OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: ackahforson on March 10, 2017, 05:52:14 pm

Title: Captive portal MAC address clone
Post by: ackahforson on March 10, 2017, 05:52:14 pm
Hello,
Captive portal logs devices with the mac address of the wifi repeater (dd-wrt on linksys WRT54G) instead of clients pc or phone mac. DHCP however assigns captures real MAC of devices with the IP leases. This forces the clients to re-login multiple times in the day, especially when they move from a repeater to another. Is this normal behavior or a bug?
below is my network topography
                      Internet
                            |
                 OPNsense Router
                 |                     |
      (LAN no DHCP)        (WIFI with DHCP)
       192.168.3.0/24                 192.168.4.0/24
                |                                |
  CLIENT PC's (static IPS)          Repeaters x 3
                                                     |
                                                CLIENT PC's

The LAN (WIRED) network is connected to a switch with an already existing network DHCP enabled 172...... so enabling DHCP on that network posses a lot of discomfort for both networks as no one can tell where the address will be issued from.
Any help  with the repeaters masking the mac address of the clients is greatly appreciated. I am also open to suggestions concerning optimizing my network setup.
Title: Re: Captive portal MAC address clone
Post by: fabian on March 10, 2017, 08:15:17 pm
Your repeater may be a routing device which is forwarding your traffic (and not a fully transparent bridge). Note that DHCP has a field containing a forwarding device.
Title: Re: Captive portal MAC address clone
Post by: ackahforson on March 10, 2017, 08:23:46 pm
Thank you for the response . Could you please clarify:
.... Note that DHCP has a field containing a forwarding device.

Title: Re: Captive portal MAC address clone
Post by: fabian on March 10, 2017, 08:33:30 pm
You have two networks attached on your repeater. One is connected to your OPNsense WLAN and one is another WLAN but in another Network and the device is routing between the networks. In this case, the DHCP packets will not be sent to your DHCP server and a forwarder is required. This is not required if the two wireless cards are bridged. The first case would explain the thing with the changed MAC address.
Title: Re: Captive portal MAC address clone
Post by: ackahforson on March 10, 2017, 08:53:09 pm
If I may,
1. OPNsense wifi network (on board wifi card 192.168.4.1) is running a DHCP server
2. SSID of OPNsense onboard wifi is being repeated by LinksysWRT54G running dd-wrt in repeater bridge mode.
3. Clients connecting to OPNsense wifi network and the repeater bridge signal both receive unique IP addresses from the DHCP pool.
4. In Services>DHCP>leases , I see all connected clients (both via repeater and direct AP link) with their unique IP and MAC addresses.
5. However only in Captive Portal do I see the clients MAC replaced with the repeaters MAC

I do not know if its relevant but, I was earlier having issues with captive portal login for the wifi interface due to very short session timeouts (apparently an issue in parsing the mac addresses), A patch (opnsense-patch 3151c87) was applied to remedy the situation.
Title: Re: Captive portal MAC address clone
Post by: fabian on March 10, 2017, 09:07:24 pm
In this case your repeater seems to rewrite the frame header addresses, which makes sense in case of wireless (so OPNsense sends the frames back to the repeater which can send the data to the hosts). You should check the ARP and NDP cache on OPNsense, the repeater and your host.
Title: Re: Captive portal MAC address clone
Post by: ackahforson on March 10, 2017, 09:18:32 pm
Thank you very much for the insight. Will update when I return to the site.