[PacketFence-users] Captive portal does not connect to internet in inline mode

Pedro,

Post by Pedro Paez
Sep 26 09:30:35 redir.cgi(0) INFO: xx:xx:xx:xx:xx being redirected
(ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_
redir_2ecgi::handler)
Sep 26 09:30:35 redir.cgi(0) INFO: MAC xx:xx:xx:xx:xx shouldn't reach here.
Calling access re-evaluation. Make sure your network device configuration is
correct.
(ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2
ecgi::handler)
Sep 26 09:30:35 redir.cgi(0) INFO: re-evaluating access for node xx:xx:xx:xx:xx
(redir.cgi called) (pf::enforcement::reevaluate_access)
Sep 26 09:30:35 redir.cgi(0) WARN: Can't re-evaluate access for mac
xx:xx:xx:xx:xx because no open locationlog entry was found
(pf::enforcement::reevaluate_access)

That error is triggered because your node is still reaching the portal
while registered in PacketFence. The root cause can be multiple.

What version of PF are you using?

Thanks.

--
Francois Gaudreault, ing. jr
***@inverse.ca :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)

Pedro Páez

2012-09-27 06:29:42 UTC

I am using version 3.5.1 on debian squeeze.

That error is triggered because your node is still reaching the portal
while registered in PacketFence. The root cause can be multiple.
What version of PF are you using?
Thanks.

Francois Gaudreault

2012-09-27 13:59:32 UTC

Hi,

I had a second look to your log output, can you make sure the
pfdhcplistener deamon is running and working for your inline interface?

Post by Pedro Paez
Sep 26 09:30:35 redir.cgi(0) WARN: Can't re-evaluate access for mac
xx:xx:xx:xx:xx because no open locationlog entry was found
(pf::enforcement::reevaluate_access)

Thanks.

Post by Pedro PÃ¡ez
I am using version 3.5.1 on debian squeeze.

That error is triggered because your node is still reaching the portal
while registered in PacketFence. The root cause can be multiple.
What version of PF are you using?
Thanks.

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
http://ad.doubleclick.net/clk;258768047;13503038;j?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________
PacketFence-users mailing list
https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
Francois Gaudreault, ing. jr
***@inverse.ca :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)

Pedro Páez

2012-09-27 14:25:16 UTC

Hi,

I think it is running on eth0 and eth1, looking the log is:

# cat /usr/local/pf/logs/packetfence.log | grep dhcplistener
[...]
Sep 27 16:13:54 pfcmd(4405) INFO: /usr/local/pf/sbin/pfdhcplistener
status (pf::services::service_ctl)
Sep 27 16:13:54 pfcmd(4405) INFO: pfdhcplistener pids eth1 => 4419, eth0
=> 4421 (pf::services::service_ctl)

Web service also shows pfdhcplistener running with the same pids.
However, I do not know if I can look elsewhere...

Thanks!

Post by Francois Gaudreault
Hi,
I had a second look to your log output, can you make sure the
pfdhcplistener deamon is running and working for your inline interface?

Post by Pedro Paez
Sep 26 09:30:35 redir.cgi(0) WARN: Can't re-evaluate access for mac
xx:xx:xx:xx:xx because no open locationlog entry was found
(pf::enforcement::reevaluate_access)

Thanks.

Post by Pedro PÃ¡ez
I am using version 3.5.1 on debian squeeze.

That error is triggered because your node is still reaching the portal
while registered in PacketFence. The root cause can be multiple.
What version of PF are you using?
Thanks.

--
Pedro F. Páez
Redes y Comunicaciones (CTSI)
Tlf. 868071090
Universidad Politécnica de Cartagena
------------------------------------

Pedro Páez

2012-10-02 08:06:44 UTC

Hi Francois,

I still having the same problem, but I have noticed that if I restart
the service after authentication (service packetfence stop|start), then
the computer client can access internet properly. I do not know if it
canhelp...

Thanks.

Pedro

Post by Pedro PÃ¡ez
Hi,
# cat /usr/local/pf/logs/packetfence.log | grep dhcplistener
[...]
Sep 27 16:13:54 pfcmd(4405) INFO: /usr/local/pf/sbin/pfdhcplistener
status (pf::services::service_ctl)
Sep 27 16:13:54 pfcmd(4405) INFO: pfdhcplistener pids eth1 => 4419, eth0
=> 4421 (pf::services::service_ctl)
Web service also shows pfdhcplistener running with the same pids.
However, I do not know if I can look elsewhere...
Thanks!

Post by Francois Gaudreault
Hi,
I had a second look to your log output, can you make sure the
pfdhcplistener deamon is running and working for your inline interface?

Post by Pedro Paez
Sep 26 09:30:35 redir.cgi(0) WARN: Can't re-evaluate access for mac
xx:xx:xx:xx:xx because no open locationlog entry was found
(pf::enforcement::reevaluate_access)

Thanks.

Post by Pedro PÃ¡ez
I am using version 3.5.1 on debian squeeze.

That error is triggered because your node is still reaching the portal
while registered in PacketFence. The root cause can be multiple.
What version of PF are you using?
Thanks.

--
Pedro F. Páez
Redes y Comunicaciones (CTSI)
Tlf. 868071090
Universidad Politécnica de Cartagena
------------------------------------

Francois Gaudreault

2012-10-02 15:11:05 UTC

Hola Pedro,

Are you sure you are using the Inline mode? You have an interface in
your pf.conf saying "enforcement=inline" ?

Post by Pedro PÃ¡ez
Hi Francois,
I still having the same problem, but I have noticed that if I restart
the service after authentication (service packetfence stop|start), then
the computer client can access internet properly. I do not know if it
canhelp...
Thanks.
Pedro

Post by Francois Gaudreault
Hi,
I had a second look to your log output, can you make sure the
pfdhcplistener deamon is running and working for your inline interface?

Post by Pedro Paez
Sep 26 09:30:35 redir.cgi(0) WARN: Can't re-evaluate access for mac
xx:xx:xx:xx:xx because no open locationlog entry was found
(pf::enforcement::reevaluate_access)

Thanks.

Post by Pedro PÃ¡ez
I am using version 3.5.1 on debian squeeze.

That error is triggered because your node is still reaching the portal
while registered in PacketFence. The root cause can be multiple.
What version of PF are you using?
Thanks.

--
Francois Gaudreault, ing. jr
***@inverse.ca :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)

Pedro Páez

2012-10-02 18:13:43 UTC

Yes, you can see pf.conf & network.conf in the text of first message I sent yo the list.

Thanks!!

Post by Francois Gaudreault
Hola Pedro,
Are you sure you are using the Inline mode? You have an interface in
your pf.conf saying "enforcement=inline" ?

Post by Francois Gaudreault
Hi,
I had a second look to your log output, can you make sure the
pfdhcplistener deamon is running and working for your inline interface?

Post by Pedro Paez
Sep 26 09:30:35 redir.cgi(0) WARN: Can't re-evaluate access for mac
xx:xx:xx:xx:xx because no open locationlog entry was found
(pf::enforcement::reevaluate_access)

Thanks.

Post by Pedro PÃ¡ez
I am using version 3.5.1 on debian squeeze.

That error is triggered because your node is still reaching the portal
while registered in PacketFence. The root cause can be multiple.
What version of PF are you using?
Thanks.

--
Francois Gaudreault, ing. jr
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
PacketFence-users mailing list
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Francois Gaudreault

2012-10-02 19:28:48 UTC

Right,

Sorry about that :) When using Inline, the locationlog is opened when
we see DHCP traffic on the Inline interface. There is no other way to
open the locationlog. DO you see the DHCPREQUEST log in the
packetfence.log for your client mac?

Post by Pedro PÃ¡ez
Yes, you can see pf.conf & network.conf in the text of first message I sent yo the list.
Thanks!!

Post by Francois Gaudreault
Hola Pedro,
Are you sure you are using the Inline mode? You have an interface in
your pf.conf saying "enforcement=inline" ?

Post by Francois Gaudreault
Hi,
I had a second look to your log output, can you make sure the
pfdhcplistener deamon is running and working for your inline interface?

Post by Pedro Paez
Sep 26 09:30:35 redir.cgi(0) WARN: Can't re-evaluate access for mac
xx:xx:xx:xx:xx because no open locationlog entry was found
(pf::enforcement::reevaluate_access)

Thanks.

Post by Pedro PÃ¡ez
I am using version 3.5.1 on debian squeeze.

That error is triggered because your node is still reaching the portal
while registered in PacketFence. The root cause can be multiple.
What version of PF are you using?
Thanks.

------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
PacketFence-users mailing list
https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
Francois Gaudreault, ing. jr
***@inverse.ca :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)

Pedro Páez

2012-10-03 07:53:16 UTC

OK, I looked at the log and I did not found these entries, but I think I
found where the problem is.

After successful authentication, the client did not send the
DHCPREQUEST. I tried to renew DHCP by hand and it worked properly. Is
there any way for a successful authentication force a DHCP renewal?

Post by Francois Gaudreault
Right,
Sorry about that :) When using Inline, the locationlog is opened when we see DHCP traffic on the Inline interface. There is no other way to open the locationlog. DO you see the DHCPREQUEST log in the packetfence.log for your client mac?

--
Pedro F. Páez
Redes y Comunicaciones (CTSI)
Tlf. 868071090
Universidad Politécnica de Cartagena
------------------------------------

Francois Gaudreault

2012-10-04 17:56:10 UTC

If you don't see those, it means that the dhcplistener daemon is not
running properly.

If you run a tcpdump, do you see the DHCP traffic?

Post by Pedro PÃ¡ez
OK, I looked at the log and I did not found these entries, but I think I
found where the problem is.
After successful authentication, the client did not send the
DHCPREQUEST. I tried to renew DHCP by hand and it worked properly. Is
there any way for a successful authentication force a DHCP renewal?

ervice_ct
l)>>>> Sep 27 16:13:54 pfcmd(4405) INFO: pfdhcplistener pids eth1 => 4419, eth0>>>> => 4421 (pf::services::service_ctl)>>>>>>>> Web service also shows pfdhcplistener running with the same pids.>>>> However, I do not know if I can look elsewhere...>>>>>>>> Thanks!>>>>>>>> On 27/09/12 15:59, Francois Gaudreault wrote:>>>>> Hi,>>>>>>>>>> I had a second look to your log output, can you make sure the>>>>> pfdhcplistener deamon is running and working for your inline interface?>>>>>>>>>>>>> Sep 26 09:30:35 redir.cgi(0) WARN: Can't re-evaluate access for mac>>>>>>>> xx:xx:xx:xx:xx because no open locationlog entry was found>>>>>>>> (pf::enforcement::reevaluate_access)>>>>>>>>>> Thanks.>>>>>>>>>> On 2012-09-27 2:29 AM, Pedro Páez wrote:>>>>>> I am using version 3.5.1 on debian squeeze.>>>>>>>>>>>>> Pedro,>>>>>>>>>>>>>>> I am getting the following error when I log into the captive portal:>>>>>>>>>>>>>>>> Sep 26 09:30:35 redir.cgi(0) INFO: xx:xx:xx:xx:xx being redirected>>>>>>>> (ModPe
rl::ROOT:
:ModPerl::PerlRun::usr_local_pf_html_captive_2dporta