another issue:
I put the same code under lighttpd running on 80 port and it works nice!
Only when i try to use the captive portal under 8000 port that´s hanging.
Weird?
Regards,
Luiz Vaz
2006/2/16, Luiz Vaz <[EMAIL PROTECTED]>:
It´s unselected. I disabled block private networks...
The weird stuff is show by tcpdump:
# tcpdump -vvv -i lnc1 -n udp
tcpdump: listening on lnc1, link-type EN10MB (Ethernet), capture size 96 bytes
22:17: 50.316598 IP (tos 0x0, ttl 64, id 39331, offset 0, flags [none], proto: UDP (17), length: 84) 192.168.160.129.64567 > 200.184.125.*.1812: RADIUS, length: 56
Access Request (1), id: 0x60, Authenticator: 9abd35f98f741cd686e9d156dd437672
Username Attribute (1), length: 6, Value: joao
0x0000: 6a6f 616f
Password Attribute (2), length: 18, Value:
0x0000: 53b3 5002 de8e bc62 6748 bed3 a512 80fb
NAS Port Attribute (5), length: 6, Value: 5060
0x0000: 0000 13c4 [|radius]
22:17:50.569263 IP (tos 0x0, ttl 128, id 417, offset 0, flags [none], proto: UDP (17), length: 58) 200.184.125.*.1812 > 192.168.160.129.64567: [udp sum ok] RADIUS, length: 30
Access Accept (2), id: 0x60, Authenticator: ba3ed3255eca57439bc67802b234f09b
Reply Attribute (18), length: 10, Value: Ol. jo.o
0x0000: 4f6c e120 6a6f e36f
22:17:50.783098 IP (tos 0x0, ttl 64, id 44027, offset 0, flags [none], proto: UDP (17), length: 72) 192.168.160.129.62375 > 200.184.195.*.1812: [udp sum ok] RADIUS, length: 44
Access Request (1), id: 0xbf, Authenticator: 67f58126f94a4540766fc244f86dac28
Username Attribute (1), length: 6, Value: joao
0x0000: 6a6f 616f
Password Attribute (2), length: 18, Value:
0x0000: 1d22 19cb 0707 ed6c a075 546a abbf eb93
^C
3 packets captured
25 packets received by filter
0 packets dropped by kernel
As you can see, the request is received by radius and sent back with the correct response. But the response is mysteriously ignored.... So the radiusclient try again without knowning it.
Best Regards,
Luiz Vaz2006/2/16, Scott Ullrich <[EMAIL PROTECTED]>:What does interfaces, WAN, Block private networks show?
On 2/15/06, Luiz Vaz <[EMAIL PROTECTED]> wrote:
> Hi All,
>
> I am using the pfSense on VMWare using the developers image.
> On the same machine i setup another VM with Win98.
> Everything is working good, DHCP, Captive Portal (NoAuth and
> LocalUserList).
>
> But, some strange stuff happens when i choose Radius Auth!
> My Radius server is another machine running outside world.
> In the firewall i allowed IN and OUT to UDP 1812, 1813 ports...
>
> When i try to login thru captive portal in Win98, it´s hanging.
> But calling the radius using NTRadPing inside the same Win98, it works!
> And using a radiusclient inside pfSense works too.
>
> Only when the php try to retrieve the info from Radius hangs.
> No matter if it use the custom radius code or using the libradius
> extension.
>
> My VMWare Net is:
> - Win98: 192.168.65.131
> - pfSense: 192.168.65.130 (LAN)
> - pfSense: 192.168.160.129 (WAN)
> - VMWare NAT: 192.168.160.130
> - VMWare Gateway: 192.168.160.2
>
> Obs.: My Machine is using a DSL router with WinXP for the tests and Dev.
>
>
>
> A deep look in the calls showed this log in pftop:
>
> Using NTRadPing:
> udp In 192.168.65.131:1076 200.184.125.*:1812 SINGLE:MULTIPLE
>
> udp Out 192.168.65.131:1076 200.184.125.*:1812 MULTIPLE:SINGLE
>
>
> Output:
> Sending authentication request to server 200.184.125.*:1812
> Transmitting packet, code=1 id=6 length=44
> Received response from server in 600 miliseconds
> Replay packet code=2 id=6 length=30
> Response: Accept-Accept
>
>
>
> Captive Portal:
> tcp In 192.168.65.131:1077 192.168.65.130:8000
> ESTABLISHED:ESTABLISHED
> udp Out 192.168.160.129:61371 200.184.125.*:1812 MULTIPLE:SINGLE
>
> udp Out 192.168.160.129:64110 200.184.195.*:1812
> SINGLE:NO_TRAFFIC
>
> Output:
> Radius Error: No valid RADIUS responses received.
>
>
>
> My surprise is that the pfSense call to radius and it´s reply (I run
> Radius in DebugMode).
> But the pfSense don´t receive the response.
>
> I guess that i missed something on firewall. ;)
>
>
> Anyone had some ideia about what's happen?
> Or any tip to find it out?
>
>
> Best Regards,
> Luiz Vaz
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
