Menu
▾
▴
Re: [PacketFence-users] Packetfence rejects requests from pfSense openVPN
|
From: Durand f. <fd...@in...> - 2020-03-19 00:34:10
|
Try with the Catalyst_2960 switch module instead of the generic one Le 20-03-18 à 20 h 23, Zacharry Williams via PacketFence-users a écrit : > Not sure if it's supported as it's not in the device config guide. But > that doesn't mean it's not possible. I think you'd have to make a > different connection profile though. > > On Wed, Mar 18, 2020, 11:39 AM Christian Hillebrand via > PacketFence-users <pac...@li... > <mailto:pac...@li...>> wrote: > > Hi, > > At the moment I am testing the user authorization of requests > coming from my openVPN server which is part of my pfSense machine. > > I added the pfSense machine as a “Generic” Switch and enabled CLI > Access. > > However when I am testing the access, I am rejected with the > following log output: > > Mar 18 17:27:09 localhost packetfence_httpd.aaa: httpd.aaa(1667) > INFO: [mac:10:25:51:14:10:10] handling radius autz request: from > switch_ip => (10.0.1.1), connection_type => CLI-Access,switch_mac > => (00:1b:21:bc:e2:14), mac => [10:25:51:14:10:10], port => 41010, > username => "<USER>" (pf::radius::authorize) > Mar 18 17:27:09 localhost packetfence_httpd.aaa: httpd.aaa(1667) > WARN: [mac:10:25:51:14:10:10] (10.0.1.1) Sending REJECT since > switch is unsupported (pf::radius::_switchUnsupportedReply) > > Setup: > > pfSense is configured to use packetfence as a radius > authentication server. > > I configured packetfence to work as a radius server providing > access to my unifi based network. To achieve this I configured an > AD as my authentication source. In the authentication source I > added three accept rules, each handling users of one of my three > “access groups”. > > However if it is possible I want to achieve, that only the users > of the first group are accepted when they request VPN access. > > Each of the access groups is getting access to my (internal) > network on a different VLAN, which is assigned by packetfence via > a role. > > So I have two questions: > > Is the setup which I described even possible? > > Is pfSense not supported? Or did I mess up the config? > > _______________________________________________ > PacketFence-users mailing list > Pac...@li... > <mailto:Pac...@li...> > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > _______________________________________________ > PacketFence-users mailing list > Pac...@li... > https://lists.sourceforge.net/lists/listinfo/packetfence-users |
