abc2
3. abc3
4. abc4
5. abc5
6. abc6
7. abc7
8. abc8
9. abc9
10. abc10

<< 1 2 3 4 5 6 7 8 9 10 >>


Thank you


Thanks for the suggestion!  However we do not maintain the captive
portal implementation.   Maybe you could email the m0n0wall list with
your suggestion.

However, we are not against a bounty in our forum to help nudge this
along from our end.

Scott

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Captive Portal MAC Passthru

2007-06-16 Thread Fuchs, Martin

Hi !
Anyone out there using Captive Portal with passthru MAC ?

Because it just does not work form e... when adding a MAC adress it seems as i 
fit would be ignored.
When addind the IP it works again.
There does not come up any website asking for username and password... do I 
have to add some rule from WLAN ubnet towards pfsense or else ?
Is there anyone successfully using MAC-Filtering ?

I'm running the latest snapshot (6-6) and there's nothing in the logs...

Any hints ?

Greetings,

Martin

-Ursprüngliche Nachricht-
Von: Heiko Garbe [mailto:[EMAIL PROTECTED] 
Gesendet: Sonntag, 17. Juni 2007 00:04
An: support@pfsense.com
Betreff: Re: [pfSense Support] pfSense Firewall Logs: no ports listed !?

That´s not a multicast problem btw.

Take a look at the attachment-screenshot, where is the udp port number 500 for 
the vpn vector or any other port??

Greetings
heiko

Adam Armstrong schrieb:
> 224.0.0.2 is the "all routers" multicast address, and any traffic to 
> it is probably router discovery or something similar.
>
> adam.
>> That looks more like a protocol decode issue to me.  224.0.0.2 is a 
>> multicast address, I wouldn't be surprised if that really wasn't UDP.
>> Can you show an example of a TCP log entry w/out ports, or something 
>> to a non-multicast address?  Thanks
>>
>> --Bill
>>
>> On 6/16/07, Heiko Garbe <[EMAIL PROTECTED]> wrote:
>>> Hello,
>>> here is a screenshot. I think he means the firewall logs in the gui
>>> Greetings
>>> heiko
>>>
>>> Chris Buechler schrieb:
>>> > On Fri, 2007-06-15 at 18:01 +0200, Fuchs, Martin wrote:
>>> >
>>> >> Hi !
>>> >>
>>> >> In the firewall logs always was shown blocked traffic with the 
>>> >> ports that were used...
>>> >>
>>> >> Now with the 6-6 snapshot it does not display the ports anymore
>>> ... !?
>>> >>
>>> >> It's a little confusing and seems tob e a bit silly / senseless
>>> not to
>>> >> display the ports !?
>>> >>
>>> >>
>>> >
>>> > Can you post a screenshot? Not sure exactly what you mean, I 
>>> > haven't seen or heard of any issues.
>>> >
>>> >
>>> >
>>> > --
>>> > --- To unsubscribe, e-mail: [EMAIL PROTECTED] For 
>>> > additional commands, e-mail: [EMAIL PROTECTED]
>>> >
>>> >
>>> >
>>>
>>> 
>>> - To unsubscribe, e-mail: [EMAIL PROTECTED] For 
>>> additional commands, e-mail: [EMAIL PROTECTED]
>>>
>>>
>>
>> -
>> To unsubscribe, e-mail: [EMAIL PROTECTED] For 
>> additional commands, e-mail: [EMAIL PROTECTED]
>>
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional 
> commands, e-mail: [EMAIL PROTECTED]
>
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Captive portal and CARP

2007-08-15 Thread Jan Zorz


Hi gang.

I have two pfsense firewalls, fw1 and fw2, 10 VLAN interfaces and CARP 
addresses in between. Everything works fine, untill I enable Captive 
portal on one of interfaces.
First sign of trouble is, that all CARP interfaces on primary fw (fw1) 
goes to backup mode and fw2 becomes master. Then, if I disable CARP on 
fw2, fw1 goes to master mode (all interfaces). When I re-enable CARP on 
secondary firewall, all CARP interfaces goes to backup, except the 
interface, where Captive portal is enabled on fw1. This interface is 
suddenly in master mode on both firewalls.


I entered IP of that interface on fw2 into Captive portal "Allowed IP 
addresses", added MAC of that interface into "Passthrough MAC" in 
Captive portal configuration, I added "allow any->any" rule on that 
interface on fw1, but no luck.


Any idea? My first thought is that CARP packets gets blocked on fw1, but 
no quick idea why...


And, if even this starts to work, what would happen if fw1 dies and CARP 
on fw2 takes over? Is there any possibility to have "synchronized 
Captive portal" on both fw's?


Thank you, Jan Zorz.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Captive Portal Design documents

2007-10-01 Thread Dziuk, Fred J

Our campus is using PfSense to control wireless access to our network
via the Captive Portal and becoming very reliant on its operation.  I do
not want to necessarily become a developer to have technical
troubleshooting skills.  But I would like to have a document that
describes the basics of the Captive Portal operations and was hoping for
some links to some detailed design/operational documents other than
source code.  Questions I have:

1.   How does the CP determine if a user needs to be authenticated?

2.   Once authenticated, where is the user information kept?

3.   I can issue PF and IPFW commands in the shell - Are both used
in CP?

4.   We have some users that some how disappear from the CP user
list, but can still get through to the WAN.  How do I debug this?

5.   Seems like there are extra entries in the firewall ruleset that
keep accumulating and never get removed.  How do I clean this up?

 

  I have put out a few questions/problems to this list and have not
received a single response.  We are establishing an account for the
commercial support, but we would like to have some local expertise.
Thanks for any insight in the Captive Portal's operation.

 

Fred Dziuk

The Univ. of Texas Health Science Center at San Antonio

Systems and Network Operations

210-567-2117

Re: [pfSense Support] Captive Portal trouble

2008-01-20 Thread Curtis LaMasters

Try clearing your state table and seeing if that fixes the issue.

Curtis

RE: [pfSense Support] Captive Portal trouble

2008-01-20 Thread Yannick Fauconnier

Just tried, and no changes :(

Yannick

From: Curtis LaMasters [mailto:[EMAIL PROTECTED]
Sent: dimanche 20 janvier 2008 23:47
To: support@pfsense.com
Subject: Re: [pfSense Support] Captive Portal trouble

Try clearing your state table and seeing if that fixes the issue.

Curtis

Re: [pfSense Support] Captive Portal trouble

2008-01-20 Thread Curtis LaMasters

Did you already try disabling your transparent proxy?  What are you using
for your captive portal login page?

Curtis

RE: [pfSense Support] Captive Portal trouble

2008-01-20 Thread Yannick Fauconnier

Already tried to disable transparent proxy, change the interface of the proxy 
from lan to wan but didn't help.

AS authentication page, I just create a blank html page where I copy/pasted the 
form :

http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
http://www.w3.org/1999/xhtml";>


Untitled Document



Private Room

   
 
 
 
 
   




Regards

From: Curtis LaMasters [mailto:[EMAIL PROTECTED]
Sent: lundi 21 janvier 2008 2:20
To: support@pfsense.com
Subject: Re: [pfSense Support] Captive Portal trouble

Did you already try disabling your transparent proxy?  What are you using for 
your captive portal login page?

Curtis

[pfSense Support] captive portal with cookie

2008-02-05 Thread Ugo Bellavance


Hi,

	I've seen that microtik has an option of using cookies to authenticate 
users (captive portal).  Is there something similar in pfsense?  I'm 
thinking about using the captive portal for auth of subscribers to a 
WiFi service, but I'd rather not have them enter their credentials 
everytime they close their browser.  Is it possible?


Regards,

Ugo


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Captive portal locking up?

2008-12-02 Thread Atkins, Dwane P

We are currently using 1.2 RC1 on a Dell Power Edge R200 and 1.2 Release
on a Dell Power Edge 860.

 

In the last couple of weeks, the devices has stopped working for those
who are NOT already connected.  If you are connected, you maintain the
capability to gain access.  Each time I have gone to the device, we
receive and error message:

 

IPFW2; Ipv6- unknown extension number (5), ext-hd eq 2

 

 

Why?  And is this what is stopping personnel from gaining access and is
there a fix for it?

 

Thanks


Dwane

 

 

Dwane Atkins

Senior Network Analyst

IMS-System & Network Operations 

University of Texas Health Science Center at San Antonio 

Tel: 210-567-0158

http://ims.uthscsa.edu

RE: [pfSense Support] Captive Portal Issues

2009-03-03 Thread Atkins, Dwane P

My apologies that should say "our pfsenses" and not  "our flenses"

 

 

 



From: Atkins, Dwane P [mailto:atki...@uthscsa.edu] 
Sent: Tuesday, March 03, 2009 10:30 AM
To: support@pfsense.com
Subject: [pfSense Support] Captive Portal Issues

 

We have been running pfSense as a Captive Portal for quite sometime.
Lately, our flenses have had services that were locking up.  You could
view items on the GUI, but could not execute a Captive Portal lookup or
a Halt System or Reboot System.  And if you ssh'ed into the system, you
could not execute either or a web configurator restart either.

 

On the particular system we had this happen to lately, we were using
1.2.1-RC2 and have had it happen on 1.2.2.  We did recently upgrade to
1.2.3-PRERELEASE-TESTING-VERSION and have not had it up long enough to
determine if this version had the same issue.

 

This is the error that was in the /var/log/ lighttpd.error.log

 

2009-03-03 09:04:58: (mod_fastcgi.c.2956) backend died; we'll disable it
for 5 seconds and send the request to another backend instead:
reconnects: 0 load: 192 

2009-03-03 09:04:59: (mod_fastcgi.c.3568) all handlers for  /index.php
on .php are down.

 

This was on the monitor hooked up to the pfSense device

 

 

IPFW: IPV6 - Unknown Extension Header(10), ext 2

IPFW: IPV6 - Unknown Extension Header(5), ext 2

 

Thanks

Re: [pfSense Support] Captive Portal Question

2009-05-07 Thread RB

On Thu, May 7, 2009 at 15:55, Tim Dressel  wrote:
> 1. What is the limitation on the number of mac-bypass entries? And is
> what I am seeing expected with 300 entries?

I'm sure someone will chime in with the precise ipfw limitation, but
this is mostly going to be dependent on your system's performance
specs - memory & CPU.

> 2. If I should not be doing this with 300 clients, is anyone using
> another FOSS product to do MAC authenticated control outbound from
> their firewall?

Possibly, but [as I hope you know] MAC filtering only keeps honest
people honest, it is in no way any form of authentication.  At that
number of unique users, you may be better served by setting up an
actual RADIUS server to do proper authentication and AAA instead of
manually maintaining tables.

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] Captive Portal Question

2009-05-07 Thread Chris Flugstad





I was going to ask what hardware you were running this on.  We have a
rather large list of MAC addresses in our captive portal and it works
fine.  Its a dual opteron/4 gigs of ram.   Probably overkill, so it
wont help you know what you need, but if your running 128  ram or even
256, its bare bone minimum.



Chris Flugstad
Cascadelink
900 1st ave s, suite 201a
seattle, wa 98134
p: 206.774.3660 | f: 206.577.5066
ch...@cascadelink.com



RB wrote:

  On Thu, May 7, 2009 at 15:55, Tim Dressel  wrote:
  
  
1. What is the limitation on the number of mac-bypass entries? And is
what I am seeing expected with 300 entries?

  
  
I'm sure someone will chime in with the precise ipfw limitation, but
this is mostly going to be dependent on your system's performance
specs - memory & CPU.

  
  
2. If I should not be doing this with 300 clients, is anyone using
another FOSS product to do MAC authenticated control outbound from
their firewall?

  
  
Possibly, but [as I hope you know] MAC filtering only keeps honest
people honest, it is in no way any form of authentication.  At that
number of unique users, you may be better served by setting up an
actual RADIUS server to do proper authentication and AAA instead of
manually maintaining tables.

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

  




-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] Captive Portal Question

2009-05-07 Thread Tim Dressel

It's a P4 2.something, 40gb disk, 1gb ram.



On Thu, May 7, 2009 at 4:43 PM, Chris Flugstad  wrote:
> I was going to ask what hardware you were running this on.  We have a rather
> large list of MAC addresses in our captive portal and it works fine.  Its a
> dual opteron/4 gigs of ram.   Probably overkill, so it wont help you know
> what you need, but if your running 128  ram or even 256, its bare bone
> minimum.
>
> Chris Flugstad
> Cascadelink
> 900 1st ave s, suite 201a
> seattle, wa 98134
> p: 206.774.3660 | f: 206.577.5066
> ch...@cascadelink.com
>
> RB wrote:
>
> On Thu, May 7, 2009 at 15:55, Tim Dressel  wrote:
>
>
> 1. What is the limitation on the number of mac-bypass entries? And is
> what I am seeing expected with 300 entries?
>
>
> I'm sure someone will chime in with the precise ipfw limitation, but
> this is mostly going to be dependent on your system's performance
> specs - memory & CPU.
>
>
>
> 2. If I should not be doing this with 300 clients, is anyone using
> another FOSS product to do MAC authenticated control outbound from
> their firewall?
>
>
> Possibly, but [as I hope you know] MAC filtering only keeps honest
> people honest, it is in no way any form of authentication.  At that
> number of unique users, you may be better served by setting up an
> actual RADIUS server to do proper authentication and AAA instead of
> manually maintaining tables.
>
> -
> To unsubscribe, e-mail: support-unsubscr...@pfsense.com
> For additional commands, e-mail: support-h...@pfsense.com
>
> Commercial support available - https://portal.pfsense.org
>
>
>
> - To
> unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional
> commands, e-mail: support-h...@pfsense.com Commercial support available -
> https://portal.pfsense.org

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

RE: [pfSense Support] Captive Portal Question

2009-05-08 Thread Dimitri Rodis

We have a pfSense setup with the FreeRADIUS package that authenticates folks 
that plug in to HP 3500yl and 2626 switches-- the set up is for a few 
executive office suite buildings that are linked together by fiber and all 
share a single 10Mb symmetric connection to the internet. 0 problems for about 
15 months now--still running on 1.2-release. If you have some good managed 
switches, that's the way to do it IMHO.

Dimitri Rodis
Integrita Systems LLC
http://www.integritasystems.com

-Original Message-
From: RB [mailto:aoz@gmail.com]
Sent: Thursday, May 07, 2009 3:16 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Captive Portal Question

On Thu, May 7, 2009 at 15:55, Tim Dressel  wrote:
> 1. What is the limitation on the number of mac-bypass entries? And is
> what I am seeing expected with 300 entries?

I'm sure someone will chime in with the precise ipfw limitation, but
this is mostly going to be dependent on your system's performance
specs - memory & CPU.

> 2. If I should not be doing this with 300 clients, is anyone using
> another FOSS product to do MAC authenticated control outbound from
> their firewall?

Possibly, but [as I hope you know] MAC filtering only keeps honest
people honest, it is in no way any form of authentication.  At that
number of unique users, you may be better served by setting up an
actual RADIUS server to do proper authentication and AAA instead of
manually maintaining tables.

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

smime.p7s
Description: S/MIME cryptographic signature

Re: [pfSense Support] Captive Portal Question

2009-05-08 Thread Tim Dressel

Hi folks,

Just an update. I built a new machine from the ground up today. Took a
backup from the old machine, and just copied and pasted the 300+
mac-bypass entries into the new config file. Everything is working
well, and as expected.

I'm interested though Dimitri on the switch issue. I'm connected
entirely to new managed HP 2848's and 2510G-48's and I have great LAN
performance. Are you doing something directly with your switches as
far as authentication goes, or did you just include the switches for
completeness?

Finally, I'd appreciate any feedback out there on installs with counts
on mac bypass entries topping a 1000 count. I am considering tying
together several of my networks and would like to know what the upper
end on the captive portal looks like.

Thanks!



On Fri, May 8, 2009 at 1:33 AM, Dimitri Rodis
 wrote:
> We have a pfSense setup with the FreeRADIUS package that authenticates folks
> that plug in to HP 3500yl and 2626 switches-- the set up is for a few
> executive office suite buildings that are linked together by fiber and all
> share a single 10Mb symmetric connection to the internet. 0 problems for about
> 15 months now--still running on 1.2-release. If you have some good managed
> switches, that's the way to do it IMHO.
>
> Dimitri Rodis
> Integrita Systems LLC
> http://www.integritasystems.com
>
> -Original Message-
> From: RB [mailto:aoz@gmail.com]
> Sent: Thursday, May 07, 2009 3:16 PM
> To: support@pfsense.com
> Subject: Re: [pfSense Support] Captive Portal Question
>
> On Thu, May 7, 2009 at 15:55, Tim Dressel  wrote:
>> 1. What is the limitation on the number of mac-bypass entries? And is
>> what I am seeing expected with 300 entries?
>
> I'm sure someone will chime in with the precise ipfw limitation, but
> this is mostly going to be dependent on your system's performance
> specs - memory & CPU.
>
>> 2. If I should not be doing this with 300 clients, is anyone using
>> another FOSS product to do MAC authenticated control outbound from
>> their firewall?
>
> Possibly, but [as I hope you know] MAC filtering only keeps honest
> people honest, it is in no way any form of authentication.  At that
> number of unique users, you may be better served by setting up an
> actual RADIUS server to do proper authentication and AAA instead of
> manually maintaining tables.
>
> -
> To unsubscribe, e-mail: support-unsubscr...@pfsense.com
> For additional commands, e-mail: support-h...@pfsense.com
>
> Commercial support available - https://portal.pfsense.org
>
>

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] Captive Portal Question

2009-05-08 Thread RB

On Fri, May 8, 2009 at 22:06, Tim Dressel  wrote:
> Finally, I'd appreciate any feedback out there on installs with counts
> on mac bypass entries topping a 1000 count. I am considering tying
> together several of my networks and would like to know what the upper
> end on the captive portal looks like.

The captive portal's default configuration is to filter users by MAC
address.  The main difference between that and what you're doing is
that the MAC entries are made dynamically each time a user logs in.
That said, I have run a pair of Dell 2660s (dual 2GHz, 2GB) in that
default configuration over a high-churn environment with several
thousand unique clients per day with no ill effect.

My concern was not whether pfSense could handle the number of entries,
but mainly administrative overhead.  Maintaining a list of even 100
MACs is terribly cumbersome, especially considering how trivial
MAC-only authentication is to bypass.  Additionally, some of pfSense's
GUI components just don't scale well - there are some diagnostic pages
(DHCP status, CP status, ARP tables, etc.) that I've just become
accustomed to not using if the client count is over a couple hundred.

Check your system's RRD graphs during the slowdown - if your states,
queues, or CPU aren't pegged, pfSense is likely not the culprit.

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

1 2 3 >

1 - 100 of 205 matches

Mail list logo