Messages

Dear Franco/Opnsense Team,

Issue remains same with Active Directory authentication also. So its very clear that Captive Portal Authentication does use only IP address for authentication to Squid and not username.

No one else has this issue ? I saw in pfsense has the same issue some one reported the it here.
https://forum.netgate.com/topic/110107/no-usernames-in-squid-logs-when-using-captive-portal/5 . They have asked to fix it in https://github.com/pfsense/FreeBSD-ports/blob/devel/www/pfSense-pkg-squid/files/usr/local/bin/check_ip.php#L52

I dont see the same code check_ip.php in Opnsense code path.  So suggest me the script i need to look for to fix this .

Authentication work fine, the issue is on logging the username. I see couple of posts regarding logging issue with Squid and Captive portal. Squid only logs mac and ip address and not the username. Captive portal logs the AUTH session details. The issue is mainly how Captive portal parse the userid so that squid.conf can understand and could push the username in extended-log/syslog. I doubt this is more do to with Captive portal or local authentication. Please correct me if i am wrong.

Dear Franco,
I think the particular authentication syslog never get logged into the system.log or squid log I could only see in portal log for the username auth. So I think the issue exist some whereelse. Do you think trying with active directory make sense ? Or issue with local authentication.

Thanks for the heads up but I would definitely try 19.7a however getting username fixed is going to be first priority now. I am sure I can test 19.7 sometime and share some feedback on this regard.

Sent from my Redmi 6 Pro using Tapatalk

Thanks Franco. But I would like to stay with 19.2 since 19.7 is beta. Can you point me to the script location used for the extended loging in squid+captive portal.

Sent from my Redmi 6 Pro using Tapatalk

Hi All,
I am testing Opnsene 19.2 have enabled Captive Portal and Transparent proxy for HTTP/HTTPS. My problem is that when i check the Squid Log i could only see the client logged IP address and mac but not the username. Is that as per design ? Do we have a way to get it working by tweaking configuration/patch ? Or What should be the best approach?  if I have to write a script to append authenticated username via Captive Portal  in Squid access log along with IP address, mac and username suggest me where to start with.

Thanks

Hello Alexander,

I still have the issue. You can check this out https://forum.opnsense.org/index.php?topic=3856.msg13582#msg13582. My issue was same on similar setup.

Any update, Please suggest as the issue still exist on my setup.

The only visible piece that sticks out is the requirement of having both gateways on the same tier in order for load balancing to apply. I've asked for the rules dump from the system to see if it gets applied or not. :)

Franco,
I have sent you the dump of rule thru PM, Looks to me there is some issue in the core. The second gateway is not getting load even i set the Weight as 2, the situation became worsen.

There seems to be a bug right ? pls confirm..

The only visible piece that sticks out is the requirement of having both gateways on the same tier in order for load balancing to apply. I've asked for the rules dump from the system to see if it gets applied or not. :)

Franco,
I have sent you the dump of rule thru PM, Looks to me there is some issue in the core. The second gateway is not getting load even i set the Weight as 2, the situation became worsen.

Thanks Franco.

I am puzzled now, I have followed exact steps mentioned here (even started with config default).

https://docs.opnsense.org/manual/how-tos/multiwan.html

If i have to explain bit more here is what my setup looks like

192.168.30.10 (Firewall LAN)
192.168.2.1 (WAN1)
192.168.1.1 (WAN 2)

I have not setup any other services , as its a default configuration then followed up with Setup-wizard - > Interface assign& configure -> WAN grouping that's all. (pretty much light weight config)

Do you want to have a look at my configuration dump ?

Thanks Julien.

Admins-
Does opnsense keep track of bugs/issues?  Do you have any existing bug number for this issue ?

hmm that seems to be an issue to me. I dont have a squid setup to try now.

We have seen issues with Multi-wan it actually never worked for us .Did your MULTIWAN setup worked well  (load balancing/failover) and issues is only with NAT?

I have seen you have set up 100M its not 50G. Can you check your configuration again ?