Messages

1

General Discussion / Re: pfSense takes a very bad turn, it's over!

« on: November 07, 2017, 11:37:39 am »

I give you an assessment of my various tests concerning the migration to OPNsense.
Regarding Freeradius, everything works very well, identification is good, in short, it's like pfS !

On the part Captive Portal, Traffic Shaper does the job perfectly, however and as I mentioned above, it lacks various features, we find the MAC addresses allowed, but nothing to block, or customize the bandwidth. I watched how pfS generates its rules, and here is the result with the name "test", and a bandwidth of 300Kbit :

Code: [Select]

table _pipe_mac delete any,08:00:27:00:00:00
table _pipe_mac delete 08:00:27:00:00:00,any
pipe delete 2000
pipe delete 2001
pipe 2000 config bw 300Kbit/s queue 100 buckets 16
pipe 2001 config bw 300Kbit/s queue 100 buckets 16
table test_pipe_mac add any,08:00:27:00:00:00 2000
table test_pipe_mac add 08:00:27:00:00:00,any 2001
Another missing feature, and useful for those who want to do external activations, is the Allowed Hostnames option. I looked at their source codes, and the function captiveportal_allowedip_configure_entry is all stupid, it uses the internal gethostbyname function of PHP to convert the hostname to IP, then generates its rules with also a bandwidth personalized.

To conclude, there is not much missing, for those who wish to make the leap to OPNsense, the integration of the bandwidth for each zone, and something quite possible, and fast enough to put in place. However, on comments from your GitHub repository, your architecture is totally different, and can not easily incorporate the same rules as pfS.
It is a challenge that I would have to take up, but between redoing my identification portal with registration form, plus the addition of working with tests, it is a job that would take me too much time to achieve.

I found so far the solution to virtualize under pfS, with Bhyve, a beautiful emulator that does not even require a graphical environment, because the framebuffer part does it in IP under VNC:

Code: [Select]

-s 7,fbuf,tcp=0.0.0.0:5900,w=1024,h=768,waithttps://www.ateamsystems.com/tech-blog/howto-windows-10-bhyve-w-freebsd-11/

I was able to install a Windows 10, and facilitate my testing of each VLAN linked to an area of ​​the captive portal, in the end, I do not need to have a second PC desktop to remotely test the result of my Wifi portals.

So I will stay for the moment under pfS, to catch up the delay that I cumulated during these last weeks, and to plan later the migration towards OPNsense.

Question: Will we ever have the opportunity to have these few missing features ?
If no certainty, do you advise me to make it under a plugin, or an agreement to do it on the core of OPNsense, and after validation on your part, you will add it on your deposit ?

2

Hardware and Performance / Re: qotom i5-5250U

« on: November 03, 2017, 01:03:09 am »

I sent the manufacturer, my patch for compatibility with the Intel IEEE 802.11ac wireless network driver.
Here is the link of my script for pfSense : https://mega.nz/#!OEdGAIYa!nh9gejIJswBjpBRRzwuX6mVZb4Zu2Wz8rRO-GX3sExs
I will send you very soon for OPNsense, because it does not work in the same way, I must add the loading modules in the folder /usr/local/etc/rc.loader.d, because I do not uses pfSense for banishment related to this script, and the closing of the Kernel source code.

3

General Discussion / Re: pfSense takes a very bad turn, it's over!

« on: October 31, 2017, 01:59:06 pm »

That's what I tried to do, but I gave up when I saw the absence of option, and that I had not managed to use FreeRADIUS locally, because I only want to use on the Captive Portal, and not for users of OPNsense.
I'm going to re-test this tonight, because I just saw that mimugmail did an update that partially fulfills my need, with the management of a rate limit: https://github.com/opnsense/plugins/pull/313

I will then return you to a new subject.

4

General Discussion / Re: Please Make a Donation to OPNsense

« on: October 30, 2017, 10:46:16 pm »

A donation worth 150 euros !
An excellent welcome on the forum, and a motivation to evolve the project OPNsense, the next generation is there and long live the open source !

5

General Discussion / Re: pfSense takes a very bad turn, it's over!

« on: October 30, 2017, 10:25:33 pm »

That's exactly what I told myself, it's completely different, and I remain confident that these missing features will be available on future releases, and will cause a determination to switch to your OS.

6

General Discussion / Re: pfSense takes a very bad turn, it's over!

« on: October 30, 2017, 07:54:28 am »

EDIT: Sorry for the double post, I just found the Modified button.
Thinking about all these "HTML" fields, it might be easier to just make a field mark "Configuration Manually", and to add our options and value in it, one can in the same principle as a setting file PHP (php.ini).

7

General Discussion / Re: pfSense takes a very bad turn, it's over!

« on: October 30, 2017, 07:44:36 am »

Thank you for your proposal, it will be very useful because I lost too much time with them.

In fact, I use the captive portal with Freeradius, and file mode to archive users registered in the backup file XML (not very optimizing, but I did not find better to predict migrations), your proposal is therefore very interesting, if in addition we can make a backup of the file SQLite in the appropriate section !

In the captive portal, I can create a zone, assigning each a limit rate, I can also under a tab of the zone create, allow addresses MAC, with in the same form the setting of the rate limit, it is useful for quick interventions, which have the advantage of having a custom rate limit, and will not go through the captive portal login form.

Code: [Select]

Default download (Kbit/s)
Default upload (Kbit/s)
If this option is set, the captive portal will restrict each user who logs in to the specified default bandwidth. RADIUS can override the default settings. Leave empty for no limit.
In Freeradius, I can assign several options including :

Code: [Select]

Username
Password
Password Encryption
Number of Simultaneous Connections
Description
Expiration Date
Maximum Bandwidth Down
Maximum Bandwidth Up
For Expiration Date, I control it from a cron, which auto deletes the accounts after one year, and the Number of Simultaneous Connections is also control by my script PHP.
Otherwise, you can simplify this by adding a field like the one I already use :

Code: [Select]

Advanced Configuration
Additional RADIUS Attributes on the TOP of this entry
Additional RADIUS Attributes (CHECK-ITEM)
Additional RADIUS Attributes (REPLY-ITEM)
In the end, I can administer a list of users that is in the Freeradius section, and check those who log into the captive portal section.

I do not use, but we can also set a rate limit for each user, by creating or modifying the user in Freeradius, but I do not use this option, I attribute it directly to each user zone of ​​the captive portal.


I do not dare to do it, but I can print you screens, without displaying the logo of the OS ?

I would otherwise look at your documents, and I think I would not have much work to do because your solution works with an excellent API !

8

General Discussion / pfSense takes a very bad turn, it's over!

« on: October 30, 2017, 12:02:51 am »

Hello everyone,
Loyal user of pfSense, for its wealth of captive portal and the management of users under FreeRadius, developers have decided to no longer share their source code Kernel, and therefore no longer customize for example make it compatible with Virtualbox.
I just experienced a ban from a certain Ivor, so who had advised me to open a ticket on their Redmine, indicating a very correct content, and that apparently did not suit him not, on the fact that it is itself announce a resumption of the sharing of the kernel on their deposit GIT, when they will be ready to do it, and who I think, does not remember even more of that!

In short, disgrace, I have to start all over again, on a long development of my captive portal.
I discover that can OPNsense, unfortunately with missing features on the management of users and the establishment of a rate limit, I hope to get around this very quickly.

Other people have recently been banished to their forum, I think you will have a real profit to recover all these users.