Topics

1

17.7 Legacy Series / How to use freeradius as radius server for the captive portal?

« on: October 19, 2017, 08:26:44 pm »

I have installed the freeradius plugin and so far it is working fine. I can access the radius server from devices in my LAN and have them authenticated.

Now I want to setup a captive portal and want the captive portal to use the internal radius server for authentication.

So I created an internal radius server in System/Access/Servers and gave it the address 127.0.0.1 for the local host.

Afterwards, I have said internal radius server available in:
"Captive Portal"/"Edit Zone"/"Authenticate using"

However, the internal radius server does not do what I want. When I do a test in System/Access/Testers I do not get a reply.

How do I have to set up an internal radius server in System/Access/Servers so that I can use the freeradius server which is already installed?

2

17.7 Legacy Series / [Solved] Captive portal for VLAN interface only?

« on: October 13, 2017, 07:53:25 pm »

I have read several posts in the OPNsense fora that people created a dedicated captive portal for one VLAN only, e.g. only for a Guest VLAN.

How can I do this? I have created a VLAN interface on the LAN interface. When I want to create a zone, the listbox for the interface only offers LAN. I can not find the VLAN interface I created before.

3

17.7 Legacy Series / [SOLVED] Continually locked out from WAN interface

« on: October 12, 2017, 09:51:13 pm »

I am continuously facing the problem that I am locked out from the WAN interface. After some analysis I found that only TCP:S passes through the firewall, all other TCP packets with other flags set will be blocked, have a look at the screenshot.

I tried some of the TCP flag settings, "any flag", ticking some flags, but without result. No matter what I do, only TCP:S passes.

I also clicked the green arrow in the log to add an "easy rule" to let the blocked TCP packets pass. Rules were added, however, they do not seem to have any effect.

I am using OPNsense-17.7-OpenSSL-nano-i386.img, fresh install.

What can I do for further analysis?

4

17.7 Legacy Series / Logging freeradius actions

« on: October 12, 2017, 07:07:00 am »

I have installed the freeradius plugin and so far everything seems to work fine.

I would like to trace radius authentication in more detail. In particular, I want to know details about unauthorised authentication attempts.

Is there a way to log the combination of user name and MAC address which is used for an authentication attempt? I think it might be in the logfile.

Can I log radius activities via the GUI?

Or can I inspect the radius logfile via the GUI (or via a convenient api call ;-) )?

Is there a way to backup the radius logfiles for later analysis?

It would be extremely convenient to have them emailed regularly but it would also be fine to backup them regularly on google drive, preferably encrypted.

5

17.7 Legacy Series / [solved] Send radius configuration files from an external server.

« on: October 08, 2017, 08:43:38 pm »

I would like to manage freeradius configuration files on my computer in the office and then send it to the OPNsense appliance. In particular I want to do the user management in the office with a nice graphical user interface.

What is the most convenient way to send a new users.conf automatically (without logging into the GUI every time) to the OPNsense appliance?

Can I use ftp to place RADIUS configuration files, e.g. users.conf files on the firewall or to read it in from there? There are only 4 hits for ftp in the documentation and none of the results seems to match.

6

17.7 Legacy Series / [SOLVED] Serial console issues

« on: September 28, 2017, 09:16:11 am »

I have installed OPNsense-17.7-OpenSSL-nano-i386 and it seems that the system is booting properly.

When the system is booting, I can see all messages properly and after some time I arrive at the login prompt. However, I can not send characters to login. I have to press some keys three or four times before the correct letter appears and some keys do not seem to work at all. Hence, I can not log in and got stuck at this point.

1) Does anybody know, which settings are expected by the serial console of OPNsense?

2) Does anybody know a terminal for Ubuntu which will work "out-of-the-box" (or which is at least easily configurable with the correct settings)?

3) Is there an alternative for login? I can see that one of the boxes interfaces has requested and received an IP-address, however, it will not respond to an SSH request or to an HTTP request to that interface.

I use an ALIX 2D3 board as OPN appliance and try to login via serial console from an Ubuntu 16.04 PC.

My settings for the serial terminal are:
Baudrate: 115200
Data bits: 8
Stop bits: 1
Parity: None
Flow control: XON/XOFF

I have tried the graphical PuTTY client and 'screen" on the CLI. In both cases I can not send data correctly.

Thanks a lot for your help

Markus