Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - tomj@northwestusa.com

#1
Franco,

I have not been able to get OPNsense to talk to FreeRadius in Captive Portal.

Last week and today, I tried several times to get CaptivePortal MAC Authentication working/talking to an external FreeRadius server.  I am on the latest OPNsense software I downloaded today:
     Versions OPNsense 15.1.12-amd64
     FreeBSD 10.1-RELEASE-p12
     OpenSSL 1.0.2c 12 Jun 2015


I do not even see the query on the FreeRadius server logs.

My test network consisted of existing in-use in-production FreeRadius servers and PfSense servers.

The Captive Portal settings used in working PfSense servers were copied into the OPNsense Captive Portal settings.  I also re-checked and re-verified all of my settings several times.  At this time, it appears the OPNsence Captive Portal is not checking to talking to my FreeRadius servers.

Are there some CLI command lines I can use to manually perform some testing which will enable me to see the status of communication to an external FreeRadius server for MAC authentication checks.

North Idaho Tom Jones
#2
Right now - every day.

Later, only when I am checking something.
#3
One suggestion.
On the main OpnSense web page dashboard, I think a reserved window pane of a few lines of information from the OpnSense team which automatically show up on the main dashboard could be a neat thing.

Lets say there is an announcement or something, if the OpnSense dashboard could auto check and grab a brief message, then you have a pretty neat method of quickly getting info to administrators who manage OpnSense without the need to daily check these forums.  This could be an administrator off or on or manual poll selectable feature.

My 1st two cents.
#4
Quote from: franco on June 16, 2015, 10:13:51 AM

(2) What do you mean by "support"? Which of the interfaces do use the captive portal? LAN only or really *all* of them?

Cheers,
Franco

By "support", I am wanting build & test a 3-Ethernet CP system.
1st Ethernet:  WAN - Live IPs
2nd Ethernet: LAN - Live IPs (No NAT).  Captive Portal with MAC authentication and Bandwidth up/down limits (getting info from my FreeRadius servers).
3rd Ethernet:  OPT1_Radius:  A private network dedicated for CP to use to talk to my FreeRadius servers.  This network has no user traffic.  It is dedicated for CP communications to my FreeRadius servers.  This way, if the WAN or LAN for some reason becomes saturated, I still have good clean access from CP to my FreeRadius servers for Auth & Accounting.  Below is a sample of one of the thousands of user accounts in my FreeRadius servers:
#
22-22-22-e3-f8-23 Cleartext-Password:= "pfsenseietf"
        WISPr-Bandwidth-Max-Up = 180000,
        WISPr-Bandwidth-Max-Down = 256000
#
Typically, I would use many CP systems in different places for different customer networks.  Some accounts are 1/4 th a meg up/down and some accounts are 100 meg up/down.  Some are natted, some are routed.  All are virtual.
#5
Franco,

Thank you for your reply.

I would like to sign up as a tester for, routing, CP, firewall, Nat, bandwidth control functions to assist in testing OpnSense.  I've got multi-gigibits of Internet connectivity, thousands of networks consisting of Lans (some are super nets), about 1000 WiFi WISP customers, FTTH customers, businesses & home users.  Plenty of horse power on some VMware ESXi servers.

How may I help?  Need a dedicated download server (rsynced I would assume).

I just love it when a good clean project pulls together to better everybody.

North Idaho Tom Jones
#6
Hello everybody.  I am brand spanking new to this OpnSense forum.  I have high hopes for OpnSense :)

I have used PfSense Captive Portal for many years now and because of issues I have been experiencing with the other CP, I am trying to build on OpnSense and get a Captive Portal running.

Here is some back ground info:
#1 - WAN & LAN * Opt_FreeRadius  (three networks - the "Opt_FreeRadius" is a 3rd network just for talking to my FreeRadius servers.
#2 - Captive Portal users to authenticate using Radius is about 120 to 500 simultaneous Ethernet connected users.
#3 - I use bandwidth control for up & down from FreeRadius so that Captive Portal can rate-limit client speeds.
#4 - No NAT - all LIve IPs
#5 - I currently run about 6 different Captive Portal systems.

I am having some problems with CP and I have check and rechecked my CP settings.

Question #1 - Is CP operational at this time using external FreeRadius servers?
Question #2 - Does CP support the three networks the way I described my network?
Question #3 - How stable is the CP with Radius at this time?

---  The reason I am changing form PfSense Captive Portal to OpnSense Captive Portal is for the following reason:
PfSense appears to be having problems not authentication all users to the FreeRadius servers.  I have verified and rebuild and re-verified my FreeRadius servers are correct.  It just appears that PfSense Captive Portal has problems authenticating a large user network and some MAC address will not get checked - thus I have been having to put some users in the PfSense MAC pass-through.  (Again - I have verified everything I can think of many many times).  I suspect my problems are a potential but with PfSense CP.  Thus the reason I am asking my above questions about stability and load handeling ability of OpnSense Captive Portal.

Note - I hope and with the programming staff for OpnSense and all users using OpnSense great success with this new platform

I look forward to your responses - thank you

North Idaho Tom Jones