Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - Ophion

Pages: [1]
1
Captive Portal / Failed basic FreeRADIUS and Captive portal setup
« on: February 09, 2018, 10:16:56 am »
The Subject title may look trivial and repeated, also you might think this is another ordinary issue about setting up FreeRADIUS + Captive portal. All I can assure is I've been testing the steps used to setup the configuration very carefully and still can't find a solution. That's why I am here. I have collected several screenshot images in order to provide further info.


Software version:
------------------------------------------------------------------------------------
pfSense         2.4.2-RELEASE
freeradius3    0.15.4                            (Packet Manager)


Summary: My boss asked me to setup a wireless hotspot at the company I currently work. I have been using pfSense for a couple years and I also was working in an institution that had a RADIUS server + pfSense + Portal captive service. The difference there was the RADIUS server runs under Windows Server so all I have to do is replace Windows Server RADIUS for FreeRADIUS embedded on pfSense (packet freeradius3 v0.15.4). My next step was gathering some info about this settup and surprisingly for me I found some videos on YouTube about doing this. The videos are https://www.youtube.com/watch?v=qCTsyW65WbA and https://www.youtube.com/watch?v=qCTsyW65WbA. The configuration in both is very straight forward and fast, my opinion though.


Technical information:
----------------------------------------------------------------------------------------------------------------------------------------
- IPv4 for pfSense: WAN 10.10.10.253 and LAN 10.10.11.254   (LAN interface will be named WIFI)
- IPv4 for FreeRADIUS: 10.10.11.254 (running on pfSense)
- DHCP enabled and tested correctly on WIFI interface 10.10.11.10 - 10.10.11.230

** Before installing freeradius3 and trying to set up the captive portal, devices from WIFI network were able to reach every (rules) service on main subnet such as jabber (XMPP), POP3, SMTP, etc...

Network schema



After installing freeradius3 (System -> Packet Manager) and configure it following the YouTube tutorials before mentioned I got no response when trying to access any site. I mean, no Captive portal was prompted. So I decided to start diagnosis doing port test (Diagnostics -> Test port).

This is the response for FreeRADIUS (1812) availability check. I don't know if pfSense performs this action using TCP or UDP or both, so I also tried using PortQryUI which allows doing boths and still got nothing. This is the output from pfSense Test port.



As the picture shows, pfSense can't find any open port for 1812, however in dashboard says radiusd (FreeRADIUS server) service is running. Finally I found in System -> Packet Manager that Installed packets was showing an unusual warning. I have to say that I tried with the IPv4 addresses 127.0.0.1 10.10.11.254 and 10.10.10.253 for testing the port.



During the freeradius3 packet installation I got no problem, no warning, even saw Success at the end of installation. I have deleted the packet, installed again, reinstalled the pfSense OS and started again and still the freeradius3 issue persists. Is there a problem with this packet or it is just me? The topic says FreeRADIUS and Captive Portal by I guess the problem lies in freeradius3 packet.

2
Firewalling / [SOLVED] pfSense with a rare networking issue
« on: November 20, 2017, 01:43:59 pm »
I had a pfSense server running on Proxmox, the physical server was a HP Proliant ML350 Gen9 with 3 NICs. One for WAN, another for LAN and the last one for a subnet called SERVERS. After finishing the pfSense installation, from LAN, I was able to access internet without any further configuration. The problem was between LAN and SERVERS subnet. From LAN I'm able to PING on server (Proxy squid) but can't ping FreeNAS. However, pfSense can PING the FreeNAS. How can be this possible? Why can pfSense PING FreeNAS and can't forward my PING packets from LAN subnet? pfSense was created for that. I didn't config any rules nor NATing nor routing, all by default. And by default rules say allow LAN to ALL. I have only one WAN some I don't guess any additional routing rules should be add. My problem could be very low-detailed by I already posted it here (https://superuser.com/questions/1269104/pfsense-or-proxmox-with-a-rare-networking-issue) VERY DETAILED. Sorry for not repeating it in here but it is very large. I apologize for any inconvenience. Thanks in advance!

PS: I tested it on a different hardware (physical server) and got the same results. There are no switch in between, all connections are point-to-point type using regular UTP Cat5e wire.

EDIT: I'm seeing my post is being checked but nobody replies. Just let me know what you think. Is this alright for you? Something similar happened to you? Maybe this is not entirely wrong or maybe I'm having some concept mistakes. Why do you think firewall can PING the server and I'm not able to do the same thing. Thanks again in advance.

LAST EDIT: This issue has been solved by putting the same LAN default rules but on SERVERS tab and later setting pfSense (172.16.10.254) as firewall on every server. The "rare networking" issue was due to I defined a gateway for Proxy and Proxmox on Proxmox initial setup so I was getting an ICMP reply from both. This confused me because FreeNAS was unable to reply ICMP and both before were. Finally as I said was a simple mistake but the title I used for this post was first knowing the problem. Now I know what the problem was the title is not suitable.

Pages: [1]