Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Captive portal MAC address clone
« previous
next »
Print
Pages: [
1
]
Author
Topic: Captive portal MAC address clone (Read 7561 times)
ackahforson
Newbie
Posts: 15
Karma: 0
Captive portal MAC address clone
«
on:
March 10, 2017, 05:52:14 pm »
Hello,
Captive portal logs devices with the mac address of the wifi repeater (dd-wrt on linksys WRT54G) instead of clients pc or phone mac. DHCP however assigns captures real MAC of devices with the IP leases. This forces the clients to re-login multiple times in the day, especially when they move from a repeater to another. Is this normal behavior or a bug?
below is my network topography
Internet
|
OPNsense Router
| |
(LAN
no DHCP
) (WIFI
with DHCP
)
192.168.3.0/24 192.168.4.0/24
| |
CLIENT PC's (static IPS) Repeaters x 3
|
CLIENT PC's
The LAN (WIRED) network is connected to a switch with an already existing network DHCP enabled 172...... so enabling DHCP on that network posses a lot of discomfort for both networks as no one can tell where the address will be issued from.
Any help with the repeaters masking the mac address of the clients is greatly appreciated. I am also open to suggestions concerning optimizing my network setup.
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: Captive portal MAC address clone
«
Reply #1 on:
March 10, 2017, 08:15:17 pm »
Your repeater may be a routing device which is forwarding your traffic (and not a fully transparent bridge). Note that DHCP has a field containing a forwarding device.
Logged
ackahforson
Newbie
Posts: 15
Karma: 0
Re: Captive portal MAC address clone
«
Reply #2 on:
March 10, 2017, 08:23:46 pm »
Thank you for the response . Could you please clarify:
Quote from: fabian on March 10, 2017, 08:15:17 pm
.... Note that DHCP has a field containing a forwarding device.
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: Captive portal MAC address clone
«
Reply #3 on:
March 10, 2017, 08:33:30 pm »
You have two networks attached on your repeater. One is connected to your OPNsense WLAN and one is another WLAN but in another Network and the device is routing between the networks. In this case, the DHCP packets will not be sent to your DHCP server and a forwarder is required. This is not required if the two wireless cards are bridged. The first case would explain the thing with the changed MAC address.
Logged
ackahforson
Newbie
Posts: 15
Karma: 0
Re: Captive portal MAC address clone
«
Reply #4 on:
March 10, 2017, 08:53:09 pm »
If I may,
1. OPNsense wifi network (on board wifi card 192.168.4.1) is running a DHCP server
2. SSID of OPNsense onboard wifi is being repeated by LinksysWRT54G running dd-wrt in repeater bridge mode.
3. Clients connecting to OPNsense wifi network and the repeater bridge signal both receive unique IP addresses from the DHCP pool.
4. In Services>DHCP>leases , I see all connected clients (both via repeater and direct AP link) with their unique IP and MAC addresses.
5. However only in Captive Portal do I see the clients MAC replaced with the repeaters MAC
I do not know if its relevant but, I was earlier having issues with captive portal login for the wifi interface due to very short session timeouts (apparently an issue in parsing the mac addresses), A patch (opnsense-patch 3151c87) was applied to remedy the situation.
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: Captive portal MAC address clone
«
Reply #5 on:
March 10, 2017, 09:07:24 pm »
In this case your repeater seems to rewrite the frame header addresses, which makes sense in case of wireless (so OPNsense sends the frames back to the repeater which can send the data to the hosts). You should check the ARP and NDP cache on OPNsense, the repeater and your host.
Logged
ackahforson
Newbie
Posts: 15
Karma: 0
Re: Captive portal MAC address clone
«
Reply #6 on:
March 10, 2017, 09:18:32 pm »
Thank you very much for the insight. Will update when I return to the site.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Captive portal MAC address clone